WO2022047245 AUTOMATED APPLICATION VULNERABILITY AND RISK ASSESSMENT

Settings

Stemming

Single Family Member

Include NPL

Feedback

Goto Application

Publication Number WO/2022/047245

Publication Date 03.03.2022

International Application No. PCT/US2021/048077

International Filing Date 27.08.2021

IPC

CPC

View less classifications

Applicants

VIRSEC SYSTEMS, INC. [US]/[US]

Inventors

GUPTA, Satya, V.

Agents

MEAGHER, Timothy, J.
WAKIMURA, Mary, Lou
CARROLL, Alice, O.
BROOK, David, E.
SMITH, James, M.

Priority Data

202141002185	18.01.2021	IN
202141002208	18.01.2021	IN
63/071,113	27.08.2020	US
63/133,173	31.12.2020	US
63/155,464	02.03.2021	US
63/155,466	02.03.2021	US
63/190,099	18.05.2021	US

Publication Language English (en)

Filing Language English (EN)

Designated States

View all

Title

(EN) AUTOMATED APPLICATION VULNERABILITY AND RISK ASSESSMENT

(FR) ÉVALUATION AUTOMATISÉE DE LA VULNÉRABILITÉ ET DES RISQUES D'APPLICATIONS

Abstract

(EN) Embodiments assess security vulnerability of an application. An embodiment runs one or more static and dynamic analysis tools on the application to generate a static vulnerability report and a dynamic vulnerability report. In turn, code of the application is decompiled to identify code of the application that accepts user input. One or more vulnerabilities of the application are determined using the identified code of the application that accepts user input and a vulnerability report is generated that indicates the one or more vulnerabilities of the application determined using the identified code of the application that accepts user input. A final static vulnerability report and a final dynamic vulnerability report are generated based on the static and dynamic vulnerability reports and the generated vulnerability report indicating the one or more vulnerabilities of the application determined using the identified code of the application that accepts user input.

(FR) Des modes de réalisation évaluent la vulnérabilité à la sécurité d'une application. Un mode de réalisation exécute un ou plusieurs outils d'analyse statique et dynamique sur l'application afin de générer un rapport de vulnérabilité statique et un rapport de vulnérabilité dynamique. À son tour, le code de l'application est décompilé pour identifier un code de l'application qui accepte une entrée d'utilisateur. Une ou plusieurs vulnérabilités de l'application sont déterminées à l'aide du code identifié de l'application qui accepte une entrée d'utilisateur et un rapport de vulnérabilité est généré qui indique la ou les vulnérabilités de l'application déterminées à l'aide du code identifié de l'application qui accepte une entrée d'utilisateur. Un rapport de vulnérabilité statique final et un rapport de vulnérabilité dynamique final sont générés sur la base des rapports de vulnérabilité statique et dynamique et du rapport de vulnérabilité généré indiquant la ou les vulnérabilités de l'application déterminées à l'aide du code identifié de l'application qui accepte une entrée d'utilisateur.

Latest bibliographic data on file with the International Bureau

G	PHYSICS
06	COMPUTING; CALCULATING OR COUNTING
F	ELECTRIC DIGITAL DATA PROCESSING
21	Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50	Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55	Detecting local intrusion or implementing counter-measures
56	Computer malware detection or handling, e.g. anti-virus arrangements

G	PHYSICS
06	COMPUTING; CALCULATING OR COUNTING
F	ELECTRIC DIGITAL DATA PROCESSING
21	Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50	Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55	Detecting local intrusion or implementing counter-measures
56	Computer malware detection or handling, e.g. anti-virus arrangements

G	PHYSICS
06	COMPUTING; CALCULATING; COUNTING
F	ELECTRIC DIGITAL DATA PROCESSING
21	Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50	Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55	Detecting local intrusion or implementing counter-measures
56	Computer malware detection or handling, e.g. anti-virus arrangements
562	Static detection

G	PHYSICS
06	COMPUTING; CALCULATING; COUNTING
F	ELECTRIC DIGITAL DATA PROCESSING
21	Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50	Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55	Detecting local intrusion or implementing counter-measures
56	Computer malware detection or handling, e.g. anti-virus arrangements
566	Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities

G	PHYSICS
06	COMPUTING; CALCULATING; COUNTING
F	ELECTRIC DIGITAL DATA PROCESSING
21	Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50	Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
57	Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
577	Assessing vulnerabilities and evaluating computer system security

Processing

National Phase Entries

Authority File

Settings

Feedback

Goto Application

1. WO2022047245 - AUTOMATED APPLICATION VULNERABILITY AND RISK ASSESSMENT