Abstract: Mechanisms are provided for correlating security vulnerability detection across multiple applications. The mechanisms perform a security vulnerability analysis of first source code of a first application, and identify, based on results of the security vulnerability analysis, a security vulnerability in a first portion of the first source code. The mechanisms associate characteristics of the security vulnerability with the first portion, and correlate the characteristics of the security vulnerability with second source code of a second application based on the association of the characteristics of the security vulnerability with the first portion. In addition, the mechanisms generate an output to a computing device of a consumer or contributor associated with the second source code identifying a presence of the security vulnerability in the second source code based on the correlation.

Abstract: Mechanisms are provided for correlating security vulnerability detection across multiple applications. The mechanisms perform a security vulnerability analysis of first source code of a first application, and identify, based on results of the security vulnerability analysis, a security vulnerability in a first portion of the first source code. The mechanisms associate characteristics of the security vulnerability with the first portion, and correlate the characteristics of the security vulnerability with second source code of a second application based on the association of the characteristics of the security vulnerability with the first portion. In addition, the mechanisms generate an output to a computing device of a consumer or contributor associated with the second source code identifying a presence of the security vulnerability in the second source code based on the correlation.

Abstract: A computer-implemented method and/or computer program product selectively assigns a task using a hybrid task assignment process. One or more processors direct a working hardware node in a network to crawl a particular application, thus causing the working hardware node to encounter a task in the particular application. The processor(s) selectively handle the task according to whether the task is reserved for dynamic assignment to an other hardware node in the network, such that in response to a determination that the task encountered is not reserved, the task is handled by the working hardware node that is crawling the particular application, and in response to a determination that the task encountered is reserved, the task encountered is sent to a central unit for dynamic assignment to the other hardware node in the network.

Abstract: Preliminary program analysis of an executable may be performed. A security vulnerability level of a portion of the executable may be determined based on the preliminary program analysis. The security vulnerability level of the portion may be compared to a security vulnerability threshold. The precision of runtime monitoring of the portion may be tuned based on the comparison.

Abstract: Mechanisms are provided for correlating security vulnerability detection across multiple applications. The mechanisms perform a security vulnerability analysis of first source code of a first application, and identify, based on results of the security vulnerability analysis, a security vulnerability in a first portion of the first source code. The mechanisms associate characteristics of the security vulnerability with the first portion, and correlate the characteristics of the security vulnerability with second source code of a second application based on the association of the characteristics of the security vulnerability with the first portion. In addition, the mechanisms generate an output to a computing device of a consumer or contributor associated with the second source code identifying a presence of the security vulnerability in the second source code based on the correlation.

Abstract: A computer-implemented method for hybrid task assignment is presented. A working hardware node crawls a particular application and encounters a task. A mapping function is used to determine whether the task encountered is reserved. In response to a determination the task encountered is not reserved, the task is handled by the working node, and in response to a determination the task encountered is reserved, the task encountered is sent to a central unit. A determination is made as to whether the working node is idle. In response to a determination the working node is idle, another task is requested from the central unit by the working node. In response to a determination the working node is not idle, as determination is made as to whether all tasks are complete. In response to a determination all tasks are not complete, the task is handled by the working node.

Abstract: A computer system may identify a cryptographic application programming interface (API) call for a program. The cryptographic API call may include a first variable. The computer system may determine that the first variable is a static value. The computer system may tag the first variable. The computer system may determine that the cryptographic API call will be executed. The computer system may replace the first variable with a second variable during execution of the program. The computer system may execute the cryptographic API call with the second variable.

Abstract: Preliminary program analysis of an executable may be performed. A security vulnerability level of a portion of the executable may be determined based on the preliminary program analysis. The security vulnerability level of the portion may be compared to a security vulnerability threshold. The precision of runtime monitoring of the portion may be tuned based on the comparison.

Abstract: An embodiment for tracking JavaScript actions in a rich Internet application, receives a document object model (DOM) representative of a particular page of an application at a particular time and analyzes the DOM received to identify each JavaScript action on the particular page for which each JavaScript action identified, a JavaScript action characteristics ID is calculated and stored. Responsive to a determination multiple instances of a same ID exist, collecting a list of JavaScript actions corresponding to each ID corresponding to a multiple JavaScript action and removing from memory JavaScript action entries for the multiple instances of the same ID. A neighbor influence is computed for a member of the list of JavaScript actions remaining and the JavaScript action ID calculated for the member of the list of JavaScript actions remaining is stored. Responsive to a determination there are no more multiple JavaScript actions, return all JavaScript action IDs stored.

