Patents by Inventor Evgeny BESKROVNY
Evgeny BESKROVNY has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9658950Abstract: Performance testing of web components using identity information includes providing a web component for testing having business logic code and an associated authorization layer code, locating, using a processor, branches in the authorization layer code and the business logic code which are dependent on identity information, and creating, using the processor, symbolic identities with claims or attributes having values corresponding to the branch options of the located branches. The method also includes propagating the symbolic identities downstream from the branch locations through the authorization layer code and the business logic code and analyzing, using the processor, the performance of each symbolic identity.Type: GrantFiled: August 1, 2016Date of Patent: May 23, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Evgeny Beskrovny, Bertrand Cormier, Jerome Gout, Omer Tripp, Emmanuel Wurth
-
Patent number: 9582497Abstract: Providing context in functional testing of web services. Methods of a web service are categorized into predefined categories defining interaction flows on the web, based on a semantic analysis of the names of the web methods. For each categorized web method, a testing context for the web method is created according to its category in the form of a sequence of one or more other methods of the web service that provide an appropriate context for testing the web method.Type: GrantFiled: January 23, 2014Date of Patent: February 28, 2017Assignee: International Business Machines CorporationInventors: Evgeny Beskrovny, Omer Tripp, Emmanuel Wurth
-
Patent number: 9560013Abstract: A system for preventing malicious attacks on a device in a Smart Home network comprises logical circuitry suitable to compare information flows in said network with legal information flows stored in memory means.Type: GrantFiled: November 4, 2014Date of Patent: January 31, 2017Assignee: Samsung Electronics Co., Ltd.Inventors: Evgeny Beskrovny, Yaacov Hoch
-
Publication number: 20160350210Abstract: Detecting error states when interacting with web applications is performed by accessing a first web page of a web application, determining that the first web page includes an input validation operation, configuring an input to cause the input validation operation to effect an error state, providing the input to the first web page, thereby effecting the error state, identifying a feature that is absent from the first web page before the input is provided to the first web page and present in the first web page after the input is provided to the first web page, and detecting that a second web page of the web application is in an error state if the feature is present in the second web page.Type: ApplicationFiled: August 24, 2016Publication date: December 1, 2016Inventors: Evgeny Beskrovny, Omer Tripp
-
Publication number: 20160342504Abstract: Performance testing of web components using identity information includes providing a web component for testing having business logic code and an associated authorization layer code, locating, using a processor, branches in the authorization layer code and the business logic code which are dependent on identity information, and creating, using the processor, symbolic identities with claims or attributes having values corresponding to the branch options of the located branches. The method also includes propagating the symbolic identities downstream from the branch locations through the authorization layer code and the business logic code and analyzing, using the processor, the performance of each symbolic identity.Type: ApplicationFiled: August 1, 2016Publication date: November 24, 2016Inventors: Evgeny Beskrovny, Bertrand Cormier, Jerome Gout, Omer Tripp, Emmanuel Wurth
-
Patent number: 9459993Abstract: Performance testing of web components using identity information includes providing a web component for testing having business logic code and an associated authorization layer code, locating, using a processor, branches in the authorization layer code and the business logic code which are dependent on identity information, and creating, using the processor, symbolic identities with claims or attributes having values corresponding to the branch options of the located branches. The method also includes propagating the symbolic identities downstream from the branch locations through the authorization layer code and the business logic code and analyzing, using the processor, the performance of each symbolic identity.Type: GrantFiled: April 24, 2013Date of Patent: October 4, 2016Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Evgeny Beskrovny, Bertrand Cormier, Jerome Gout, Omer Tripp, Emmanuel Wurth
-
Patent number: 9442829Abstract: Detecting error states when interacting with web applications is performed by accessing a first web page of a web application, determining that the first web page includes an input validation operation, configuring an input to cause the input validation operation to effect an error state, providing the input to the first web page, thereby effecting the error state, identifying a feature that is absent from the first web page before the input is provided to the first web page and present in the first web page after the input is provided to the first web page, and detecting that a second web page of the web application is in an error state if the feature is present in the second web page.Type: GrantFiled: March 4, 2016Date of Patent: September 13, 2016Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Evgeny Beskrovny, Omer Tripp
