Abstract: A method for detecting malicious code in a stream of data traffic input (400) to a gateway in a data network by monitoring for suspicious data in the stream of data traffic (407). Upon detecting the suspicious data, an attempt is made to disassemble the suspicious data (403) and a treat weight is assigned for each instruction. The attempt to disassemble is initiated at initial instructions each with a different offset within the suspicious portion of data. The threat weights are accumulated respectively for each branch option in the disassembled code (403), producing respectively an accumulated threat weight for each branch option. When the accumulated threat weight exceeds a previously defined threshold level, an alert is generated and/or traffic is blocked from the source of the malicious code.

Abstract: Embodiments of the present invention provide systems, methods and computer program products for testing software in a virtual private environment. One embodiment of a method for testing software in a virtual private environment includes cloning an original computing environment into one or more virtual environments, wherein the one or more virtual environments have identical configurations to the original computing environment and contain one or more client applications. The method further comprises determining a private network IP address corresponding to a registration request from an end user and establishing a connection between the end user and the virtual private network. The private network IP address is routed to a first of one or more identical virtual environments. Access is then allowed to the first virtual environment in order to allow the end user to test the one or more client applications on the first virtual environment.

Abstract: A method for detecting malicious code in a stream of data traffic input (400) to a gateway in a data network by monitoring for suspicious data in the stream of data traffic (407). Upon detecting the suspicious data, an attempt is made to disas- semble the suspicious data (403) and a treat weight is assigned for each instruction. The attempt to disassemble is initiated at initial instructions each with a different offset within the suspicious portion of data. The threat weights are accumulated respectively for each branch option in the disassembled code (403), producing respectively an accumulated threat weight for each branch option. When the accumulated threat weight exceeds a previously defined threshold level, an alert is generated and/or traffic is blocked from the source of the malicious code.