发明名称 |
VERIFYING APPLICATION SECURITY VULNERABILITIES |
摘要 |
Verifying application security vulnerabilities includes receiving a source code to analyze, performing a static analysis using the received source code and generating a vulnerability call trace for the received source code. Responsive to a determination that all static analysis results are not validated, mock objects are generated using the vulnerability call trace and a unit test is created using the generated mock objects. The unit test is executed using the generated mock objects and responsive to a determination that an identified vulnerability was validated; a next static analysis result is selected. Responsive to a determination that all static analysis results are validated, results and computed unit tests are reported.
|
申请公布号 |
US2013312102(A1) |
申请公布日期 |
2013.11.21 |
申请号 |
US201313888827 |
申请日期 |
2013.05.07 |
申请人 |
INTERNATIONAL BUSINESS MACHINES CORPORATION |
发明人 |
BRAKE NEVON C.;IONESCU PAUL;ONUT IOSIF VIOREL;PEYTON, JR. JOHN T.;SMITH WAYNE DUNCAN |
分类号 |
G06F21/57 |
主分类号 |
G06F21/57 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|