Patents by Inventor Maty Siman
Maty Siman has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11836258Abstract: A method for software code analysis includes receiving source code of an application program, which includes one or more calls from respective entry points in the source code to a library program. The source code is automatically analyzed in order to generate a first data flow graph (DFG), representing a flow of data to be engendered upon running the application program. One or more vulnerabilities are identified in the library program. The library program is automatically analyzed to generate a second DFG linking at least one of the entry points in the source code to at least one of the vulnerabilities. The first DFG is combined with the second DFG in order to track the flow of data from the application program to the at least one of the vulnerabilities and to report at least one of the vulnerabilities as being exploitable.Type: GrantFiled: July 22, 2021Date of Patent: December 5, 2023Assignee: CHECKMARX LTD.Inventors: Maty Siman, Or Chen
-
Publication number: 20220067173Abstract: A system includes an output device and a processor. The processor is configured to analyze a software system, which includes an application subsystem and a configuration subsystem, so as to generate an output describing (i) one or more operations performed by the application subsystem, and (ii) one or more configurations for the application subsystem, which are provided by the configuration subsystem. The processor is further configured to identify, based on the output, at least one flaw in the software system that results from a combination of the operations with the configurations, and to output via the output device, in response to identifying the flaw, an indication of the flaw. Other embodiments are also described.Type: ApplicationFiled: August 15, 2021Publication date: March 3, 2022Inventors: Maty Siman, Alexander Roichman
-
Publication number: 20220035928Abstract: A method for software code analysis includes receiving source code of an application program, which includes one or more calls from respective entry points in the source code to a library program. The source code is automatically analyzed in order to generate a first data flow graph (DFG), representing a flow of data to be engendered upon running the application program. One or more vulnerabilities are identified in the library program. The library program is automatically analyzed to generate a second DFG linking at least one of the entry points in the source code to at least one of the vulnerabilities. The first DFG is combined with the second DFG in order to track the flow of data from the application program to the at least one of the vulnerabilities and to report at least one of the vulnerabilities as being exploitable.Type: ApplicationFiled: July 22, 2021Publication date: February 3, 2022Inventors: Maty Siman, Or Chen
-
Patent number: 11170113Abstract: A method for testing a software application program (22) includes storing in a vulnerability database records of security vulnerabilities identified in execution of the program. Each record includes a location field containing a respective signature indicative of a location in the execution at which a corresponding security vulnerability was detected and a metadata field indicative of a respective control flow path on which the corresponding security vulnerability occurred. Upon detecting a further security vulnerability at a given location in a subsequent execution of the program, a new signature of the given location is computed and compared to the location field of the records in the database. When no record is found to match the new signature, an indication is output to a developer of the program of an occurrence of a new security vulnerability.Type: GrantFiled: January 1, 2018Date of Patent: November 9, 2021Assignee: CHECKMARX LTD.Inventors: Maty Siman, Alexander Roichman, Shimon Eshkenazi
-
Patent number: 11087002Abstract: A computer program is evaluated for security vulnerabilities by formulating a query in a query language and receiving into a memory of a computer source code of the computer program to be analyzed, preparing a data flow graph from the source code, and determining that the query is satisfied by an analysis of the data flow graph. Alternatively, the computer program is evaluated by collecting runtime events during an execution of binary code and determining that the query is satisfied by an analysis of the runtime events. In either case a security vulnerability is reported.Type: GrantFiled: May 8, 2018Date of Patent: August 10, 2021Assignee: CHECKMARX LTD.Inventors: Maty Siman, Alexander Roichman, Shimon Eshkenazi
-
Publication number: 20190325145Abstract: A method for testing a software application program (22) includes storing in a vulnerability database records of security vulnerabilities identified in execution of the program. Each record includes a location field containing a respective signature indicative of a location in the execution at which a corresponding security vulnerability was detected and a metadata field indicative of a respective control flow path on which the corresponding security vulnerability occurred. Upon detecting a further security vulnerability at a given location in a subsequent execution of the program, a new signature of the given location is computed and compared to the location field of the records in the database. When no record is found to match the new signature, an indication is output to a developer of the program of an occurrence of a new security vulnerability.Type: ApplicationFiled: January 1, 2018Publication date: October 24, 2019Inventors: Maty Siman, Alexander Roichman, Shimon Eshkenazi
-
Patent number: 10387656Abstract: A method for testing a software application program includes recording a sequence of functional tests that are applied to the program and automatically identifying and collapsing sessions within the recorded functional tests. Modified tests are created by replacing parameters in the collapsed sessions with malicious inputs. The modified tests are applied to the program in order to detect security vulnerabilities in the program.Type: GrantFiled: March 9, 2017Date of Patent: August 20, 2019Assignee: Checkmarx Ltd.Inventors: Alexander Roichman, Maty Siman, Shimon Eshkenazi
-
