Abstract: A method for testing an HTTP endpoint includes sending a first HTTP request to a first HTTP endpoint, receiving a first response to the first HTTP request from the first HTTP endpoint, and determining, based on the first response, a first parameter that the first HTTP endpoint expected to receive in the first HTTP request. The method also includes generating, by a processing device, a second HTTP request that includes the first parameter and sending the second HTTP request with the first parameter to the first HTTP endpoint.

Abstract: An application service request is parsed to identify an application service request parameter of the application service request. The application service request parameter is altered. The application service request is reconstructed to include the altered application service request parameter. The behavior of the application is analyzed while executing the reconstructed application service request to detect a security vulnerability. The detection of the security vulnerability is verified to eliminate false positives.

Abstract: An application deployment system provides one or pages of an application to a client device. The pages may specify application code for performing functions and presenting content of the application by the client device as well as a reference to third-party code. As users interact with the page on the client device, the user may interact with the page to add sensitive data for transmission to the application deployment system or receive sensitive data from the application deployment system. To detect and prevent inappropriate use by the third party code, messages relating to the third-party code is monitored for requests to send messages that contain information matching the user information. When there is a match, the message may be prevented from transmission or the application developer notified about the sensitive data request.

Abstract: A code testing system identifies code for an application as being related to publically-available code, and modifies testing for the application for the code segments corresponding to the publically-available code. The code testing system identifies code segments in the application and generates a signature of the code segment. The signature is matched against signatures for publically-available code, and code segments for the application that match the publically-available code are identified. The matching segments may be tested with different analysis than the code which does not match publically-available code and thus correspond to privately developed code by an application developer.

Abstract: A testing method and system for automatic Hypertext Transfer Protocol (HTTP) testing, the system including a memory configured to store sequences of user requests, a program store storing code for emulating a sequence of user requests, and at least one processor coupled to the program store and to the memory for executing the stored code, the code including instructions for generating an emulated request based on a request from a user sequence of requests, transmitting the emulated request to an application, receiving a response to the emulated request from the application, calculating an adapted emulated sequence based on validity of the received response, and instructing transmission of the adapted emulated sequence.

Abstract: A code deployment system deploys code to a set of application systems that execute the application, which may be across several tiers of systems that service requests related to the application. At each system, the application executes and is analyzed during execution to determine active code that is loaded by the application during execution, which may include dynamically-generated code. The active code is then analyzed using static analysis to determine security vulnerabilities and errors in the code that was loaded and operated at each application tier. The active code may also be associated with a specific use case or set of inputs that were applied to the application during the monitoring.

Abstract: An application deployment system provides one or pages of an application to a client device. The pages may specify application code for performing functions and presenting content of the application by the client device as well as a reference to third-party code. As users interact with the page on the client device, the user may interact with the page to add sensitive data for transmission to the application deployment system or receive sensitive data from the application deployment system. To detect and prevent inappropriate use by the third party code, messages relating to the third-party code is monitored for requests to send messages that contain information matching the user information. When there is a match, the message may be prevented from transmission or the application developer notified about the sensitive data request.

Abstract: A code testing system identifies code for an application as being related to publically-available code, and modifies testing for the application for the code segments corresponding to the publically-available code. The code testing system identifies code segments in the application and generates a signature of the code segment. The signature is matched against signatures for publically-available code, and code segments for the application that match the publically-available code are identified. The matching segments may be tested with different analysis than the code which does not match publically-available code and thus correspond to privately developed code by an application developer.

Abstract: A code deployment system deploys code to a set of application systems that execute the application, which may be across several tiers of systems that service requests related to the application. At each system, the application executes and is analyzed during execution to determine active code that is loaded by the application during execution, which may include dynamically-generated code. The active code is then analyzed using static analysis to determine security vulnerabilities and errors in the code that was loaded and operated at each application tier. The active code may also be associated with a specific use case or set of inputs that were applied to the application during the monitoring.

Abstract: A testing method and system for automatic Hypertext Transfer Protocol (HTTP) testing, the system including a memory configured to store sequences of user requests, a program store storing code for emulating a sequence of user requests, and at least one processor coupled to the program store and to the memory for executing the stored code, the code including instructions for generating an emulated request based on a request from a user sequence of requests, transmitting the emulated request to an application, receiving a response to the emulated request from the application, calculating an adapted emulated sequence based on validity of the received response, and instructing transmission of the adapted emulated sequence.

Abstract: A method of detecting correlated operations in a common storage. The method comprises providing at least one input operation, each the input operation being designated to write uniquely identifiable data on a memory unit of an application, monitoring a plurality of output operations of the application, each the output operation includes data read from the memory unit, comparing between the at least one input operation and the plurality of output operations to identify at least one matching group of input and output operations wherein each member of the at least one matching group has correlated written or read data in a common correlated target address in the memory unit, and outputting an indication of the at least one matching group.

Abstract: A method and a system for detecting one or more security vulnerabilities. The method comprises providing test instructions for an application, such as a web application or a client server application, adding test code to a code segment of the application according to the test instructions, sending at least one message to the application according to the test instructions at runtime thereof, monitoring test information pertaining to at least one reaction of the application to the at least one message during an execution of the test code, performing an analysis of the at least one reaction, and detecting a presence or an absence of at least one security vulnerability according to the analysis.

Abstract: A method and a system for detecting one or more security vulnerabilities. The method comprises providing test instructions for an application, such as a web application or a client server application, adding test code to a code segment of the application according to the test instructions, sending at least one message to the application according to the test instructions at runtime thereof, monitoring test information pertaining to at least one reaction of the application to the at least one message during an execution of the test code, performing an analysis of the at least one reaction, and detecting a presence or an absence of at least one security vulnerability according to the analysis.

Abstract: A method and a system for detecting one or more security vulnerabilities. The method comprises providing test instructions for an application, such as a web application or a client server application, adding test code to a code segment of the application according to the test instructions, sending at least one message to the application according to the test instructions at runtime thereof, monitoring test information pertaining to at least one reaction of the application to the at least one message during an execution of the test code, performing an analysis of the at least one reaction, and detecting a presence or an absence of at least one security vulnerability according to the analysis.

Abstract: A method and a system for detecting one or more security vulnerabilities. The method comprises providing test instructions for an application, such as a web application or a client server application, adding test code to a code segment of the application according to the test instructions, sending at least one message to the application according to the test instructions at runtime thereof, monitoring test information pertaining to at least one reaction of the application to the at least one message during an execution of the test code, performing an analysis of the at least one reaction, and detecting a presence or an absence of at least one security vulnerability according to the analysis.

Abstract: A method of detecting correlated operations in a common storage. The method comprises providing at least one input operation, each the input operation being designated to write uniquely identifiable data on a memory unit of an application, monitoring a plurality of output operations of the application, each the output operation includes data read from the memory unit, comparing between the at least one input operation and the plurality of output operations to identify at least one matching group of input and output operations wherein each member of the at least one matching group has correlated written or read data in a common correlated target address in the memory unit, and outputting an indication of the at least one matching group.