Abstract: Embodiments of the present disclosure provide methods, systems, and computer program products for generating an input set for implementing security vulnerability testing of a software programs for authorized services. Object code of the software program is received, and the object code is disassembled to identify instructions. The instructions are analyzed to determine where specific input registers are referenced. Usage of values stored in the specific input registers when the software program is executed is determined for at least one of comparing against the values stored in the specific input registers for test or conditional branch logic, copying the values stored in the specific input registers, or referencing storage at a location defined by the values in the specific input registers. One or more arrays describing values of one or more possible or valid parameters are generated based on the usage to provide the input set.

Abstract: A system and method for identifying authorized job step programs. The process identifies a plurality of job step programs. It then identifies authorized program facility (APF) authorized programs from the plurality of job step programs. An output table of APF authorized program is generated. This table is used to submit at least one batch job using the output table. A list identifying which parameters in a parameter string contain an address for each APF program in the output table is generated. This list is then provided for program testing.

Abstract: Detecting security vulnerabilities through dynamic testing with canary programs is disclosed, including issuing, by a test tool, a call to an application one or more parameters that reference a canary program; determining, by the test tool, whether the application called the canary program; and logging, by the test tool, a security vulnerability of the application in response to determining that the application called the canary program.

Abstract: Detecting a security bypass through binary code analysis is disclosed, including identifying one or more binary files of an authorized program; determining, based on a static code analysis of the one or more binary files, that the authorized program includes a potential security bypass, wherein the potential security bypass includes a modification of a system control block; and generating, in response to determining that the authorized program includes a potential security bypass, a security report.

Abstract: Cyber security testing with automated system message processing for input and result determination is disclosed, including issuing, by a test tool, a call to an authorized service; identifying, by the test tool, one or more system-level error messages generated after issuing the call; determining, by the test tool based on at least one first system-level error message, a missing input for the call to the authorized service; and reissuing, by the test tool, the call to the authorized service with the missing input.

Abstract: A system and method for identifying authorized job step programs. The process identifies a plurality of job step programs. It then identifies authorized program facility (APF) authorized programs from the plurality of job step programs. An output table of APF authorized program is generated. This table is used to submit at least one batch job using the output table. A list identifying which parameters in a parameter string contain an address for each APF program in the output table is generated. This list is then provided for program testing.

Abstract: Aspects of the invention include receiving, by a processor, source code for a software program written in a first programming language. The received source code is converted into abstracted source code that is in a generic format that is different than a format of the first programming language. The abstracted source code is compared to known source code patterns. Based on determining that at least a subset of the abstracted source code matches a pattern in the known source code patterns, sending an alert to the user indicating that the received source code matches the pattern.

Abstract: A computer-implemented method for generating penetration tests automatically includes parsing an existing system test case, and identifying a particular program call in the system test case. The particular program call can require a particular data access authorization. The method further includes, in response to the system test case including the particular program call, generating a penetration test using a predetermined attack vector. The method further includes executing the penetration test and detecting an unauthorized access being performed during the penetration test. Further, the method includes responsively, sending a notification that identifies the particular program call.

Abstract: A method includes receiving test objective data indicates an objective to be achieved during a cybersecurity test of a target system. An attack tree is generated by processing the test objective data into attack tree data including a plurality of data parameter sets and links between data parameter sets. Complexity of the attack tree is analyzed based on the test objective data using a combinatorics model. The attack tree is reduced to achieve the objective of the cybersecurity test based on the analyzed complexity of the attack tree.

Abstract: Aspects of the invention include executing a first test case on a system, capturing a first state of the system during execution of the first test case, determining a first result of the first test case, performing a second execution of the first test case on the system in response to the first result of the first test case being an unexpected result, capturing a second state of the system during the second execution of the first test case, determining a second result of the first test case, analyzing the first state and the second state to determine a state similarity score, and categorizing the first result as a false positive based at least in part on the state similarity score being above a first threshold and a determination that the second result is a different result than the first result.

Abstract: Aspects of the invention include receiving, by a processor, source code for a software program written in a first programming language. The received source code is converted into abstracted source code that is in a generic format that is different than a format of the first programming language. The abstracted source code is compared to known source code patterns. Based on determining that at least a subset of the abstracted source code matches a pattern in the known source code patterns, sending an alert to the user indicating that the received source code matches the pattern.

Abstract: Techniques for system kernel error identification and reporting for a computer system are described herein. An aspect includes detecting an error during the execution of a program. Another aspect includes determining whether the error is a system kernel error in the program. Another aspect includes, based on determining that the error is a system kernel error, generating a report regarding the determined system kernel error.

Abstract: Aspects of the invention include executing a first test case on a system, capturing a first state of the system during execution of the first test case, determining a first result of the first test case, performing a second execution of the first test case on the system in response to the first result of the first test case being an unexpected result, capturing a second state of the system during the second execution of the first test case, determining a second result of the first test case, analyzing the first state and the second state to determine a state similarity score, and categorizing the first result as a false positive based at least in part on the state similarity score being above a first threshold and a determination that the second result is a different result than the first result.

Abstract: A method includes receiving test objective data indicates an objective to be achieved during a cybersecurity test of a target system. An attack tree is generated by processing the test objective data into attack tree data including a plurality of data parameter sets and links between data parameter sets. Complexity of the attack tree is analyzed based on the test objective data using a combinatorics model. The attack tree is reduced to achieve the objective of the cybersecurity test based on the analyzed complexity of the attack tree.

Abstract: A computer-implemented method for generating penetration tests automatically includes parsing an existing system test case, and identifying a particular program call in the system test case. The particular program call can require a particular data access authorization. The method further includes, in response to the system test case including the particular program call, generating a penetration test using a predetermined attack vector. The method further includes executing the penetration test and detecting an unauthorized access being performed during the penetration test. Further, the method includes responsively, sending a notification that identifies the particular program call.