Abstract: A method, a computer program product and an apparatus for online detection of command injection attacks in a computerized system. The method comprises determining that an input of a potential input provisioning event received from a network includes a command separator and an executable product and recording a suspicious record event. The method further comprises determining that an execution command configured to be executed a potential execution event correlates to the suspicious record event and in response to said determining flagging the execution command as a command injection attack. The method further comprises performing a remedial action with respect to the flagged command injection attack prior to attempting to execute the execution command.

Abstract: A method, system and product for command injection identification. An input hook function is configured to be executed in response to a potential input provisioning event. The input hook function is configured to perform: analyzing a potential input of the potential input provisioning event to identify whether the potential input comprises a command separator and an executable product; and in response to identifying the command separator and the executable product, recording a suspicious input event indicating the command separator and the executable product. An execution hook function is configured to be executed in response to a potential execution event. The execution hook function is configured to perform: in response to a determination that an execution command of the potential execution event comprises the command separator and the executable product of the suspicious input event, flagging the execution command as a command injection attack.

Abstract: A method, system and product for detecting firmware vulnerabilities, including, during a testing phase of a firmware of a device, continuously polling states and activities of the device, wherein said polling is at a testing agent that is functionality separate from the firmware; correlating between at least one event that is associated with the states or the activities of the device and test results of the testing phase; based on said correlating, determining for the firmware one or more normal events and one or more abnormal events; and after the testing phase, providing indications of the one or more normal events and one or more abnormal events from the testing agent to a runtime agent, whereby said providing enables the runtime agent to protect the firmware from vulnerabilities associated with the one or more abnormal events.

Abstract: A method, system and product for command injection identification. An input hook function is configured to be executed in response to a potential input provisioning event. The input hook function is configured to perform: analyzing a potential input of the potential input provisioning event to identify whether the potential input comprises a command separator and an executable product; and in response to identifying the command separator and the executable product, recording a suspicious input event indicating the command separator and the executable product. An execution hook function is configured to be executed in response to a potential execution event. The execution hook function is configured to perform: in response to a determination that an execution command of the potential execution event comprises the command separator and the executable product of the suspicious input event, flagging the execution command as a command injection attack.

Abstract: A method, system and product for command injection identification. An input hook function is configured to be executed in response to a potential input provisioning event. The input hook function is configured to perform: analyzing a potential input of the potential input provisioning event to identify whether the potential input comprises a command separator and an executable product; and in response to identifying the command separator and the executable product, recording a suspicious input event indicating the command separator and the executable product. An execution hook function is configured to be executed in response to a potential execution event. The execution hook function is configured to perform: in response to a determination that an execution command of the potential execution event comprises the command separator and the executable product of the suspicious input event, flagging the execution command as a command injection attack.

Abstract: A method, system and product for command injection identification. An input hook function is configured to be executed in response to a potential input provisioning event. The input hook function is configured to perform: analyzing a potential input of the potential input provisioning event to identify whether the potential input comprises a command separator and an executable product; and in response to identifying the command separator and the executable product, recording a suspicious input event indicating the command separator and the executable product. An execution hook function is configured to be executed in response to a potential execution event. The execution hook function is configured to perform: in response to a determination that an execution command of the potential execution event comprises the command separator and the executable product of the suspicious input event, flagging the execution command as a command injection attack.

Abstract: A method, system and product for detecting firmware vulnerabilities, including, during a testing phase of a firmware of a device, continuously polling states and activities of the device, wherein said polling is at a testing agent that is functionality separate from the firmware; correlating between at least one event that is associated with the states or the activities of the device and test results of the testing phase; based on said correlating, determining for the firmware one or more normal events and one or more abnormal events; and after the testing phase, providing indications of the one or more normal events and one or more abnormal events from the testing agent to a runtime agent, whereby said providing enables the runtime agent to protect the firmware from vulnerabilities associated with the one or more abnormal events.

Abstract: It is often desired to add or change the functionality of an existing executable, also known as binary. Simply splicing in new machine code into the binary will not work due to host system-specific and platform-specific limitations. The present invention will enable adding any new code to an existing program while overcoming the aforementioned consistency limitations and maintaining the original functionality.

Abstract: The huge market of smartphones demands a vast number of applications with varying capabilities. For this, it is desirable that capabilities of two or more pieces of executables will be delivered together. However, several operation systems, such as Apple iOS, do not allow downloading an application with more than one binary executable file. The purpose of this invention is to allow merging of several, two or more, pieces of binary executables, without an access to any of which source code. The merging process will handle the addressing environment required for correct code operation—creating a single virtual memory space and adapting the binding addresses, offset addresses and base addresses. This will enable executing all desired functionality from a single piece of a binary executable which can be downloaded as a single application from the app store. Problems of existing mobile OSes for application downloading will be resolved.

Abstract: In the new personal computing devices, smart phones and tablets, there is a huge variety of applications from multiple sources. The quality and security of these applications is unknown and it is not under the control of the user or the company the user is working for. Controlling what an application can do with data on such devices is impossible due to the number of applications s and the sources from which they are originating. The present invention will describe a method for providing a data protection under such conditions, especially for corporate data.

Abstract: The huge market of smartphones demands a vast number of applications with varying capabilities. For this, it is desirable that capabilities of two or more pieces of executables will be delivered together. However, several operation systems, such as Apple iOS, do not allow downloading an application with more than one binary executable file. The purpose of this invention is to allow merging of several, two or more, pieces of binary executables, without an access to any of which source code. The merging process will handle the addressing environment required for correct code operation—creating a single virtual memory space and adapting the binding addresses, offset addresses and base addresses. This will enable executing all desired functionality from a single piece of a binary executable which can be downloaded as a single application from the app store. Problems of existing mobile OSes for application downloading will be resolved.

Abstract: It is often desired to add or change the functionality of an existing executable, also known as binary. Simply splicing in new machine code into the binary will not work due to host system-specific and platform-specific limitations. The present invention will enable adding any new code to an existing program while overcoming the aforementioned consistency limitations and maintaining the original functionality.