Static analysis of vulnerabilities in application packages
US10242200B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | Mar 4, 2016 |
| Grant date | Mar 26, 2019 |
| Priority date | — |
| Expiry date | Mar 4, 2036 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/033
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Apparatus and methods are disclosed herein for analyzing computer programs for potential security vulnerabilities. In one computer-implemented embodiment of the disclosed technology, a method includes analyzing a package for an application (e.g., a mobile device application package) by disassembling at least a portion of executable code associated with the application, searching for a pattern associated with a potentially vulnerably function or method, and, if the function or method is defined, then analyzing disassembled code for the function to determine whether a vulnerability is present. In some examples, a number of packages are stored in an application store database and scanned periodically to statically analyze the package for vulnerabilities.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.