Patents by Inventor Yair Amit
Yair Amit has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10936727Abstract: A method detecting a vulnerability in a Web service can include determining, using a processor, whether a Web service uses identity of a requester to select one of a plurality of different paths of a branch in program code of the Web service. The method further can include, responsive to determining that the Web service does select one of a plurality of different paths of a branch according to identity of the requester, indicating that the Web service has a potential vulnerability.Type: GrantFiled: November 7, 2019Date of Patent: March 2, 2021Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Yair Amit, Evgeny Beskrovny, Omer Tripp
-
Patent number: 10621337Abstract: Systems and methods are provided for sharing a device identifier between two applications installed on an unmanaged device. An enterprise application running on a device may execute client-side code received from an ID matching server to generate a target data set characterizing the device. The enterprise application may send the target data set to the ID matching server. The ID matching server may interact with a Mobile Threat Defense (MTD) server to determine a device ID that the MTD server may use to identify the device. The ID matching server may send the device identifier to an Identity Management (IdM) server. The IdM server may send an API request for security information about the target device to the MTD server, which may send the requested security information in response. The IdM server may determine an authorization level based on the security information.Type: GrantFiled: October 18, 2017Date of Patent: April 14, 2020Assignee: CA, Inc.Inventors: Adi Sharabani, Yair Amit, Daniel Kandel
-
Patent number: 10594732Abstract: Method, product and device for selective traffic blockage. In one embodiment, in response to a detection that a computing device cannot connect to a predetermined server, the blockage policy is applied to an outgoing packet, whereby selectively blocking outgoing packets when the computing device has limited connectivity to the predetermined server. In another embodiment, in response to an attempt to transmit a packet, invoking a local Virtual Private Network (VPN) service that is configured to apply a blockage policy, wherein the local VPN service provides an Application Programming Interface (API) of a VPN service. As a result, selective blockage is implemented using the local VPN service.Type: GrantFiled: November 8, 2016Date of Patent: March 17, 2020Assignee: CA, Inc.Inventors: Yair Amit, Shahar Areli, Daniel Kandel, Elisha Eshed, Roy Iarchy, Adi Sharabani
-
Patent number: 10594736Abstract: Method, product and device for selective traffic blockage. In one embodiment, in response to a detection that a computing device cannot connect to a predetermined server, the blockage policy is applied to an outgoing packet, whereby selectively blocking outgoing packets when the computing device has limited connectivity to the predetermined server. In another embodiment, in response to an attempt to transmit a packet, invoking a local Virtual Private Network (VPN) service that is configured to apply a blockage policy, wherein the local VPN service provides an Application Programming Interface (API) of a VPN service. As a result, selective blockage is implemented using the local VPN service.Type: GrantFiled: June 22, 2018Date of Patent: March 17, 2020Assignee: CA, Inc.Inventors: Yair Amit, Shahar Areli, Daniel Kandel, Elisha Eshed, Roy Iarchy, Adi Sharabani
-
Patent number: 10586049Abstract: A system for detecting a vulnerability in a Web service can include a processor configured to initiate executable operations including determining whether a Web service uses identity of a requester to select one of a plurality of different paths of a branch in program code of the Web service and, responsive to determining that the Web service does select one of a plurality of different paths of a branch according to identity of the requester, indicating that the Web service has a potential vulnerability.Type: GrantFiled: December 22, 2011Date of Patent: March 10, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Yair Amit, Evgeny Beskrovny, Omer Tripp
-
Publication number: 20200074087Abstract: A method detecting a vulnerability in a Web service can include determining, using a processor, whether a Web service uses identity of a requester to select one of a plurality of different paths of a branch in program code of the Web service. The method further can include, responsive to determining that the Web service does select one of a plurality of different paths of a branch according to identity of the requester, indicating that the Web service has a potential vulnerability.Type: ApplicationFiled: November 7, 2019Publication date: March 5, 2020Inventors: YAIR AMIT, EVGENY BESKROVNY, OMER TRIPP
-
