Patents by Inventor Evgeny BESKROVNY
Evgeny BESKROVNY has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11681696Abstract: Searching a service registry system including a plurality of services identified by respective service names, wherein at least some of said service names being associated with a set of client identifiers, includes receiving a search request, said request including a service name and a further set of client identifiers, searching, using a processor, the service registry system for a match between the requested service name and a service name of one of said services in the service registry system, and, in the absence of such a match, searching, using the processor, the service registry system for services that have an association with at least some of the client identifiers in said further set. A search result can be returned.Type: GrantFiled: November 16, 2017Date of Patent: June 20, 2023Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Evgeny Beskrovny, Omer Tripp, Emmanuel Wurth
-
Patent number: 10936727Abstract: A method detecting a vulnerability in a Web service can include determining, using a processor, whether a Web service uses identity of a requester to select one of a plurality of different paths of a branch in program code of the Web service. The method further can include, responsive to determining that the Web service does select one of a plurality of different paths of a branch according to identity of the requester, indicating that the Web service has a potential vulnerability.Type: GrantFiled: November 7, 2019Date of Patent: March 2, 2021Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Yair Amit, Evgeny Beskrovny, Omer Tripp
-
Patent number: 10878129Abstract: The disclosed embodiments include systems, methods, and computer readable media configured to classify graphical user interface items according to their exposure to security sensitive operations. The techniques described in the disclosed embodiments may be used to reduce the risk of application errors by disabling graphical user interface items. Thus, the techniques may be used to minimize the risk of system crashes caused by restricting application access to a certain resource. As a result, the disclosed embodiments improve usability of application running in a restricted mode.Type: GrantFiled: April 30, 2018Date of Patent: December 29, 2020Assignee: CyberArk Software Ltd.Inventor: Evgeny Beskrovny
-
Patent number: 10841327Abstract: Black-box security testing for a Web application includes identifying infrastructure supporting the Web application, obtaining vulnerability data for the Web application from an external data source according to the infrastructure, deriving a test payload from the vulnerability data using a processor, and determining a type of vulnerability exploited by the test payload. An existing validation operation of a testing system is selected for validating a response from the Web application to the test payload according to the type of vulnerability.Type: GrantFiled: September 19, 2012Date of Patent: November 17, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Evgeny Beskrovny, Omer Tripp
-
Patent number: 10785246Abstract: Black-box security testing for a Web application includes identifying infrastructure supporting the Web application, obtaining vulnerability data for the Web application from an external data source according to the infrastructure, deriving a test payload from the vulnerability data using a processor, and determining a type of vulnerability exploited by the test payload. An existing validation operation of a testing system is selected for validating a response from the Web application to the test payload according to the type of vulnerability.Type: GrantFiled: September 11, 2013Date of Patent: September 22, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Evgeny Beskrovny, Omer Tripp
-
Patent number: 10586049Abstract: A system for detecting a vulnerability in a Web service can include a processor configured to initiate executable operations including determining whether a Web service uses identity of a requester to select one of a plurality of different paths of a branch in program code of the Web service and, responsive to determining that the Web service does select one of a plurality of different paths of a branch according to identity of the requester, indicating that the Web service has a potential vulnerability.Type: GrantFiled: December 22, 2011Date of Patent: March 10, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Yair Amit, Evgeny Beskrovny, Omer Tripp
-
Publication number: 20200074087Abstract: A method detecting a vulnerability in a Web service can include determining, using a processor, whether a Web service uses identity of a requester to select one of a plurality of different paths of a branch in program code of the Web service. The method further can include, responsive to determining that the Web service does select one of a plurality of different paths of a branch according to identity of the requester, indicating that the Web service has a potential vulnerability.Type: ApplicationFiled: November 7, 2019Publication date: March 5, 2020Inventors: YAIR AMIT, EVGENY BESKROVNY, OMER TRIPP
-