-
Patent number: 9398041Abstract: A computer identifies each web method, of a web service, declared in a web services description language (WSDL) file. The computer adds a node within a directed graph for each web method identified. The computer identifies pairs of web methods declared in the WSDL file in which a match exists between an output parameter of one of the web methods and an input parameter of another one of the web methods. The computer adds an edge within the directed graph for each of the pairs of web methods identified. The computer generates one or more sequences of web methods based on nodes connected by edges within the directed graph, wherein each of the one or more sequences includes at least one of the pairs of web methods identified. The computer tests each of the one or more sequences of web methods to identify stored vulnerabilities in the web service.Type: GrantFiled: March 12, 2013Date of Patent: July 19, 2016Assignee: International Business Machines CorporationInventors: Evgeny Beskrovny, Omer Tripp, Emmanuel Wurth
-
Patent number: 9390269Abstract: Optimized testing of vulnerabilities in an application implemented by a method includes generating a first probe directed to determine whether an application is vulnerable to a first type of attack; analyzing one or more responses from the application based on the application responding to the first probe; in response to determining that the one or more responses from the application validate a first hypothesis about one or more vulnerabilities associated with the application, and generating at least a second probe to further verify the first hypothesis. The second probe focuses on discovering additional details about the application's vulnerabilities to the first type of attack or a second type of attack.Type: GrantFiled: September 30, 2013Date of Patent: July 12, 2016Assignee: GLOBALFOUNDRIES INC.Inventors: Evgeny Beskrovny, Alexander Landa, Omer Tripp
-
Patent number: 9390270Abstract: Optimized testing of vulnerabilities in an application implemented by a method includes generating a first probe directed to determine whether an application is vulnerable to a first type of attack; analyzing one or more responses from the application based on the application responding to the first probe; in response to determining that the one or more responses from the application validate a first hypothesis about one or more vulnerabilities associated with the application, and generating at least a second probe to further verify the first hypothesis. The second probe focuses on discovering additional details about the application's vulnerabilities to the first type of attack or a second type of attack.Type: GrantFiled: June 3, 2014Date of Patent: July 12, 2016Assignee: GLOBALFOUNDRIES INC.Inventors: Evgeny Beskrovny, Alexander Landa, Omer Tripp
-
Publication number: 20160170865Abstract: Detecting error states when interacting with web applications is performed by accessing a first web page of a web application, determining that the first web page includes an input validation operation, configuring an input to cause the input validation operation to effect an error state, providing the input to the first web page, thereby effecting the error state, identifying a feature that is absent from the first web page before the input is provided to the first web page and present in the first web page after the input is provided to the first web page, and detecting that a second web page of the web application is in an error state if the feature is present in the second web page.Type: ApplicationFiled: March 4, 2016Publication date: June 16, 2016Inventors: Evgeny Beskrovny, Omer Tripp
-
Publication number: 20160142437Abstract: A method for detecting a malicious code which is injected into the command stream of a widget running by a web-based OS at a device is disclosed. The method requires (a) analyzing the widget at an App-Store to determine first invariant data; (b) recording within a metadata file first invariant data; (c) associating said metadata file with said widget, and supplying said widget within a user device; (d) upon running said widget, activating a monitoring module, analyzing the running widget and determining by said module a second invariants data, and comparing respectively said second determined invariant data with said first determined invariants data; and (e) issuing an alert upon detection of a variation above a predefined value between said second determined invariant data and said first determined invariant data, respectively.Type: ApplicationFiled: November 17, 2014Publication date: May 19, 2016Inventors: Evgeny BESKROVNY, Yaacov HOCH, Maya MAIMON
-
Publication number: 20160127315Abstract: A system for preventing malicious attacks on a device in a Smart Home network comprises logical circuitry suitable to compare information flows in said network with legal information flows stored in memory means.Type: ApplicationFiled: November 4, 2014Publication date: May 5, 2016Inventors: Evgeny BESKROVNY, Yaacov HOCH
-
