Abstract: A system and method for monitoring and protecting sensitive data that includes identifying sensitive data and statically tracking sensitive data using data flow analysis across a code base, monitoring flow of the data during application runtime, and responding to vulnerabilities according to a sensitive data characterization of the data. Identifying sensitive data includes processing a semantic description of the data in the application code and characterizing the sensitive data. Monitoring flow of the data includes: identifying and characterizing sensitive data through data usage, updating the characterization for the sensitive data through data usage, and enforcing security measures on the data according to the sensitive data characterization of the data.

Abstract: A method and system for security flow analysis of application code comprising: detecting data flows in a code base; and extracting an information flow, comprising determining a primary data flow by identifying a data flow that contains exposed data, and extending the primary data flow through descriptor data flows, wherein the descriptor data flows are associated with the set of data tracked by the primary data flow; wherein the information flow is a high level flow description that exposes the application code vulnerabilities based on the primary data flow and all associated descriptor data flows.

Abstract: A method and system for security flow analysis of application code comprising: detecting data flows in a code base; and extracting an information flow, comprising determining a primary data flow by identifying a data flow that contains exposed data, and extending the primary data flow through descriptor data flows, wherein the descriptor data flows are associated with the set of data tracked by the primary data flow; wherein the information flow is a high level flow description that exposes the application code vulnerabilities based on the primary data flow and all associated descriptor data flows.

Abstract: A system and method for application security profiling that includes extracting a code property graph from at least a subset of a code base; generating a code profile from the code property graph, wherein generating the code profile occurs prior to a compilation of the code base; and applying the code profile, comprising of identifying sections of interest within the code base.

Abstract: A method and system for security flow analysis of application code comprising: detecting data flows in a code base; and extracting an information flow, comprising determining a primary data flow by identifying a data flow that contains exposed data, and extending the primary data flow through descriptor data flows, wherein the descriptor data flows are associated with the set of data tracked by the primary data flow; wherein the information flow is a high level flow description that exposes the application code vulnerabilities based on the primary data flow and all associated descriptor data flows.

Abstract: A system and method for application security profiling that includes extracting a code property graph from at least a subset of a code base; generating a code profile from the code property graph, wherein generating the code profile occurs prior to a compilation of the code base; and applying the code profile, comprising of identifying sections of interest within the code base.

Abstract: A system and method for monitoring and protecting sensitive data that includes identifying sensitive data and statically tracking sensitive data using data flow analysis across a code base, monitoring flow of the data during application runtime, and responding to vulnerabilities according to a sensitive data characterization of the data. Identifying sensitive data includes processing a semantic description of the data in the application code and characterizing the sensitive data. Monitoring flow of the data includes: identifying and characterizing sensitive data through data usage, updating the characterization for the sensitive data through data usage, and enforcing security measures on the data according to the sensitive data characterization of the data.

Abstract: A system and method for monitoring and protecting sensitive data that includes identifying sensitive data and statically tracking sensitive data using data flow analysis across a code base, monitoring flow of the data during application runtime, and responding to vulnerabilities according to a sensitive data characterization of the data. Identifying sensitive data includes processing a semantic description of the data in the application code and characterizing the sensitive data. Monitoring flow of the data includes: identifying and characterizing sensitive data through data usage, updating the characterization for the sensitive data through data usage, and enforcing security measures on the data according to the sensitive data characterization of the data.

Abstract: A system and method for application security profiling that includes extracting a code property graph from at least a subset of a code base; generating a code profile from the code property graph, wherein generating the code profile occurs prior to a compilation of the code base; and applying the code profile, comprising of identifying sections of interest within the code base.

Abstract: A system and method for application security profiling that includes extracting a code property graph from at least a subset of a code base; generating a code profile from the code property graph, wherein generating the code profile occurs prior to a compilation of the code base; and applying the code profile, comprising of identifying sections of interest within the code base.

Abstract: A method and system for security flow analysis of application code comprising: detecting data flows in a code base; and extracting an information flow, comprising determining a primary data flow by identifying a data flow that contains exposed data, and extending the primary data flow through descriptor data flows, wherein the descriptor data flows are associated with the set of data tracked by the primary data flow; wherein the information flow is a high level flow description that exposes the application code vulnerabilities based on the primary data flow and all associated descriptor data flows.

Abstract: A system and method for monitoring and protecting sensitive data that includes identifying sensitive data and statically tracking sensitive data using data flow analysis across a code base, monitoring flow of the data during application runtime, and responding to vulnerabilities according to a sensitive data characterization of the data. Identifying sensitive data includes processing a semantic description of the data in the application code and characterizing the sensitive data. Monitoring flow of the data includes: identifying and characterizing sensitive data through data usage, updating the characterization for the sensitive data through data usage, and enforcing security measures on the data according to the sensitive data characterization of the data.

Abstract: A system and method for application security profiling that includes extracting a code property graph from at least a subset of a code base; generating a code profile from the code property graph, wherein generating the code profile occurs prior to a compilation of the code base; and applying the code profile, comprising of identifying sections of interest within the code base.