Patent number: 10579802Abstract: A method of detecting a vulnerability in a Web service can include determining, using a processor, whether a Web service uses identity of a requester to select one of a plurality of different paths of a branch in program code of the Web service. The method further can include, responsive to determining that the Web service does select one of a plurality of different paths of a branch according to identity of the requester, indicating that the Web service has a potential vulnerability.Type: GrantFiled: March 26, 2012Date of Patent: March 3, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Yair Amit, Evgeny Beskrovny, Omer Tripp
-
Patent number: 10542040Abstract: The present disclosure relates to an intelligent service (e.g., a smart home, a smart building, a smart car, etc.) based on a 5G communication technology and an IoT related technology. In accordance with an embodiment of the present disclosure, a method is provided for detecting, by a web server in a wireless communication system, a malicious code which is injected into the command stream of a widget miming on a web-based OS in a device. The method includes: analyzing the widget in the web server; determining at least one invariant condition constantly maintained and conserved while the widget is running, on the basis of a result of the analyzing; generating a metadata file including data satisfying the at least one invariant condition; and associating the metadata file with the widget and providing the widget in a state in which the associated metadata file is included in the widget.Type: GrantFiled: November 17, 2015Date of Patent: January 21, 2020Assignee: Samsung Electronics Co., Ltd.Inventors: Evgeny Beskrovny, Maya Maimon, Yaacov Hoch
-
Publication number: 20190392137Abstract: Disclosed embodiments include systems, methods, and computer-readable media for maintaining and accessing security metadata associated with a micro service. Aspects include generating security metadata associated with a micro service. The security metadata may be separate from an executable portion of the micro service and define a plurality of security attributes of the micro service. Examples of security attributes include a security grade level for the micro service, a security sensitive operation that the micro service is programmed to perform, a function classification for the micro service, and an idempotence property for the micro service, among others. Aspects also include accessing the security metadata, and determining, based on the security metadata, whether to perform a control action of various different types for the micro service.Type: ApplicationFiled: June 21, 2018Publication date: December 26, 2019Applicant: CyberArk Software Ltd.Inventor: Evgeny Beskrovny
-
Publication number: 20190347407Abstract: The disclosed embodiments include systems, methods, and computer-readable media configured to detect client-side exploits. The techniques described in the disclosed embodiments may be used to minimize the attack surface of the client devices. Thus, the techniques may be used to reduce injection-type cyberattacks on client devices by detecting anomalies occurring in the client devices. As a result, the disclosed embodiments reduce the vulnerabilities and weaknesses associated with web applications and other client applications.Type: ApplicationFiled: May 9, 2018Publication date: November 14, 2019Applicant: CyberArk Software Ltd.Inventor: Evgeny BESKROVNY
-
Publication number: 20190332788Abstract: The disclosed embodiments include systems, methods, and computer readable media configured to classify graphical user interface items according to their exposure to security sensitive operations. The techniques described in the disclosed embodiments may be used to reduce the risk of application errors by disabling graphical user interface items. Thus, the techniques may be used to minimize the risk of system crashes caused by restricting application access to a certain resource. As a result, the disclosed embodiments improve usability of application running in a restricted mode.Type: ApplicationFiled: April 30, 2018Publication date: October 31, 2019Applicant: CyberArk Software Ltd.Inventor: Evgeny Beskrovny
-
Patent number: 10310956Abstract: A technique for synthesizing tests from a Web service document includes locating at least one parameter for at least one client to server function call in a Web service document. Client validation constraints for the at least one parameter are discovered. Server validation constraints for the at least one parameter in the Web service document are discovered. At least one range for the at least one parameter that will be accepted by the server and not be accepted by the client is discovered. Tests using parameter values from the discovered at least one range are synthesized.Type: GrantFiled: January 23, 2014Date of Patent: June 4, 2019Assignee: International Business Machines CorporationInventors: Evgeny Beskrovny, Omer Tripp, Emmanuel Wurth
-
Patent number: 10275238Abstract: A hybrid program analysis method includes initiating a static program analysis of an application, generating, by a static program analyzer, a query to a dynamic program analyzer upon determining a code construct of the application requiring dynamic analysis, resolving, by the dynamic program analyzer, the query into a set of arguments with which to invoke the code construct of the application, generating, by the dynamic program analyzer, the set of arguments, invoking, by the dynamic program analyzer, the code construct of the application using set of arguments, answering, by the dynamic program analyzer, the query, and continuing the static program analysis of the application.Type: GrantFiled: November 8, 2012Date of Patent: April 30, 2019Assignee: International Business Machines CorporationInventors: Evgeny Beskrovny, Marco Pistoia, Omer Tripp