Publication number: 20180330102Abstract: A computer program is evaluated for security vulnerabilities by formulating a query in a query language and receiving into a memory of a computer source code of the computer program to be analyzed, preparing a data flow graph from the source code, and determining that the query is satisfied by an analysis of the data flow graph. Alternatively, the computer program is evaluated by collecting runtime events during an execution of binary code and determining that the query is satisfied by an analysis of the runtime events. In either case a security vulnerability is reported.Type: ApplicationFiled: May 8, 2018Publication date: November 15, 2018Inventors: Maty Siman, Alexander Roichman, Shimon Eshkenazi
-
Patent number: 10120997Abstract: A method for runtime self-protection of an application program includes, before running the application program, identifying input and output points in runtime code (24) of the program. The input points are instrumented so as to cause the program to sense and cache potentially malicious inputs to the program. The output points are instrumented so as to cause the program to detect outputs from the program corresponding to the cached inputs. While running the application program, upon detecting, at an instrumented output point, an output corresponding to a cached input, a vulnerability of a target of the output to the cached input is evaluated. A protective action is invoked upon determining that the output is potentially vulnerable to the cached input.Type: GrantFiled: December 24, 2015Date of Patent: November 6, 2018Assignee: CHECKMARX LTD.Inventors: Shimon Eshkenazi, Maty Siman, Alexander Roichman
-
Publication number: 20180107821Abstract: A method for runtime self-protection of an application program includes, before running the application program, identifying input and output points in runtime code (24) of the program. The input points are instrumented so as to cause the program to sense and cache potentially malicious inputs to the program. The output points are instrumented so as to cause the program to detect outputs from the program corresponding to the cached inputs. While running the application program, upon detecting, at an instrumented output point, an output corresponding to a cached input, a vulnerability of a target of the output to the cached input is evaluated. A protective action is invoked upon determining that the output is potentially vulnerable to the cached input.Type: ApplicationFiled: December 24, 2015Publication date: April 19, 2018Applicant: CHECKMARX LTD.Inventors: Shimon Eshkenazi, Maty Siman, Alexander Roichman
-
Publication number: 20170270303Abstract: A method for testing a software application program includes recording a sequence of functional tests that are applied to the program and automatically identifying and collapsing sessions within the recorded functional tests. Modified tests are created by replacing parameters in the collapsed sessions with malicious inputs. The modified tests are applied to the program in order to detect security vulnerabilities in the program.Type: ApplicationFiled: March 9, 2017Publication date: September 21, 2017Inventors: Alexander Roichman, Maty Siman, Shimon Eshkenazi
-
Publication number: 20150332055Abstract: A tool (22) automatically analyzes application source code (16) for application level vulnerabilities. The tool integrates seamlessly into the software development process, so vulnerabilities are found early in the software development life cycle, when removing the defects is far cheaper than in the post-production phase. Operation of the tool is based on static analysis, but makes use of a variety of techniques, for example methods of dealing with obfuscated code.Type: ApplicationFiled: July 28, 2015Publication date: November 19, 2015Inventor: Maty Siman
-
Patent number: 9141806Abstract: A method for software code analysis includes automatically processing a body of software source code (23) by a computer (22) in order to identify a group of sequences of instructions that are characterized by a common pattern. A sequence within the group containing a deviation from a norm of the common pattern is found and reported as a potential vulnerability in the software source code.Type: GrantFiled: August 22, 2011Date of Patent: September 22, 2015Assignee: CHECKMARX LTD.Inventor: Maty Siman
-
Patent number: 9128728Abstract: A tool (22) automatically analyzes application source code (16) for application level vulnerabilities. The tool integrates seamlessly into the software development process, so vulnerabilities are found early in the software development life cycle, when removing the defects is far cheaper than in the post-production phase. Operation of the tool is based on static analysis, but makes use of a variety of techniques, for example methods of dealing with obfuscated code.Type: GrantFiled: February 21, 2013Date of Patent: September 8, 2015Assignee: CHECKMARX LTD.Inventor: Maty Siman
-
Publication number: 20150244737Abstract: A method for software code analysis includes receiving in a computer (36), from a requester, an item of active content to be played on client devices. The computer automatically analyzes source code of the item in order to generate a data flow graph, representing a flow of information to be engendered in the client devices playing the item. It automatically processes the source code and the data flow graph in order to detect elements in the flow of the information that deviate from a predefined set of norms, and reports deviations from one or more of the norms to the requester.Type: ApplicationFiled: September 22, 2013Publication date: August 27, 2015Inventor: Maty Siman
-
Publication number: 20130239219Abstract: A method for software code analysis includes automatically processing a body of software source code (23) by a computer (22) in order to identify a group of sequences of instructions that are characterized by a common pattern. A sequence within the group containing a deviation from a norm of the common pattern is found and reported as a potential vulnerability in the software source code.Type: ApplicationFiled: August 22, 2011Publication date: September 12, 2013Applicant: CHECKMARX LTD.Inventor: Maty Siman
-
Publication number: 20100083240Abstract: A tool (22) automatically analyzes application source code (16) for application level vulnerabilities. The tool integrates seamlessly into the software development process, so vulnerabilities are found early in the software development life cycle, when removing the defects is far cheaper than in the post-production phase. Operation of the tool is based on static analysis, but makes use of a variety of techniques, for example methods of dealing with obfuscated code.Type: ApplicationFiled: October 15, 2007Publication date: April 1, 2010Applicant: CHECKMARX LTDInventor: Maty Siman