Abstract: Performance testing of web components using identity information includes providing a web component for testing having business logic code and an associated authorization layer code, locating, using a processor, branches in the authorization layer code and the business logic code which are dependent on identity information, and creating, using the processor, symbolic identities with claims or attributes having values corresponding to the branch options of the located branches. The method also includes propagating the symbolic identities downstream from the branch locations through the authorization layer code and the business logic code and analyzing, using the processor, the performance of each symbolic identity.

Abstract: Providing context in functional testing of web services. Methods of a web service are categorized into predefined categories defining interaction flows on the web, based on a semantic analysis of the names of the web methods. For each categorized web method, a testing context for the web method is created according to its category in the form of a sequence of one or more other methods of the web service that provide an appropriate context for testing the web method.

Abstract: A system for preventing malicious attacks on a device in a Smart Home network comprises logical circuitry suitable to compare information flows in said network with legal information flows stored in memory means.

Abstract: Detecting error states when interacting with web applications is performed by accessing a first web page of a web application, determining that the first web page includes an input validation operation, configuring an input to cause the input validation operation to effect an error state, providing the input to the first web page, thereby effecting the error state, identifying a feature that is absent from the first web page before the input is provided to the first web page and present in the first web page after the input is provided to the first web page, and detecting that a second web page of the web application is in an error state if the feature is present in the second web page.

Abstract: Performance testing of web components using identity information includes providing a web component for testing having business logic code and an associated authorization layer code, locating, using a processor, branches in the authorization layer code and the business logic code which are dependent on identity information, and creating, using the processor, symbolic identities with claims or attributes having values corresponding to the branch options of the located branches. The method also includes propagating the symbolic identities downstream from the branch locations through the authorization layer code and the business logic code and analyzing, using the processor, the performance of each symbolic identity.

Abstract: Performance testing of web components using identity information includes providing a web component for testing having business logic code and an associated authorization layer code, locating, using a processor, branches in the authorization layer code and the business logic code which are dependent on identity information, and creating, using the processor, symbolic identities with claims or attributes having values corresponding to the branch options of the located branches. The method also includes propagating the symbolic identities downstream from the branch locations through the authorization layer code and the business logic code and analyzing, using the processor, the performance of each symbolic identity.

Abstract: Detecting error states when interacting with web applications is performed by accessing a first web page of a web application, determining that the first web page includes an input validation operation, configuring an input to cause the input validation operation to effect an error state, providing the input to the first web page, thereby effecting the error state, identifying a feature that is absent from the first web page before the input is provided to the first web page and present in the first web page after the input is provided to the first web page, and detecting that a second web page of the web application is in an error state if the feature is present in the second web page.

Abstract: A computer identifies each web method, of a web service, declared in a web services description language (WSDL) file. The computer adds a node within a directed graph for each web method identified. The computer identifies pairs of web methods declared in the WSDL file in which a match exists between an output parameter of one of the web methods and an input parameter of another one of the web methods. The computer adds an edge within the directed graph for each of the pairs of web methods identified. The computer generates one or more sequences of web methods based on nodes connected by edges within the directed graph, wherein each of the one or more sequences includes at least one of the pairs of web methods identified. The computer tests each of the one or more sequences of web methods to identify stored vulnerabilities in the web service.

Abstract: Optimized testing of vulnerabilities in an application implemented by a method includes generating a first probe directed to determine whether an application is vulnerable to a first type of attack; analyzing one or more responses from the application based on the application responding to the first probe; in response to determining that the one or more responses from the application validate a first hypothesis about one or more vulnerabilities associated with the application, and generating at least a second probe to further verify the first hypothesis. The second probe focuses on discovering additional details about the application's vulnerabilities to the first type of attack or a second type of attack.

Abstract: Optimized testing of vulnerabilities in an application implemented by a method includes generating a first probe directed to determine whether an application is vulnerable to a first type of attack; analyzing one or more responses from the application based on the application responding to the first probe; in response to determining that the one or more responses from the application validate a first hypothesis about one or more vulnerabilities associated with the application, and generating at least a second probe to further verify the first hypothesis. The second probe focuses on discovering additional details about the application's vulnerabilities to the first type of attack or a second type of attack.

