Abstract: A method of security testing a web application is presented. The method identifies a web application to be tested, determines potential security vulnerabilities of the web application, generates one or more security tests for testing the potential vulnerabilities, and executes the security test on the web application. The results of the security testing are then used to make the web application less vulnerable to security attacks.

Abstract: A system and method protects security of data. The data is packaged together with one or more permissions that designate what actions are allowed with respect to the data. The package can be opened when there is approval for doing so and the allowed permissions are maintained. The data is stored within a vault and there are a number of available security procedures that prevent the unauthorized access of the data.

Abstract: A computer determines whether a proposed mathematical model and computational requests made upon the model are well posed. The computer includes a program that determines whether the model is consistent and suggests at least one alternative consistent model if the proposed model is inconsistent. The program also determines whether a computational request is allowable and suggests at least one alternative allowable computational request if an initial computational request is unallowable.

Abstract: The present invention provides a method of testing Web Services as software components. The present invention provides a method by which a Web Service is located on a remote system. After the Web Service has been located, tests are generated for exercising the various methods of the Web Service. The tests are run, exercising the Web Service, and the results are made available to verify the performance of the Web Service.

Abstract: A System for providing data security in a first device driver operably installed in a computer operating system having a layered plurality of device drivers (81, 82, 83, 84) for accessing data in a data storage device. The first device driver detects an I/O request, and determines whether the first device driver is functionally uppermost in the layered plurality of device drivers. If the first device driver is functionally uppermost in the layered plurality of device drivers, the method performs the I/O request (80) in the first device driver. If the device driver is not functionally uppermost in the layered plurality of device drivers, the method denies the I/O request in the first device driver, and allows the I/O request to be performed by the next lowest-level driver in the layered plurality of device drivers.

Abstract: A registry monitoring method particularly applicable to a system (100) in which protected data is transmitted to a recipient computer. The method comprises requesting a handle for a registry key to a calling process, requesting a registry key value for the handle, modifying and deleting keys and values of protected data locations, and obtaining security clearance to complete the requests by checking secured process lists and rejection lists. Also included are a registry monitoring system, a secured data transmission system including registry monitorings, a machine-readable medium comprising a program to monitor a registry (110), and a computer configured to monitor a registry (110).

Abstract: A system and method for communicating a package of information. The system comprises a machine readable medium having information packaging software that generates a computer executable file (FIG. 1, 14) comprising a package of information. The packet information comprises the file of data and encryption software. The system communicates the package of information over a network (FIG. 1, 16) that is in communication with a machine readable medium. A client computer system (FIG. 1, 17) in communication with the network is adapted to receive the package of information and execute the computer executable. The computer system has a client permissions database (FIG. 1, 20) and a vault adapted to receive the package of information.

Abstract: A system for testing middleware of applications in the N-tiered model. The test system contains test code generators, test engines to execute multiple copies of the test code and a data analyzer to analyze and present the results to a human user. The system is able to automatically generate test code to exercise components of the middleware using information about these components that would otherwise be available to the application under test. Multiple copies of the test code are executed in a synchronized fashion. Execution times of multiple events are recorded and then presented in one of several formats. With the system, an application developer can identify components that represent performance bottlenecks or can gather information on deployment properties of individual components that can be used to enhance the performance of the application under test.

Abstract: A system for remotely testing middleware of applications in the N-tiered model across a network. The test system contains test code generators, test engines to execute multiple copies of the test code and a data analyzer to analyze and present the results to a human user. The system is able to automatically generate test code to exercise remotely located components of the middleware using information about these components that would otherwise be available to the application under test. Multiple copies of the test code are executed in a synchronized fashion. Execution times of multiple events are recorded and then presented in one of several formats. By use of the system, an application developer can receive test results about components that represent performance bottlenecks or can be made aware of information on deployment properties of individual components that can be used to enhance the performance of the application under test.

Abstract: A method for providing data security in a device driver for accessing data. The device driver detects a file system request, completes the file system request, and receives return information from the file system request. The device driver further determines whether the file system request is for a tag file associated with a secured file; and if so, modifies the return information to reflect a file attribute of the secured file.

Abstract: A system for testing middleware of applications in the N-tiered model. The test system contains test code generators, test engines to execute multiple copies of the test code and a data analyzer to analyze and present the results to a human user. The system is able to automatically generate test code to exercise components of the middleware using information about these components that would otherwise be available to the application under test. Multiple copies of the test code are executed in a synchronized fashion. Execution times of multiple events are recorded and then presented in one of several formats. With the system, an application developer can identify components that represent performance bottlenecks or can gather information on deployment properties of individual components that can be used to enhance the performance of the application under test.