Abstract: Embodiments include method, systems and computer program products for automatic detection of an incomplete static analysis security assessment. In some embodiments, a method includes obtaining component versioning data associated with a build of an application. The method further includes determining, using the component versioning data associated with the build of the application, that a static analysis security assessment configuration of the application is incomplete. The method further includes, responsive to determining that the static analysis security assessment configuration of the application is incomplete, generating metadata indicating that at least a portion of the build of the application has been changed from a previous build of the application.

Abstract: Embodiments include method, systems and computer program products for automatic detection of an incomplete static analysis security assessment. In some embodiments, a method includes obtaining component versioning data associated with a build of an application. The method further includes determining, using the component versioning data associated with the build of the application, that a static analysis security assessment configuration of the application is incomplete. The method further includes, responsive to determining that the static analysis security assessment configuration of the application is incomplete, generating metadata indicating that at least a portion of the build of the application has been changed from a previous build of the application.

Abstract: A method for identifying client states, receives a set of paths representative of a document object model (DOM) associated with a web page of a rich internet application and for each path in the set of paths received, extracts a subtree, as subtree X, for a current path. The method traverses all known sub-paths under the current path and delete corresponding subtrees from subtree X and reads contents of and determines states of subtree X to form a state X. The state X is added to a set of current states and responsive to a determination no more paths exist, returns the set of current states of the rich internet application.

Abstract: A method for identifying client states, receives a set of paths representative of a document object model (DOM) associated with a web page of a rich internet application and for each path in the set of paths received, extracts a subtree, as subtree X, for a current path. The method traverses all known sub-paths under the current path and delete corresponding subtrees from subtree X and reads contents of and determines states of subtree X to form a state X. The state X is added to a set of current states and responsive to a determination no more paths exist, returns the set of current states of the rich internet application.

Abstract: A configuration for a security analysis tool is received from a user. The configuration includes two or more configuration items. Each configuration item is a parameter in the configuration of the security analysis tool that has a plurality of possible values. A correlation between the two or more configuration items is determined. The correlation is based on one or more pre-determined empirical correlations.

Abstract: An attack upon a web interface is detected in real-time. The web interface is one of many web interfaces across many ports across many computer systems within a network. Data on the attack is gathered. The attack data includes traffic data. Variants of the attack are determined based on data of the attack. The variants are selected from a predetermined set of attack variants. The attacked interface is scanned with the selected attack variants. The web interface is identified as vulnerable to at least one variant of the attack. In response to this identification, the attack is responded to without human intervention.

Abstract: Mechanisms are provided for correlating security vulnerability detection across multiple applications. The mechanisms perform a security vulnerability analysis of first source code of a first application, and identify, based on results of the security vulnerability analysis, a security vulnerability in a first portion of the first source code. The mechanisms associate characteristics of the security vulnerability with the first portion, and correlate the characteristics of the security vulnerability with second source code of a second application based on the association of the characteristics of the security vulnerability with the first portion. In addition, the mechanisms generate an output to a computing device of a consumer or contributor associated with the second source code identifying a presence of the security vulnerability in the second source code based on the correlation.

Abstract: A configuration for a security analysis tool is received from a user. The configuration includes two or more configuration items. Each configuration item is a parameter in the configuration of the security analysis tool that has a plurality of possible values. A correlation between the two or more configuration items is determined. The correlation is based on one or more pre-determined empirical correlations.

Abstract: Technical solutions are described for testing a computer program product. An example method includes intercepting an instance of a request sent for execution by the computer program product, the request being one from a plurality of requests in a sequential flow. The method also includes storing a unique identifier for the request, and initializing a current test request index in response to the request being a first instance of a starting request of the sequential flow. The method also includes selecting a test task from a set of test tasks corresponding to the request in response to determining that the request is a current test-request based on an index of the request matching the current test request index. The method also includes modifying the instance of the request according to the selected test task, and sending the modified instance of the request to the computer program product for execution.

Abstract: A method of classifying privacy relevance of an application programming interface (API) comprises analyzing a set of input applications to identify a plurality of custom APIs and generating a respective taint specification for each identified custom API. The method further comprises generating taint flows based on each taint specification and matching features and associated feature values from the taint flows to a set of feature templates. The method also comprises correlating the matched features and associated feature values with respective privacy relevance of the plurality of custom APIs to identify a set of privacy relevant features. The method further comprises detecting a candidate API, extracting features from the candidate API and comparing the extracted features to the set of privacy relevant features. Based on the comparison, a label is assigned to the candidate API indicating privacy relevance of the candidate API.

Abstract: A configuration for a security analysis tool is received from a user. The configuration includes two or more configuration items. Each configuration item is a parameter in the configuration of the security analysis tool that has a plurality of possible values. A correlation between the two or more configuration items is determined. The correlation is based on one or more pre-determined empirical correlations.