-
Patent number: 10178146Abstract: A method, system, and/or computer program product invokes a web service in a software application. A software application comprises a machine readable description of a functionality to be supported by a web service to be invoked, and a machine readable description of an execution instruction for the web service to be invoked. One or more processors determine/identify a web service that supports the functionality to be supported and the execution instruction for the web service to be invoked.Type: GrantFiled: November 27, 2013Date of Patent: January 8, 2019Assignee: International Business Machines CorporationInventors: Evgeny Beskrovny, Omer Tripp, Emmanuel Wurth
-
Publication number: 20180075094Abstract: Searching a service registry system including a plurality of services identified by respective service names, wherein at least some of said service names being associated with a set of client identifiers, includes receiving a search request, said request including a service name and a further set of client identifiers, searching, using a processor, the service registry system for a match between the requested service name and a service name of one of said services in the service registry system, and, in the absence of such a match, searching, using the processor, the service registry system for services that have an association with at least some of the client identifiers in said further set. A search result can be returned.Type: ApplicationFiled: November 16, 2017Publication date: March 15, 2018Inventors: Evgeny Beskrovny, Omer Tripp, Emmanuel Wurth
-
Patent number: 9898503Abstract: Searching a service registry system including a plurality of services identified by respective service names, wherein at least some of said service names being associated with a set of client identifiers, includes receiving a search request, said request including a service name and a further set of client identifiers, searching, using a processor, the service registry system for a match between the requested service name and a service name of one of said services in the service registry system, and, in the absence of such a match, searching, using the processor, the service registry system for services that have an association with at least some of the client identifiers in said further set. A search result can be returned.Type: GrantFiled: June 18, 2013Date of Patent: February 20, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Evgeny Beskrovny, Omer Tripp, Emmanuel Wurth
-
Publication number: 20170357804Abstract: The present disclosure relates to a communication technique for fusing a 5G communication system for supporting a high data transmission rate after a 4G system with the IoT technology, and a system thereof. The present disclosure can be applied to an intelligent service (e.g., a smart home, a smart building, a smart city, a smart car or connected car, healthcare, digital education, retail business, security and safety related service, etc.) based on the 5G communication technology and the IoT related technology. In accordance with an embodiment of the present disclosure, a method for detecting a malicious code which is injected into the command stream of a widget miming on a web-based OS in a device by a web server in a wireless communication system is provided.Type: ApplicationFiled: November 17, 2015Publication date: December 14, 2017Applicant: Samsung Electronics Co., Ltd.Inventors: Evgeny BESKROVNY, Maya MAIMON, Yaacov HOCH
-
Patent number: 9830253Abstract: Testing computer software applications includes comparing multiple execution paths associated with multiple interactions performed with a computer software application during execution of the computer software application in order to determine which of the execution paths are similar in accordance with a predefined similarity criterion, identifying a subset of the interactions whose associated execution paths are similar in accordance with the predefined similarity criterion, and performing fewer than all of the interactions in the subset with the computer software application during execution of the computer software application.Type: GrantFiled: September 27, 2013Date of Patent: November 28, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Evgeny Beskrovny, Omer Tripp
-
Patent number: 9678859Abstract: Detecting error states when interacting with web applications is performed by accessing a first web page of a web application, determining that the first web page includes an input validation operation, configuring an input to cause the input validation operation to effect an error state, providing the input to the first web page, thereby effecting the error state, identifying a feature that is absent from the first web page before the input is provided to the first web page and present in the first web page after the input is provided to the first web page, and detecting that a second web page of the web application is in an error state if the feature is present in the second web page.Type: GrantFiled: August 24, 2016Date of Patent: June 13, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Evgeny Beskrovny, Omer Tripp