Abstract: A method for software code analysis includes receiving source code of an application program, which includes one or more calls from respective entry points in the source code to a library program. The source code is automatically analyzed in order to generate a first data flow graph (DFG), representing a flow of data to be engendered upon running the application program. One or more vulnerabilities are identified in the library program. The library program is automatically analyzed to generate a second DFG linking at least one of the entry points in the source code to at least one of the vulnerabilities. The first DFG is combined with the second DFG in order to track the flow of data from the application program to the at least one of the vulnerabilities and to report at least one of the vulnerabilities as being exploitable.

Abstract: A method for testing a software application program (22) includes storing in a vulnerability database records of security vulnerabilities identified in execution of the program. Each record includes a location field containing a respective signature indicative of a location in the execution at which a corresponding security vulnerability was detected and a metadata field indicative of a respective control flow path on which the corresponding security vulnerability occurred. Upon detecting a further security vulnerability at a given location in a subsequent execution of the program, a new signature of the given location is computed and compared to the location field of the records in the database. When no record is found to match the new signature, an indication is output to a developer of the program of an occurrence of a new security vulnerability.

Abstract: A computer program is evaluated for security vulnerabilities by formulating a query in a query language and receiving into a memory of a computer source code of the computer program to be analyzed, preparing a data flow graph from the source code, and determining that the query is satisfied by an analysis of the data flow graph. Alternatively, the computer program is evaluated by collecting runtime events during an execution of binary code and determining that the query is satisfied by an analysis of the runtime events. In either case a security vulnerability is reported.

Abstract: A method for testing a software application program includes recording a sequence of functional tests that are applied to the program and automatically identifying and collapsing sessions within the recorded functional tests. Modified tests are created by replacing parameters in the collapsed sessions with malicious inputs. The modified tests are applied to the program in order to detect security vulnerabilities in the program.

Abstract: A method for runtime self-protection of an application program includes, before running the application program, identifying input and output points in runtime code (24) of the program. The input points are instrumented so as to cause the program to sense and cache potentially malicious inputs to the program. The output points are instrumented so as to cause the program to detect outputs from the program corresponding to the cached inputs. While running the application program, upon detecting, at an instrumented output point, an output corresponding to a cached input, a vulnerability of a target of the output to the cached input is evaluated. A protective action is invoked upon determining that the output is potentially vulnerable to the cached input.

Abstract: A method for runtime self-protection of an application program includes, before running the application program, identifying input and output points in runtime code (24) of the program. The input points are instrumented so as to cause the program to sense and cache potentially malicious inputs to the program. The output points are instrumented so as to cause the program to detect outputs from the program corresponding to the cached inputs. While running the application program, upon detecting, at an instrumented output point, an output corresponding to a cached input, a vulnerability of a target of the output to the cached input is evaluated. A protective action is invoked upon determining that the output is potentially vulnerable to the cached input.

Abstract: A method for software code analysis includes automatically processing a body of software source code (23) by a computer (22) in order to identify a group of sequences of instructions that are characterized by a common pattern. A sequence within the group containing a deviation from a norm of the common pattern is found and reported as a potential vulnerability in the software source code.

Abstract: A tool (22) automatically analyzes application source code (16) for application level vulnerabilities. The tool integrates seamlessly into the software development process, so vulnerabilities are found early in the software development life cycle, when removing the defects is far cheaper than in the post-production phase. Operation of the tool is based on static analysis, but makes use of a variety of techniques, for example methods of dealing with obfuscated code.

Abstract: A method for software code analysis includes automatically processing a body of software source code (23) by a computer (22) in order to identify a group of sequences of instructions that are characterized by a common pattern. A sequence within the group containing a deviation from a norm of the common pattern is found and reported as a potential vulnerability in the software source code.

Abstract: A tool (22) automatically analyzes application source code (16) for application level vulnerabilities. The tool integrates seamlessly into the software development process, so vulnerabilities are found early in the software development life cycle, when removing the defects is far cheaper than in the post-production phase. Operation of the tool is based on static analysis, but makes use of a variety of techniques, for example methods of dealing with obfuscated code.

Abstract: A tool (22) automatically analyzes application source code (16) for application level vulnerabilities. The tool integrates seamlessly into the software development process, so vulnerabilities are found early in the software development life cycle, when removing the defects is far cheaper than in the post-production phase. Operation of the tool is based on static analysis, but makes use of a variety of techniques, for example methods of dealing with obfuscated code.