Publication number: 20160127412Abstract: A method for detecting a malicious code injected into the command stream of a widget running by a web-based OS at a device. The method is multi-stepped. Introducing by an App-Store hooks to within the command stream of the widget. Running at the App-Store the widget on an App-Store device, measuring respective time durations between various hooks, and recording said time durations within a metadata file. Associating said metadata file with said widget, and supplying said widget, and associated metadata file to within a user device. Upon running said widget by a web based OS at said user device, activating a monitoring module, determining durations between said introduced hooks, and comparing respectively said determined time durations with said measured time durations. And issuing an alert upon detection of a variation above a predefined value between any of said determined durations and said measured durations respectively.Type: ApplicationFiled: November 5, 2014Publication date: May 5, 2016Inventors: Evgeny BESKROVNY, Yaacov HOCH
-
Patent number: 9323649Abstract: Detecting error states when interacting with web applications is performed by accessing a first web page of a web application, determining that the first web page includes an input validation operation, configuring an input to cause the input validation operation to effect an error state, providing the input to the first web page, thereby effecting the error state, identifying a feature that is absent from the first web page before the input is provided to the first web page and present in the first web page after the input is provided to the first web page, and detecting that a second web page of the web application is in an error state if the feature is present in the second web page.Type: GrantFiled: September 30, 2013Date of Patent: April 26, 2016Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Evgeny Beskrovny, Omer Tripp
-
Publication number: 20160011951Abstract: A technique for synthesizing tests from a Web service document includes locating at least one parameter for at least one client to server function call in a Web service document. Client validation constraints for the at least one parameter are discovered. Server validation constraints for the at least one parameter in the Web service document are discovered. At least one range for the at least one parameter that will be accepted by the server and not be accepted by the client is discovered. Tests using parameter values from the discovered at least one range are synthesized.Type: ApplicationFiled: January 23, 2014Publication date: January 14, 2016Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: EVGENY BESKROVNY, OMER TRIPP, EMMANUEL WURTH
-
Publication number: 20160012039Abstract: Providing context in functional testing of web services. Methods of a web service are categorized into predefined categories defining interaction flows on the web, based on a semantic analysis of the names of the web methods. For each categorized web method, a testing context for the web method is created according to its category in the form of a sequence of one or more other methods of the web service that provide an appropriate context for testing the web method.Type: ApplicationFiled: January 23, 2014Publication date: January 14, 2016Inventors: Evgeny Beskrovny, Omer Tripp, Emmanuel Wurth
-
Patent number: 9177155Abstract: Arrangements described herein relate to analyzing vulnerable information flows in an application. A black-box scan of the application can be performed to record a call-tree representation of call stacks arising in the application due to test inputs provided during the black-box scan. For each path in the call-tree representation that does not constitute a vulnerable information flow during the black-box scan, a static analysis can be performed to determine at least one parameter value that, when abstracted, drives execution of the application, via the path, to flow to the at least one security sink. A security report can be generated identifying at least one of the paths in the call-tree representation that does not constitute the vulnerable information flow during the black-box scan, but flows to the at least one security sink when the at least one parameter value is abstracted.Type: GrantFiled: September 13, 2013Date of Patent: November 3, 2015Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Evgeny Beskrovny, Adi Sharabani, Omer Tripp
-
Patent number: 9158848Abstract: A method, computer program product, and computer system for analyzing, by a computing device, client-side code of a web component. An input constraint of the web component is identified based upon, at least in part, analyzing the client-side code of the web component. One or more input values within the input constraint are generated based upon, at least in part, the input constraint.Type: GrantFiled: February 11, 2013Date of Patent: October 13, 2015Assignee: International Business Machines CorporationInventors: Evgeny Beskrovny, Salvatore Angelo Guamieri, Marco Pistoia, Omer Tripp
-
Patent number: 9135153Abstract: Testing a computer software application by configuring a first computer to execute a copy of data-checking software used by a computer software application at a second computer, processing a first copy of a test data payload using the data-checking software at the first computer, where the test data payload is configured to test for an associated security vulnerability, determining that the first copy of the test data payload is endorsed by the data-checking software at the first computer for further processing, and sending a second copy of the test data payload via a computer network to the computer software application at the second computer for processing threat.Type: GrantFiled: March 18, 2014Date of Patent: September 15, 2015Assignee: International Business Machines CorporationInventors: Evgeny Beskrovny, Alexander Landa, Omer Tripp