Patent · US Active

Verifying application security vulnerabilities

US8935794B2 · kind B2 · utility

11Cited by

1References

20Claims

0Family size

Assignee

International Business Machines Corporation · US

Inventors

Nevon C. Brake · Gatineau, CA
Paul Ionescu · Gatineau, CA
Iosif V. Onut · Gatineau, CA
John Peyton · Arlington, US
Wayne Duncan Smith · Gatineau, CA

Key dates

Filing date	May 7, 2013
Grant date	Jan 13, 2015
Priority date	—
Expiry date	Jun 22, 2033

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/577
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Verifying application security vulnerabilities includes receiving a source code to analyze, performing a static analysis using the received source code and generating a vulnerability call trace for the received source code. Responsive to a determination that all static analysis results are not validated, mock objects are generated using the vulnerability call trace and a unit test is created using the generated mock objects. The unit test is executed using the generated mock objects and responsive to a determination that an identified vulnerability was validated; a next static analysis result is selected. Responsive to a determination that all static analysis results are validated, results and computed unit tests are reported.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.