Abstract: The present system includes a computer-networked system that allows mobile subscribers, and others, to submit mobile applications to be analyzed for anomalous and malicious behavior using data acquired during the execution of the application within a highly instrumented and controlled environment for which the analysis relies on per-execution as well as comparative aggregate data across many such executions from one or more subscribers.

Abstract: In a binary patching system for alleviating security vulnerabilities in a binary representation of a software application, a binary code portion determined to be associated with a security vulnerability is replaced with a replacement binary code that can avoid such vulnerability without substantially changing the functionality of the code portion that was replaced. The replacement binary code can be selected based on properties and/or context of the code portion to be replaced.

Abstract: A system for automating login can determine if a web artifact, such as a web page, includes a login form, by identifying a password field, a user ID field, and a submit button or another element providing the functionality to submit credentials for authorization. Submission of user credentials may be emulated, and access to password protected areas can be ascertained, e.g., by identifying any element that permits signing out from the password protected area.

Abstract: In a system for detecting composite vulnerabilities associated with a process or a context, individual defects/vulnerabilities in a software system/application are identified and clustered into two or more classes of defects, where each class includes one or more defects of related types. Given a pattern of defects of different types, where the pattern represents a composite vulnerability, it is determined by searching in the clusters, if the software system/application includes all of the defects/vulnerabilities associated with that pattern.

Abstract: The present system includes a computer-networked system that allows mobile subscribers, and others, to submit mobile applications to be analyzed for anomalous and malicious behavior using data acquired during the execution of the application within a highly instrumented and controlled environment for which the analysis relies on per-execution as well as comparative aggregate data across many such executions from one or more subscribers.

Abstract: In system for enabling static vulnerability analysis of a software/web application that includes an indirectly modeled language portion and a directly modeled language portion, an indirectly modeled language information extractor select nodes of certain types from a syntax tree corresponding to the indirectly modeled language source code. Generally, the types of nodes that are selected are relevant to taint propagation. For one or more of the selected nodes, one or more statements corresponding to one or more of a type of the node, an input to the node, and an object associated with the node are generated. A static analyzer configured for a directly modeled language may perform vulnerability analysis of the software/web application using the generated statements.

Abstract: In a system for determining components of a software application from binary code thereof, one or more binary files are read without loading any component/object in the files in an execution environment that can execute the software application. A component in one of the files, designated as a primary component, is visited to identify a path specifying origin of a secondary component that is associated with the primary component, and the identified path is stored. Analysis of the path can indicate whether the secondary component is provided by the developer of the software application or by a different entity.

Abstract: In a binary patching system for alleviating security vulnerabilities in a binary representation of a software application, a binary code portion determined to be associated with a security vulnerability is replaced with a replacement binary code that can avoid such vulnerability without substantially changing the functionality of the code portion that was replaced. The replacement binary code can be selected based on properties and/or context of the code portion to be replaced.

Abstract: Presently described is a decompilation method of operation and system for parsing executable code, identifying and recursively modeling data flows, identifying and recursively modeling control flow, and iteratively refining these models to provide a complete model at the nanocode level. The nanocode decompiler may be used to determine if flaws, security vulnerabilities, or general quality issues exist in the code. The nanocode decompiler outputs in a standardized, human-readable intermediate representation (IR) designed for automated or scripted analysis and reporting. Reports may take the form of a computer annotated and/or partially human annotated nanocode listing in the above-described IR Annotations may include plain English statements regarding flaws and pointers to badly constructed data structures, unchecked buffers, malicious embedded code or “trap doors,” and the like. Annotations may be generated through a scripted analysis process or by means of an expert-enhanced, quasi-autonomous system.

Abstract: The techniques and supporting systems described herein provide a comprehensive and customizable approach to identifying the use of best practices during the design and development of software applications, as well as recommending additional enhancements or courses of action that may be implemented to further improve the application. Target software application code is received specific application security best practices applicable to the target software application are identified. Locations in the code where the various best practices ought to be implemented are then identified, and a determination is made whether the relevant best practices are implemented for each location. Finally, positive feedback is provided to the developers for what appears to be their correct implementation of best practices.

Abstract: A system for testing a software application receives one or more object spaces extracted from a development or runtime environment of the software application. The extracted object space includes information about various objects associated with the software application, its dependencies, and/or environment, and some of the objects may be dynamically created and/or modified. The extracted object space does not include any source code. A language dependent extraction component can extract the object space using introspections and/or reflection APIs. The extracted object can be translated into a language-independent format and can be analyzed to identify any vulnerabilities in the software application without access to the source code, compiled binary, and runtime environment of the software application.

