Abstract: A computer-implemented method includes obtaining, by a processor, existing security information for static application security testing (SAST). The method also includes using, by the processor, the existing security information to discover, by a machine capable of learning, new security information. The method also includes improving, by the processor, security of a computer using the new security information.

Abstract: A computer-implemented method for security scanning application code includes executing, via a processor, a full scan of the application code and generating a program intermediate representation (IR) and a list of security findings determined by the full scan. The processor executes an incremental scan of the application code after at least one change to the application code, and identifies at least one changed file in the application code. The processor then generates an incremental intermediate representation (IR) based at least in part on the at least one changed file. The processor merges the saved scan state and the incremental IR, produces a merged scan state, and outputs security findings based at least in part on the merged scan state and the incremental IR.

Abstract: Vulnerability testing of applications may include one or more of identifying a number of paths from a software application being tested, identifying a number of nodes associated with the paths, determining one or more of the paths which share one or more of the nodes, designating the paths which share the nodes as overlapping paths, and displaying the overlapping paths and the shared nodes as an interactive visualization to identify to identify optimal locations to fix one or more vulnerability findings.

Abstract: A computer-implemented method includes obtaining, by a processor, existing security information for static application security testing (SAST). The method also includes using, by the processor, the existing security information to discover, by a machine capable of learning, new security information. The method also includes improving, by the processor, security of a computer using the new security information.

Abstract: A computer-implemented method includes obtaining, by a processor, existing security information for static application security testing (SAST). The method also includes using, by the processor, the existing security information to discover, by a machine capable of learning, new security information. The method also includes improving, by the processor, security of a computer using the new security information.

Abstract: A source code processing application may process source code and realize the results of the code in a map configuration. In one example, the map may be displayed with a number of stations and pathways between the stations to illustrate associations with classes of the source code. An example method of operation may include one or more of retrieving source code comprising a class from memory, processing the source code to identify an error associated with the class, creating a map with a station linked to the error, and displaying the map on a device.

Abstract: Vulnerability testing of applications may include one or more of identifying a number of paths from a software application being tested, identifying a number of nodes associated with the paths, determining one or more of the paths which share one or more of the nodes, designating the paths which share the nodes as overlapping paths, and displaying the overlapping paths and the shared nodes as an interactive visualization to identify to identify optimal locations to fix one or more vulnerability findings.

Abstract: A source code processing application may process source code and realize the results of the code in a map configuration. In one example, the map may be displayed with a number of stations and pathways between the stations to illustrate associations with classes of the source code. An example method of operation may include one or more of retrieving source code comprising a class from memory, processing the source code to identify an error associated with the class, creating a map with a station linked to the error, and displaying the map on a device.

Abstract: A source code processing application may process source code and realize the results of the code in a map configuration. In one example, the map may be displayed with a number of stations and pathways between the stations to illustrate associations with classes of the source code. An example method of operation may include one or more of retrieving source code comprising a class from memory, processing the source code to identify an error associated with the class, creating a map with a station linked to the error, and displaying the map on a device.

Abstract: A computer-implemented method includes obtaining, by a processor, existing security information for static application security testing (SAST). The method also includes using, by the processor, the existing security information to discover, by a machine capable of learning, new security information. The method also includes improving, by the processor, security of a computer using the new security information.

Abstract: A computer-implemented method for security scanning application code includes executing, via a processor, a full scan of the application code and generating a program intermediate representation (IR) and a list of security findings determined by the full scan. The processor executes an incremental scan of the application code after at least one change to the application code, and identifies at least one changed file in the application code. The processor then generates an incremental intermediate representation (IR) based at least in part on the at least one changed file. The processor merges the saved scan state and the incremental IR, produces a merged scan state, and outputs security findings based at least in part on the merged scan state and the incremental IR.

Abstract: A source code processing application may process source code and realize the results of the code in a map configuration. In one example, the map may be displayed with a number of stations and pathways between the stations to illustrate associations with classes of the source code. An example method of operation may include one or more of retrieving source code comprising a class from memory, processing the source code to identify an error associated with the class, creating a map with a station linked to the error, and displaying the map on a device.

