Static application security testing,申请号US201313932388-传众专利搜索

首页产品黄页商标征信

会员服务注册登录

法人/股东/高管

发明名称	Static application security testing
摘要	Methods, systems, and computer-readable storage media for analyzing source code of an application. In some implementations, actions include determining a control flow graph of the application using the source code of the application; determining a plurality of source-sink pairs of exploitable data sources and exploitable data sinks; and determining, for each source-sink pair, whether the source-sink pair is potentially exploitable by: determining one or more conditions under which the invoking procedure passes the exploitable data source to the exploitable data sink of the invoked procedure; and determining, using the control flow graph, whether the conditions are met in at least one possible context of the application, and if so, determining that the source-sink pair is potentially exploitable.
申请公布号	US8881293(B1)	申请公布日期	2014.11.04
申请号	US201313932388	申请日期	2013.07.01
申请人	SAP SE	发明人	Brucker Achim D.;Deuster Thomas
分类号	G06F15/00;G06F21/57	主分类号	G06F15/00
代理机构	Fish & Richardson P.C.	代理人	Fish & Richardson P.C.
主权项	1. A computer-implemented method for analyzing source code of an application, the method being executed using one or more processors and comprising: determining a control flow graph of the application using the source code of the application, wherein the control flow graph includes a plurality of procedure nodes each representing a respective procedure of the application and a plurality of edges connecting procedures nodes, each edge representing an invocation of one connected node's respective procedure by the other connected node's respective procedure; determining a plurality of source-sink pairs of exploitable data sources and exploitable data sinks, each source-sink pair comprising a respective exploitable data source passed from a respective invoking procedure to a respective exploitable data sink of a respective invoked procedure; and determining, for each source-sink pair, whether the source-sink pair is potentially exploitable by: determining one or more conditions under which the invoking procedure passes the exploitable data source to the exploitable data sink of the invoked procedure; anddetermining, using the control flow graph, whether the conditions are met in at least one possible context of the application, and if so, determining that the source-sink pair is potentially exploitable.
地址	Walldorf DE

您可能感兴趣的专利

AUTO BEVERAGE VENDING MACHINE

DISK RECORDING-REPRODUCING EQUIPMENT

MAGNETIC RECORDING MEDIUM

METHOD AND DEVICE FOR DISPLAYING MOLECULAR STRUCTURE CHART

CARD POPPING-OUT DEVICE

LATTICE FORMATION METHOD

WIRING BOARD DESIGNING DEVICE

FAN OUT ALLOCATION METHOD

DEVICE AND METHOD FOR RETRIEVING NATURAL LANGUAGE INSTANCE

NEURAL ARITHMETIC UNIT

COMMUNICATION CONTROL METHOD USING CONTENTION SYSTEM

DATA ACCESS METHOD FOR DISTRIBUTED DATA BASE AND DEVICE THEREFOR

IMAGE PROCESSOR AND CONTROL METHOD FOR IMAGE PROCESSOR

BATCH TRANSFER METHOD OF PARALLEL COMPUTER SYSTEM

COUNTER FOR MONITORING NUMBER OF OPERATIONS OF INDUCTION MOTOR

POINTING DEVICE FOR HANDICAPPED PERSON

CHARACTER SEGMENTING METHOD

METHOD FOR PROCESSING INSTANCE BASE

IMAGE FORMATION SYSTEM, IMAGE FORMING DEVICE, AND INFORMATION PROCESSOR AND ITS CONTROL METHOD

POSITION CONTROLLER