Patents by Inventor Sagi Kedmi
Sagi Kedmi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11288344Abstract: One or more communication interfaces of a first application may be scanned. In response to the scanning, it may be determined that at least a first component of the first application is subject to public access from any application. One or more public access features associated with the first component may be removed, wherein the first component is no longer subject to public access from any application. A first module may be added to the first application to control access to data to or from the first component via one or more security rules.Type: GrantFiled: June 10, 2019Date of Patent: March 29, 2022Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Roee Hay, David N. Kaplan, Sagi Kedmi, Omer Tripp
-
Patent number: 11005877Abstract: Various techniques for detecting a persistent cross-site scripting vulnerability are described herein. In one example, a method includes detecting, via the processor, a read operation executed on a resource using an instrumentation mechanism and returning, via the processor, a malicious script in response to the read operation. The method also includes detecting, via the processor, a write operation executed on the resource using the instrumentation mechanism and detecting, via the processor, a script operation executed by the malicious script that results in resource data being sent to an external computing device from a client device. Furthermore, the method includes receiving, via the processor, metadata indicating the execution of the read operation, the write operation, and the script operation.Type: GrantFiled: March 14, 2019Date of Patent: May 11, 2021Assignee: HCL Technologies LimitedInventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi
-
Patent number: 10657255Abstract: A computer-implemented method for detecting malware based on asymmetry includes receiving, via a processor, an application to be tested. The method includes computing, via the processor, a static call graph for the application. The method also includes generating, via the processor, an interprocedural control-flow graph (ICFG) based on the static call graph. The method further includes detecting, via the processor, symbolic path conditions and executable operations along different paths of conditional branches in the ICFG. The method further includes detecting, via the processor, asymmetries based on the symbolic path conditions and the executable operations. The method includes detecting, via the processor, a malicious block based on the detected asymmetries. The method further includes modifying, via the processor, the application based on the detected malicious block.Type: GrantFiled: December 17, 2015Date of Patent: May 19, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Roee Hay, Sagi Kedmi, Omer Tripp
-
Patent number: 10592399Abstract: An example system includes a processor to crawl a plurality of web pages of a web application to be tested. The processor is to also receive an intercepted input to the web application and an output from a web application associated with each crawled web page. The processor is to further detect testable elements in the intercepted input and the output. The processor is also to generate a fingerprint for each web page based on the detected testable elements. The processor is to generate a list of clusters comprising one or more similar web pages based on the fingerprints. The processor is to test a single web page from each cluster.Type: GrantFiled: April 24, 2019Date of Patent: March 17, 2020Assignee: International Business Machines CorporationInventors: Ilan Ben-Bassat, Daniel Dubnikov, Sagi Kedmi, Erez Rokah
-
Publication number: 20190294760Abstract: One or more communication interfaces of a first application may be scanned. In response to the scanning, it may be determined that at least a first component of the first application is subject to public access from any application. One or more public access features associated with the first component may be removed, wherein the first component is no longer subject to public access from any application. A first module may be added to the first application to control access to data to or from the first component via one or more security rules.Type: ApplicationFiled: June 10, 2019Publication date: September 26, 2019Inventors: Roee Hay, David N. Kaplan, Sagi Kedmi, Omer Tripp
-
Publication number: 20190251019Abstract: An example system includes a processor to crawl a plurality of web pages of a web application to be tested. The processor is to also receive an intercepted input to the web application and an output from a web application associated with each crawled web page. The processor is to further detect testable elements in the intercepted input and the output. The processor is also to generate a fingerprint for each web page based on the detected testable elements. The processor is to generate a list of clusters comprising one or more similar web pages based on the fingerprints. The processor is to test a single web page from each cluster.Type: ApplicationFiled: April 24, 2019Publication date: August 15, 2019Inventors: Ilan Ben-Bassat, Daniel Dubnikov, Sagi Kedmi, Erez Rokah
-
Patent number: 10366213Abstract: One or more communication interfaces of a first application may be scanned. In response to the scanning, it may be determined that at least a first component of the first application is subject to public access from any application. One or more public access features associated with the first component may be removed, wherein the first component is no longer subject to public access from any application. A first module may be added to the first application to control access to data to or from the first component via one or more security rules.Type: GrantFiled: February 9, 2016Date of Patent: July 30, 2019Assignee: International Business Machines CorporationInventors: Roee Hay, David N. Kaplan, Sagi Kedmi, Omer Tripp
-