Abstract: In a system for facilitating distributed security and vulnerability testing of a software application, each development sandbox in a set of sandboxes receives a portion of the entire application, and the received portion may be tested based on an application-level security policy to obtain a pass/fail result. The portion of the application corresponding to a certain sandbox may be modified and rescanned (i.e., retested) until the modifications, i.e., development achieves functional and quality requirements, and a pass result is obtained. Thereafter, the scan results are promoted to a policy sandbox, where a compliance result for the entire software application can be obtained based on, at least in part, the promoted results. Other sandboxes may also perform their respective pass/fail testing using the promoted results, thus minimizing the need for synchronizing the code changes in different sandboxes before testing for security policy in any sandbox and/or during application-level scanning.

Abstract: Security analysis and vulnerability testing results are “packaged” or “bound to” the actual software it describes. By linking the results to the software itself, downstream users of the software can access information about the software, make informed decisions about implementation of the software, and analyze the security risk across an entire system by accessing all (or most) of the reports associated with the executables running on the system and summarizing the risks identified in the reports.

Abstract: Presently described is a decompilation method of operation and system for parsing executable code, identifying and recursively modeling data flows, identifying and recursively modeling control flow, and iteratively refining these models to provide a complete model at the nanocode level. The nanocode decompiler may be used to determine if flaws, security vulnerabilities, or general quality issues exist in the code. The nanocode decompiler outputs in a standardized, human-readable intermediate representation (IR) designed for automated or scripted analysis and reporting. Reports may take the form of a computer annotated and/or partially human annotated nanocode listing in the above-described IR. Annotations may include plain English statements regarding flaws and pointers to badly constructed data structures, unchecked buffers, malicious embedded code or “trap doors,” and the like. Annotations may be generated through a scripted analysis process or by means of an expert-enhanced, quasi-autonomous system.

Abstract: Presently described is a decompilation method of operation and system for parsing executable code, identifying and recursively modeling data flows, identifying and recursively modeling control flow, and iteratively refining these models to provide a complete model at the nanocode level. The nanocode decompiler may be used to determine if flaws, security vulnerabilities, or general quality issues exist in the code. The nanocode decompiler outputs in a standardized, human-readable intermediate representation (IR) designed for automated or scripted analysis and reporting. Reports may take the form of a computer annotated and/or partially human annotated nanocode listing in the above-described IR. Annotations may include plain English statements regarding flaws and pointers to badly constructed data structures, unchecked buffers, malicious embedded code or “trap doors,” and the like. Annotations may be generated through a scripted analysis process or by means of an expert-enhanced, quasi-autonomous system.

Abstract: Security analysis and vulnerability testing results are “packaged” or “bound to” the actual software it describes. By linking the results to the software itself, downstream users of the software can access information about the software, make informed decisions about implementation of the software, and analyze the security risk across an entire system by accessing all (or most) of the reports associated with the executables running on the system and summarizing the risks identified in the reports.

Abstract: The techniques and supporting systems described herein provide a comprehensive and customizable approach to identifying the use of best practices during the design and development of software applications, as well as recommending additional enhancements or courses of action that may be implemented to further improve the application. Target software application code is received specific application security best practices applicable to the target software application are identified. Locations in the code where the various best practices ought to be implemented are then identified, and a determination is made whether the relevant best practices are implemented for each location. Finally, positive feedback is provided to the developers for what appears to be their correct implementation of best practices.

Abstract: Security assessment and vulnerability testing of software applications is performed based at least in part on application metadata in order to determine an appropriate assurance level and associated test plan that includes multiple types of analysis. Steps from each test are combined into a “custom” or “application-specific” workflow, and the results of each test may then be correlated with other results to identify potential vulnerabilities and/or faults.

Abstract: Presently described is a decompilation method of operation and system for parsing executable code, identifying and recursively modeling data flows, identifying and recursively modeling control flow, and iteratively refining these models to provide a complete model at the nanocode level. The nanocode decompiler may be used to determine if flaws, security vulnerabilities, or general quality issues exist in the code. The nanocode decompiler outputs in a standardized, human-readable intermediate representation (IR) designed for automated or scripted analysis and reporting. Reports may take the form of a computer annotated and/or partially human annotated nanocode listing in the above-described IR. Annotations may include plain English statements regarding flaws and pointers to badly constructed data structures, unchecked buffers, malicious embedded code or “trap doors,” and the like. Annotations may be generated through a scripted analysis process or by means of an expert-enhanced, quasi-autonomous system.

Abstract: The present system includes a computer-networked system that allows mobile subscribers, and others, to submit mobile applications to be analyzed for anomalous and malicious behavior using data acquired during the execution of the application within a highly instrumented and controlled environment for which the analysis relies on per-execution as well as comparative aggregate data across many such executions from one or more subscribers.