Abstract: A computer-implemented method, computer program product, and computing system is provided for reporting security vulnerabilities. In an embodiment, a method may include receiving a set of potential security vulnerabilities associated with a program. The method may also include filtering the set of potential security vulnerabilities by eliminating one or more spurious security vulnerabilities to generate a set of likely security vulnerabilities. The method may further include consolidating the set of likely security vulnerabilities into one or more solution categories, each of the one or more solutions categories defining a solution for remedying each of the likely security vulnerabilities within the solution category.

Abstract: A computer-implemented method, computer program product, and computing system is provided for reporting security vulnerabilities. In an embodiment, a method may include receiving a set of potential security vulnerabilities associated with a program. The method may also include filtering the set of potential security vulnerabilities by eliminating one or more spurious security vulnerabilities to generate a set of likely security vulnerabilities. The method may further include consolidating the set of likely security vulnerabilities into one or more solution categories, each of the one or more solutions categories defining a solution for remedying each of the likely security vulnerabilities within the solution category.

Abstract: Verifying application security vulnerabilities includes receiving a source code to analyze, performing a static analysis using the received source code and generating a vulnerability call trace for the received source code. Responsive to a determination that all static analysis results are not validated, mock objects are generated using the vulnerability call trace and a unit test is created using the generated mock objects. The unit test is executed using the generated mock objects and responsive to a determination that an identified vulnerability was validated; a next static analysis result is selected. Responsive to a determination that all static analysis results are validated, results and computed unit tests are reported.

Abstract: Verifying application security vulnerabilities includes receiving a source code to analyze, performing a static analysis using the received source code and generating a vulnerability call trace for the received source code. Responsive to a determination that all static analysis results are not validated, mock objects are generated using the vulnerability call trace and a unit test is created using the generated mock objects. The unit test is executed using the generated mock objects and responsive to a determination that an identified vulnerability was validated; a next static analysis result is selected. Responsive to a determination that all static analysis results are validated, results and computed unit tests are reported.

Abstract: Verifying application security vulnerabilities includes receiving a source code to analyze, performing a static analysis using the received source code and generating a vulnerability call trace for the received source code. Responsive to a determination that all static analysis results are not validated, mock objects are generated using the vulnerability call trace and a unit test is created using the generated mock objects. The unit test is executed using the generated mock objects and responsive to a determination that an identified vulnerability was validated; a next static analysis result is selected. Responsive to a determination that all static analysis results are validated, results and computed unit tests are reported.

Abstract: Verifying application security vulnerabilities includes receiving a source code to analyze, performing a static analysis using the received source code and generating a vulnerability call trace for the received source code. Responsive to a determination that all static analysis results are not validated, mock objects are generated using the vulnerability call trace and a unit test is created using the generated mock objects. The unit test is executed using the generated mock objects and responsive to a determination that an identified vulnerability was validated; a next static analysis result is selected. Responsive to a determination that all static analysis results are validated, results and computed unit tests are reported.

Abstract: Systems and methods are provided for creating a data structure associated with a software application that is based on at least one framework. According to the method, source code and at least one configuration file of the software application is analyzed by at least one framework-specific processor so as to determine entry point information indicating entry points in the source code, request attribute access information indicating where attributes attached to a request data structure are read and written, and forward information indicating forwards performed by the software application. A data structure for a static analysis engine is created based on this information. The data structure includes a list of synthetic methods that model framework-related behavior of the software application, and a list of entry points indicating the synthetic methods and/or application methods of the software application that can be invoked by the framework.

Abstract: Systems and methods are provided for creating a data structure associated with a software application that is based on at least one framework. According to the method, source code and at least one configuration file of the software application is analyzed by at least one framework-specific processor so as to determine entry point information indicating entry points in the source code, request attribute access information indicating where attributes attached to a request data structure are read and written, and forward information indicating forwards performed by the software application. A data structure for a static analysis engine is created based on this information. The data structure includes a list of synthetic methods that model framework-related behavior of the software application, and a list of entry points indicating the synthetic methods and/or application methods of the software application that can be invoked by the framework.