<p>An illustrative embodiment of a computer-implemented process for verifying application security vulnerabilities receives a source code to analyze, performs a static analysis using the received source code and generates a vulnerability call trace for the received source code. Responsive to a determination that all static analysis results are not validated, mock objects are generated using the vulnerability call trace and a unit test is created using the generated mock objects. The unit test is executed using the generated mock objects and responsive to a determination that an identified vulnerability was validated; a next static analysis result is selected. Responsive to a determination that all static analysis results are validated, results and computed unit tests are reported.</p>
申请公布号
CA2777434(A1)
申请公布日期
2013.11.18
申请号
CA20122777434
申请日期
2012.05.18
申请人
IBM CANADA LIMITED - IBM CANADA LIMITEE
发明人
IONESCU, PAUL;SMITH, WAYNE DUNCAN;ONUT, IOSIF VIOREL;BRAKE, NEVON CHRISTOPHER;PEYTON, JOHN THOMAS, JR.