Discovery of application vulnerabilities involving multiple execution flows

摘要

Methods and systems for security analysis of an application are disclosed. One system includes a flow-insensitive analyzer, a control flow assessment module and a flow-sensitive analyzer. The flow-insensitive analyzer is configured to conduct a flow-insensitive analysis on the application to obtain a set of potential vulnerabilities in the application. In addition, the control flow assessment module is configured to determine, for each of the potential vulnerabilities, a relevant set of control flows that include the respective vulnerability. Further, the flow-sensitive analyzer is configured to perform, by a hardware processor, for each relevant set of control flows, a flow-sensitive analysis of at least one of the control flows in the corresponding relevant set to assess the validity of the respective vulnerability.

主权项

1. A system for security analysis of an application comprising:
a flow-insensitive analyzer configured to conduct, by a hardware processor, a flow-insensitive analysis on the application to obtain a set of potential vulnerabilities in the application without being sensitive to control restrictions on ordering between a serve call and sink call; a control flow assessment module configured to determine, by a hardware processor, for each of the potential vulnerabilities, a relevant set of control flows that include the respective vulnerability; and a flow-sensitive analyzer configured to perform, by a hardware processor, for each relevant set of control flows, a flow-sensitive analysis of at least one of the control flows in the corresponding relevant set to assess a validity of the respective vulnerability, wherein the flow sensitive analysis is analyzing instructional order and structure of a series of data in the control flows from the serve call to the sink call between at least two servlets in assessing the validity of the respective vulnerability.