Abstract: A system that provides easy testing of software objects and reduces the burden on a program developer for maintaining a test system is presented. The system accepts as an input objects and automatically creates test drivers for these objects. The test objects are provided to a test bed comprising an application server where the objects are tested by application of the test drivers. In a preferred embodiment, the test bed comprises a collection of application servers. An application service provider provides the system test driver and the test bed. Access to the test system is provided by passing a representing of the object under test to the application service provided through a network interface. The application service provider provides test services on a fee for service basis.

Abstract: The present invention to provide correctly ordered test code in order to effectively test software designs. There are software diagramming tools on the market today that capture software designs in a standard meta-language (UML). This software provides sequence diagrams that relate to the software component being analyzed. The UML sequence diagrams expose enough semantic content to allow the generation of test code correctly ordered. Since all of the objects are modeled consistently, the data requirements of the software component can also be determined. As a result, the generated test code is correctly ordered, thereby providing a more accurate, useful and real-world testing environment of the software component.

Abstract: A file system security driver and vault method and system particularly applicable to a system in which protected data is segregated from other data, which allows for back-channeling of file data in order to ensure that files created by applications using secured data do not cause data leaks of secure data. In a preferred embodiment, a file system security driver is a driver resident on the kernel level which monitors file system requests and allows limited access to files resident on the vault and creation of files within the vault when necessary.

Abstract: A system for testing middleware of applications in the N-tiered model. The test system contains test code generators, test engines to execute multiple copies of the test code and a data analyzer to analyze and present the results to a human user. The system is able to automatically generate test code to exercise components of the middleware using information about these components that would otherwise be available to the application under test. Multiple copies of the test code are executed in a synchronized fashion. Execution times of multiple events are recorded and then presented in one of several formats. With the system, an application developer can identify components that represent performance bottlenecks or can gather information on deployment properties of individual components that can be used to enhance the performance of the application under test.

Abstract: A method of security testing a web application is presented. The method identifies a web application to be tested, determines potential security vulnerabilities of the web application, generates one or more security tests for testing the potential vulnerabilities, and executes the security test on the web application. The results of the security testing are then used to make the web application less vulnerable to security attacks.

Abstract: A shared memory blocking method and particularly applicable to a system in which protected data is transmitted to a recipient computer. The method comprises reserving a memory page for a requesting application, committing a memory page to the requesting application's address space, which call may be made by the process providing the page reserve call or by a subsequent process, and providing security checks to complete the requests. The security checks include determining whether the process is secured by consulting a secured process list and determining whether the page is shared by consulting a shared memory list. Further disclosed are a computer readable medium and computer programmed to block shared memory, shared memory blocking system and secured data transmission system.

Abstract: The present invention provides a method of testing Web Services as software components. The present invention provides a method by which a Web Service is located on a remote system. After the Web Service has been located, tests are generated for exercising the various methods of the Web Service. The tests are run, exercising the Web Service, and the results are made available to verify the performance of the Web Service.

Abstract: The present invention to provide correctly ordered test code in order to effectively test software designs. There are software diagramming tools on the market today that capture software designs in a standard meta-language (UML). This software provides sequence diagrams that relate to the software component being analyzed. The UML sequence diagrams expose enough semantic content to allow the generation of test code correctly ordered. Since all of the objects are modeled consistently, the data requirements of the software component can also be determined. As a result, the generated test code is correctly ordered, thereby providing a more accurate, useful and real-world testing environment of the software component.

Abstract: A method and apparatus are provided that enhance file system calls to a file system structure of an operating system. In particular, file system calls can be enhanced to provide real-time secure file deletion on an ongoing basis. A file system call that is intended to perform a function with respect to data stored on a storage device is intercepted. It is then determined whether the file system call is of a type that should be processed. If not, the original file system call is passed on through the file system. If the file system call should be processed, supplemental processing is performed to enhance the original file system call and the file system call is transparently returned to the calling system application. In embodiment, real-time secure file deletion is implemented using a vendor supplied driver (VSD) executing within the installable file system (IFS) of WINDOWS 95. Further, a method and system are disclosed for real-time secure data deletion in a system having an NTFS file system.