Abstract: One or more communication interfaces of a first application may be scanned. In response to the scanning, it may be determined that at least a first component of the first application is subject to public access from any application. One or more public access features associated with the first component may be removed, wherein the first component is no longer subject to public access from any application. A first module may be added to the first application to control access to data to or from the first component via one or more security rules.

Abstract: A computer system, method, and computer readable product are provided for identifying and isolating library code that has been obfuscated in software applications. A call graph is created for the execution of at least one module of preexisting library code within a bundle of software modules through either static analysis of the software code or dynamic analysis of the executing code, and then one or more anchor points are devised based upon the call graph that are indicative of the preexisting library code. Then a bundle of software modules can be analyzed or its execution monitored to determine if a discrete module of library code is present in the executing bundle based upon the modules' interaction with the one or more anchor points, and the discrete module of library code in the executing bundle can be identified as a module of preexisting library code.

Abstract: A method is disclosed including instrumenting a first version of an application on a plurality of end user devices and receiving execution data for the first version of the application from at least some of the plurality of end user devices. The execution data may be generated by the instrumentation in response to an execution of the first version of the application by the at least some of the end user devices. The method further includes automatically generating execution scripts based on the received execution data. The execution scripts may be configured to reproduce the execution of the first version of the application by the at least some of the end users devices. The method further includes automatically executing at least one of the execution scripts on an updated version of the application.

Abstract: Techniques for performing root cause analysis in dynamic software testing via probabilistic modeling are provided. In one example, a computer-implemented method includes initializing, by a system operatively coupled to a processor, a threshold value, a defined probability value, and a counter value. The computer-implemented method also includes, in response to determining, by the system, that a probability value assigned to a candidate payload of one or more candidate payloads exceeds the defined probability value, and in response to determining, by the system, that the counter value exceeds the threshold value: determining, by the system, that a match exists between the candidate payload and an input point based on an application of the candidate payload to the input point resulting in a defined condition, wherein the one or more candidate payloads are represented by population data accessed by the system.

Abstract: A configuration for a security analysis tool is received from a user. The configuration includes two or more configuration items. Each configuration item is a parameter in the configuration of the security analysis tool that has a plurality of possible values. A correlation between the two or more configuration items is determined. The correlation is based on one or more pre-determined empirical correlations.

Abstract: A configuration for a security analysis tool is received from a user. The configuration includes two or more configuration items. Each configuration item is a parameter in the configuration of the security analysis tool that has a plurality of possible values. A correlation between the two or more configuration items is determined. The correlation is based on one or more pre-determined empirical correlations.

Abstract: Aspects of the invention include receiving, using a processing system, a geographic location of a user. A trust level of an application is determined. Based at least in part on the trust level of the application meeting a threshold, the geographic location of the user is transmitted to the application. Based at least in part on the trust level of the application not meeting the threshold, a semantic label associated with the geographic location of the user is determined. The semantic label describes a type of place located at the geographic location of the user. An obfuscated geographic location that preserves the privacy of the geographic location of the user and is associated with a semantic label consistent with the semantic label associated with the geographic location of the user is generated. The obfuscated geographic location is transmitted to the application in place of the geographic location of the user.

Abstract: Analyzing a security specification. An embodiment can include identifying a downgrader in a computer program under test. Testing on the downgrader can be performed in a first level of analysis. Responsive to the downgrader not passing the testing performed in the first level of analysis, a counter example for the downgrader can be automatically synthesized. Further, a test unit can be created for the downgrader using the counter example as an input parameter to the downgrader. The test unit can be executed to perform testing on the downgrader in a second level of analysis. Responsive to the downgrader passing the testing performed in the second level of analysis, a user can be prompted to simplify a model of the downgrader.

Abstract: Analyzing program code can include detecting an instance of a container within the program code using a processor, selecting a model container correlated with the container using the processor, and creating an instance of the model container within memory using the processor. A data-flow of the program code can be tracked through the instance of the model container instead of the instance of the container.

Abstract: In an approach for testing an application for a security vulnerability, a processor inserts an instrumentation hook in the application to be tested, wherein the instrumentation hook is executed prior to a sink operation. A processor transmits a probe input value to the application to be tested. A processor detects a modification to the probe input value at the instrumentation hook by comparing the probe input value at the instrumentation hook to a signature value and detecting that the probe input value matches the signature value. A processor removes the sink operation from testing for the security vulnerability.

Abstract: An apparatus and computer program product which are configured for determining, as part of a static analysis of a program, links between functions in the program and performing, as part of the static analysis, string analysis on strings used in the program to determine additional links between the functions in the program. The apparatus and computer program product are further configured for outputting, as part of the static analysis, indications of at least the links between the functions and the additional links between the functions.

Abstract: One or more communication interfaces of a first application may be scanned. In response to the scanning, it may be determined that at least a first component of the first application is subject to public access from any application. One or more public access features associated with the first component may be removed, wherein the first component is no longer subject to public access from any application. A first module may be added to the first application to control access to data to or from the first component via one or more security rules.

Abstract: A configuration for a security analysis tool is received from a user. The configuration includes two or more configuration items. Each configuration item is a parameter in the configuration of the security analysis tool that has a plurality of possible values. A correlation between the two or more configuration items is determined. The correlation is based on one or more pre-determined empirical correlations.

Abstract: A Software optimization method, system, and computer program product, include defining a vocabulary of tokens to yield admissible inputs of a system, generating random test inputs based on combining inputs and input tuples, followed by application of these inputs into the system, and analyzing the correlations between system failures and the tokens present in respective inputs to localize failures to particular inputs and input tuples.

Abstract: A user interface (UI)-level clone detection method, system, and computer program product, include running applications from an application database to obtain a screenshot of each of the applications, comparing a first object of a first screenshot of a first application with a second object from a second screenshot of a second application to determine a similarity between the first object and the second object, and analyzing a code for each of the first object and the second object when the similarity is greater than a predetermined threshold value to identify a same-functionality code.

Abstract: Providing specialization for a static program analysis procedure by executing an automated agent to monitor a code authoring process for a program under examination that includes a plurality of respective lexical scopes. The agent monitors a corresponding amount of coding time, or a corresponding number of edits, for each of the plurality of respective lexical scopes. A mapping associates each of the plurality of respective lexical scopes with a first quantitative measure of the corresponding amount of time, or a second quantitative measure of the corresponding number of edits, that were used to code each of the plurality of respective lexical scopes. The static analysis procedure is specialized by applying a more refined, detailed, precise, or granular analysis to a first lexical scope that is mapped to a greater amount of time or a greater number of edits than a second lexical scope.

Abstract: A technique for synthesizing tests from a Web service document includes locating at least one parameter for at least one client to server function call in a Web service document. Client validation constraints for the at least one parameter are discovered. Server validation constraints for the at least one parameter in the Web service document are discovered. At least one range for the at least one parameter that will be accepted by the server and not be accepted by the client is discovered. Tests using parameter values from the discovered at least one range are synthesized.

Abstract: A method for detecting malicious code fragments based on data-flow isolation is provided. The method may include isolating data flows associated with a computing program for a user device. The method may further include mapping steps for the isolated data flow to modules associated with the computing program and the user device. The method may further include comparing the mapped steps to determine connections between the isolated data flows. The method may further include, based on the comparison of the mapped steps and the modules, determining whether the isolated data flows comprise malicious data flow deviations. The method may also include, in response to the determination that the isolated data flows comprise malicious data flow deviations, determining whether the computer program is malicious by weighing security risks associated with the malicious data flow deviations based on security risk factors.

Abstract: Protecting a runtime Web service application. A web service application is instrumented to log its operation and allow recreation of its execution trace. Trace point vulnerabilities are identified using one or more data payloads. Candidate trace point operations associated with the trace point vulnerabilities are identified. Supplementary candidate operations are computed based on the existing trace point operations and the one or more data payloads. The Web service application is further instrumented with the one or more supplementary candidate operations.

Abstract: A method (and structure) for enforcing a security policy includes retrieving from a memory a program to be verified against a security policy and a security specification defining the security policy. A static program analysis is performed on the program, using a processor on a computer, to determine whether the program is compatible with the security specification. The program is rejected if the program is determined by the static program analysis as being incompatible with the security specification. If the program is determined during the static program analysis as compatible with the security specification under static analysis criteria, then building a call-graph representation of the program for use to evaluate any dynamically-loaded code during an execution of the program. Any paths, if any, of the call-graph representation that reach at least one policy-relevant operation is marked.