Abstract: Detecting error states when interacting with web applications is performed by accessing a first web page of a web application, determining that the first web page includes an input validation operation, configuring an input to cause the input validation operation to effect an error state, providing the input to the first web page, thereby effecting the error state, identifying a feature that is absent from the first web page before the input is provided to the first web page and present in the first web page after the input is provided to the first web page, and detecting that a second web page of the web application is in an error state if the feature is present in the second web page.

Abstract: A method for detecting a malicious code which is injected into the command stream of a widget running by a web-based OS at a device is disclosed. The method requires (a) analyzing the widget at an App-Store to determine first invariant data; (b) recording within a metadata file first invariant data; (c) associating said metadata file with said widget, and supplying said widget within a user device; (d) upon running said widget, activating a monitoring module, analyzing the running widget and determining by said module a second invariants data, and comparing respectively said second determined invariant data with said first determined invariants data; and (e) issuing an alert upon detection of a variation above a predefined value between said second determined invariant data and said first determined invariant data, respectively.

Abstract: A system for preventing malicious attacks on a device in a Smart Home network comprises logical circuitry suitable to compare information flows in said network with legal information flows stored in memory means.

Abstract: A method for detecting a malicious code injected into the command stream of a widget running by a web-based OS at a device. The method is multi-stepped. Introducing by an App-Store hooks to within the command stream of the widget. Running at the App-Store the widget on an App-Store device, measuring respective time durations between various hooks, and recording said time durations within a metadata file. Associating said metadata file with said widget, and supplying said widget, and associated metadata file to within a user device. Upon running said widget by a web based OS at said user device, activating a monitoring module, determining durations between said introduced hooks, and comparing respectively said determined time durations with said measured time durations. And issuing an alert upon detection of a variation above a predefined value between any of said determined durations and said measured durations respectively.

Abstract: Detecting error states when interacting with web applications is performed by accessing a first web page of a web application, determining that the first web page includes an input validation operation, configuring an input to cause the input validation operation to effect an error state, providing the input to the first web page, thereby effecting the error state, identifying a feature that is absent from the first web page before the input is provided to the first web page and present in the first web page after the input is provided to the first web page, and detecting that a second web page of the web application is in an error state if the feature is present in the second web page.

Abstract: A technique for synthesizing tests from a Web service document includes locating at least one parameter for at least one client to server function call in a Web service document. Client validation constraints for the at least one parameter are discovered. Server validation constraints for the at least one parameter in the Web service document are discovered. At least one range for the at least one parameter that will be accepted by the server and not be accepted by the client is discovered. Tests using parameter values from the discovered at least one range are synthesized.

Abstract: Providing context in functional testing of web services. Methods of a web service are categorized into predefined categories defining interaction flows on the web, based on a semantic analysis of the names of the web methods. For each categorized web method, a testing context for the web method is created according to its category in the form of a sequence of one or more other methods of the web service that provide an appropriate context for testing the web method.

Abstract: Arrangements described herein relate to analyzing vulnerable information flows in an application. A black-box scan of the application can be performed to record a call-tree representation of call stacks arising in the application due to test inputs provided during the black-box scan. For each path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, a static analysis can be performed to determine at least one parameter value that, when abstracted, drives execution of the application, via the path, to flow to the at least one security sink. A security report can be generated identifying at least one of the paths in the call-tree representation that does not constitute the vulnerable information flow during the black-box scan, but flows to the at least one security sink when the at least one parameter value is abstracted.

Abstract: A method, computer program product, and computer system for analyzing, by a computing device, client-side code of a web component. An input constraint of the web component is identified based upon, at least in part, analyzing the client-side code of the web component. One or more input values within the input constraint are generated based upon, at least in part, the input constraint.

Abstract: Testing a computer software application by configuring a first computer to execute a copy of data-checking software used by a computer software application at a second computer, processing a first copy of a test data payload using the data-checking software at the first computer, where the test data payload is configured to test for an associated security vulnerability, determining that the first copy of the test data payload is endorsed by the data-checking software at the first computer for further processing, and sending a second copy of the test data payload via a computer network to the computer software application at the second computer for processing threat.