Publication number: 20190215333Abstract: Various techniques for detecting a persistent cross-site scripting vulnerability are described herein. In one example, a method includes detecting, via the processor, a read operation executed on a resource using an instrumentation mechanism and returning, via the processor, a malicious script in response to the read operation. The method also includes detecting, via the processor, a write operation executed on the resource using the instrumentation mechanism and detecting, via the processor, a script operation executed by the malicious script that results in resource data being sent to an external computing device from a client device. Furthermore, the method includes receiving, via the processor, metadata indicating the execution of the read operation, the write operation, and the script operation.Type: ApplicationFiled: March 14, 2019Publication date: July 11, 2019Inventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi
-
Patent number: 10346291Abstract: An example system includes a processor to crawl a plurality of web pages of a web application to be tested. The processor is also configured to receive an intercepted input to the web application and an output from a web application associated with each crawled web page. The processor is to further configured to detect testable elements in the intercepted input and the output. The processor is also configured to generate a fingerprint for each web page based on the detected testable elements. The processor is also configured to generate a list of clusters comprising one or more similar web pages based on the fingerprints. The processor is configured to test a single web page from each cluster.Type: GrantFiled: February 21, 2017Date of Patent: July 9, 2019Assignee: International Business Machines CorporationInventors: Ilan Ben-Bassat, Daniel Dubnikov, Sagi Kedmi, Erez Rokah
-
Patent number: 10305903Abstract: A client application performs certificate pinning as a means of authenticating the identity of a server. A proxy is interposed in the communications path of the client and the hosting server and provides a proxy security certificate to the client. In response to the client extracting a proxy authentication component from the proxy security certificate, operation of the client is paused and a hosting server authentication component is extracted from a hosting server security certificate. The client operation is resumed, providing the extracted hosting server authentication component to the client, in substitution for the proxy authentication component. Based on receiving the extracted hosting server authentication component, the client authenticates the proxy to receive communications directed to the hosting server.Type: GrantFiled: August 27, 2018Date of Patent: May 28, 2019Assignee: International Business Machines CorporationInventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi
-
Patent number: 10264011Abstract: Various techniques for detecting a persistent cross-site scripting vulnerability are described herein. In one example, a method includes detecting, via the processor, a read operation executed on a resource using an instrumentation mechanism and returning, via the processor, a malicious script in response to the read operation. The method also includes detecting, via the processor, a write operation executed on the resource using the instrumentation mechanism and detecting, via the processor, a script operation executed by the malicious script that results in resource data being sent to an external computing device from a client device. Furthermore, the method includes receiving, via the processor, metadata indicating the execution of the read operation, the write operation, and the script operation.Type: GrantFiled: March 7, 2018Date of Patent: April 16, 2019Assignee: International Business Machines CorporationInventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi
-
Publication number: 20190014115Abstract: A client application performs certificate pinning as a means of authenticating the identity of a server. A proxy is interposed in the communications path of the client and the hosting server and provides a proxy security certificate to the client. In response to the client extracting a proxy authentication component from the proxy security certificate, operation of the client is paused and a hosting server authentication component is extracted from a hosting server security certificate. The client operation is resumed, providing the extracted hosting server authentication component to the client, in substitution for the proxy authentication component. Based on receiving the extracted hosting server authentication component, the client authenticates the proxy to receive communications directed to the hosting server.Type: ApplicationFiled: August 27, 2018Publication date: January 10, 2019Inventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi
-
Patent number: 10091187Abstract: A client application performs certificate pinning as a means of authenticating the identity of a server. A proxy is interposed in the communications path of the client and the hosting server and provides a proxy security certificate to the client. In response to the client extracting a proxy authentication component from the proxy security certificate, operation of the client is paused and a hosting server authentication component is extracted from a hosting server security certificate. The client operation is resumed, providing the extracted hosting server authentication component to the client, in substitution for the proxy authentication component. Based on receiving the extracted hosting server authentication component, the client authenticates the proxy to receive communications directed to the hosting server.Type: GrantFiled: September 26, 2017Date of Patent: October 2, 2018Assignee: International Business Machines CorporationInventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi
-
Patent number: 10084772Abstract: A client application performs certificate pinning as a means of authenticating the identity of a server. A proxy is interposed in the communications path of the client and the hosting server and provides a proxy security certificate to the client. In response to the client extracting a proxy authentication component from the proxy security certificate, operation of the client is paused and a hosting server authentication component is extracted from a hosting server security certificate. The client operation is resumed, providing the extracted hosting server authentication component to the client, in substitution for the proxy authentication component. Based on receiving the extracted hosting server authentication component, the client authenticates the proxy to receive communications directed to the hosting server.Type: GrantFiled: September 26, 2017Date of Patent: September 25, 2018Assignee: International Business Machines CorporationInventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi
-
Patent number: 10084781Abstract: A client application performs certificate pinning as a means of authenticating the identity of a server. A proxy is interposed in the communications path of the client and the hosting server and provides a proxy security certificate to the client. In response to the client extracting a proxy authentication component from the proxy security certificate, operation of the client is paused and a hosting server authentication component is extracted from a hosting server security certificate. The client operation is resumed, providing the extracted hosting server authentication component to the client, in substitution for the proxy authentication component. Based on receiving the extracted hosting server authentication component, the client authenticates the proxy to receive communications directed to the hosting server.Type: GrantFiled: April 26, 2016Date of Patent: September 25, 2018Assignee: International Business Machines CorporationInventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi
-
Publication number: 20180239693Abstract: An example system includes a processor to crawl a plurality of web pages of a web application to be tested. The processor is also configured to receive an intercepted input to the web application and an output from a web application associated with each crawled web page. The processor is to further configured to detect testable elements in the intercepted input and the output. The processor is also configured to generate a fingerprint for each web page based on the detected testable elements. The processor is also configured to generate a list of clusters comprising one or more similar web pages based on the fingerprints. The processor is configured to test a single web page from each cluster.Type: ApplicationFiled: February 21, 2017Publication date: August 23, 2018Inventors: Ilan Ben-Bassat, Daniel Dubnikov, Sagi Kedmi, Erez Rokah
-
Patent number: 10027692Abstract: An example computer-implemented method includes receiving, via a processor, an application to be tested, a set of intrusive monitoring capabilities, and a set of external monitoring capabilities. The method includes executing, via the processor, the application in a clean environment to generate unmonitored application behavior. The method includes executing, via the processor, the application with intrusive monitoring based on two randomly generated seeds to generate trigger events and external monitoring to detect changes of application behavior in response to the intrusive monitoring. The method includes computing, via the processor, a correlation measure between the trigger events and the detected changes in the application behavior. The method includes modifying, via the processor, the application in response to detecting the application is evasive based on the correlation measure.Type: GrantFiled: January 5, 2016Date of Patent: July 17, 2018Assignee: International Business Machines CorporationInventors: Roee Hay, Sagi Kedmi, Omer Tripp
-
Publication number: 20180198817Abstract: Various techniques for detecting a persistent cross-site scripting vulnerability are described herein. In one example, a method includes detecting, via the processor, a read operation executed on a resource using an instrumentation mechanism and returning, via the processor, a malicious script in response to the read operation. The method also includes detecting, via the processor, a write operation executed on the resource using the instrumentation mechanism and detecting, via the processor, a script operation executed by the malicious script that results in resource data being sent to an external computing device from a client device. Furthermore, the method includes receiving, via the processor, metadata indicating the execution of the read operation, the write operation, and the script operation.Type: ApplicationFiled: March 7, 2018Publication date: July 12, 2018Inventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi
-
Patent number: 10002253Abstract: A given application is instrumented to trace its execution flow. Constraints and/or transformation associated with input identified in the execution flow are mirrored on a set of candidate test payloads. The set of candidate test payloads are modified or pruned based on the execution flow of the instrumented application reaching a security operation with the input satisfying the constraints while the payloads may not. If the set of candidate test payloads is not empty at reaching the security operation, it is determined that the give application has vulnerability and a signal issuing a warning may be generated and transmitted.Type: GrantFiled: August 23, 2016Date of Patent: June 19, 2018Assignee: International Business Machines CorporationInventors: Roee Hay, Sagi Kedmi, Omer Tripp
-
Patent number: 9948665Abstract: Various techniques for detecting a persistent cross-site scripting vulnerability are described herein. In one example, a method includes detecting, via the processor, a read operation executed on a resource using an instrumentation mechanism and returning, via the processor, a malicious script in response to the read operation. The method also includes detecting, via the processor, a write operation executed on the resource using the instrumentation mechanism and detecting, via the processor, a script operation executed by the malicious script that results in resource data being sent to an external computing device from a client device. Furthermore, the method includes receiving, via the processor, metadata indicating the execution of the read operation, the write operation, and the script operation.Type: GrantFiled: June 4, 2015Date of Patent: April 17, 2018Assignee: International Business Machines CorporationInventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi