Processing

Please wait...

Settings

Settings

Goto Application

1. WO2022047245 - AUTOMATED APPLICATION VULNERABILITY AND RISK ASSESSMENT

Publication Number WO/2022/047245
Publication Date 03.03.2022
International Application No. PCT/US2021/048077
International Filing Date 27.08.2021
IPC
G06F 21/56 2013.1
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
56Computer malware detection or handling, e.g. anti-virus arrangements
CPC
G06F 21/562
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
56Computer malware detection or handling, e.g. anti-virus arrangements
562Static detection
G06F 21/566
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
56Computer malware detection or handling, e.g. anti-virus arrangements
566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
G06F 21/577
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
577Assessing vulnerabilities and evaluating computer system security
G06F 2221/033
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
2221Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
033Test or assess software
G06F 2221/034
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
2221Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
034Test or assess a computer or a system
Applicants
  • VIRSEC SYSTEMS, INC. [US]/[US]
Inventors
  • GUPTA, Satya, V.
Agents
  • MEAGHER, Timothy, J.
  • WAKIMURA, Mary, Lou
  • CARROLL, Alice, O.
  • BROOK, David, E.
  • SMITH, James, M.
Priority Data
20214100218518.01.2021IN
20214100220818.01.2021IN
63/071,11327.08.2020US
63/133,17331.12.2020US
63/155,46402.03.2021US
63/155,46602.03.2021US
63/190,09918.05.2021US
Publication Language English (en)
Filing Language English (EN)
Designated States
Title
(EN) AUTOMATED APPLICATION VULNERABILITY AND RISK ASSESSMENT
(FR) ÉVALUATION AUTOMATISÉE DE LA VULNÉRABILITÉ ET DES RISQUES D'APPLICATIONS
Abstract
(EN) Embodiments assess security vulnerability of an application. An embodiment runs one or more static and dynamic analysis tools on the application to generate a static vulnerability report and a dynamic vulnerability report. In turn, code of the application is decompiled to identify code of the application that accepts user input. One or more vulnerabilities of the application are determined using the identified code of the application that accepts user input and a vulnerability report is generated that indicates the one or more vulnerabilities of the application determined using the identified code of the application that accepts user input. A final static vulnerability report and a final dynamic vulnerability report are generated based on the static and dynamic vulnerability reports and the generated vulnerability report indicating the one or more vulnerabilities of the application determined using the identified code of the application that accepts user input.
(FR) Des modes de réalisation évaluent la vulnérabilité à la sécurité d'une application. Un mode de réalisation exécute un ou plusieurs outils d'analyse statique et dynamique sur l'application afin de générer un rapport de vulnérabilité statique et un rapport de vulnérabilité dynamique. À son tour, le code de l'application est décompilé pour identifier un code de l'application qui accepte une entrée d'utilisateur. Une ou plusieurs vulnérabilités de l'application sont déterminées à l'aide du code identifié de l'application qui accepte une entrée d'utilisateur et un rapport de vulnérabilité est généré qui indique la ou les vulnérabilités de l'application déterminées à l'aide du code identifié de l'application qui accepte une entrée d'utilisateur. Un rapport de vulnérabilité statique final et un rapport de vulnérabilité dynamique final sont générés sur la base des rapports de vulnérabilité statique et dynamique et du rapport de vulnérabilité généré indiquant la ou les vulnérabilités de l'application déterminées à l'aide du code identifié de l'application qui accepte une entrée d'utilisateur.
Latest bibliographic data on file with the International Bureau