Patent number: 10579802Abstract: A method of detecting a vulnerability in a Web service can include determining, using a processor, whether a Web service uses identity of a requester to select one of a plurality of different paths of a branch in program code of the Web service. The method further can include, responsive to determining that the Web service does select one of a plurality of different paths of a branch according to identity of the requester, indicating that the Web service has a potential vulnerability.Type: GrantFiled: March 26, 2012Date of Patent: March 3, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Yair Amit, Evgeny Beskrovny, Omer Tripp
-
Patent number: 9971897Abstract: Source code of a plurality of web pages including script code is statically analyzed. A page including a potential vulnerability is identified based on the static analysis. A page not including a potential vulnerability is identified based on the static analysis. The web page including the potential vulnerability is dynamically analyzed using a set of test payloads. The page not including the potential vulnerability is dynamically analyzed using a subset of the set of test payloads, the subset including fewer test payloads than the set of test payloads.Type: GrantFiled: March 27, 2012Date of Patent: May 15, 2018Assignee: International Business Machines CorporationInventors: Yair Amit, Lotem Guy, Daniel Kalman, Ori Segal, Omri Weisman
-
Patent number: 9971896Abstract: Source code of a plurality of web pages including script code is statically analyzed. A page including a potential vulnerability is identified based on the static analysis. A page not including a potential vulnerability is identified based on the static analysis. The web page including the potential vulnerability is dynamically analyzed using a set of test payloads. The page not including the potential vulnerability is dynamically analyzed using a subset of the set of test payloads, the subset including fewer test payloads than the set of test payloads.Type: GrantFiled: December 30, 2011Date of Patent: May 15, 2018Assignee: International Business Machines CorporationInventors: Yair Amit, Lotem Guy, Daniel Kalman, Ori Segal, Omri Weisman
-
Publication number: 20180131719Abstract: Method, product and device for selective traffic blockage. In one embodiment, in response to a detection that a computing device cannot connect to a predetermined server, the blockage policy is applied to an outgoing packet, whereby selectively blocking outgoing packets when the computing device has limited connectivity to the predetermined server. In another embodiment, in response to an attempt to transmit a packet, invoking a local Virtual Private Network (VPN) service that is configured to apply a blockage policy, wherein the local VPN service provides an Application Programming Interface (API) of a VPN service. As a result, selective blockage is implemented using the local VPN service.Type: ApplicationFiled: November 8, 2016Publication date: May 10, 2018Inventors: Yair Amit, Shahar Areli, Daniel Kandel, Elisha Eshed, Roy Iarchy, Adi Sharabani
-
Patent number: 9954874Abstract: System, method and product for detection of mutated apps and usage thereof. A method comprises obtaining features of an Application Under Check (AUC); comparing the features with sets of features of applications to determine a host application of the AUC; determining that the AUC is a mutated application of the host application, wherein said determined comprises comparing the AUC with the host application; and in response to said determining, performing a predetermined action. A server may be configured to perform the steps of collecting features relating to trusted applications, wherein the trusted applications are potentially useable as a basis for a mutated application, wherein the features are features that are indicative of a mutated versions of the trusted applications; and retaining the features in a repository, whereby collecting and retaining a list of positive signatures of trusted applications that are useful to approximately identify a host application of a mutated application.Type: GrantFiled: October 6, 2015Date of Patent: April 24, 2018Assignee: SYMANTEC CORPORATIONInventor: Yair Amit
-
Patent number: 9882926Abstract: A system for detecting security vulnerabilities in web applications, the system including, a black-box tester configured to provide a payload to a web application during a first interaction with the web application at a computer server, where the payload includes a payload instruction and an identifier, and an execution engine configured to detect the identifier within the payload received during an interaction with the web application subsequent to the first interaction, and determine, responsive to detecting the identifier within the payload, whether the payload instruction underwent a security check prior to execution of the payload instruction.Type: GrantFiled: October 3, 2016Date of Patent: January 30, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Yair Amit, Alexander Landa, Omer Tripp
-
Patent number: 9876816Abstract: A system for detecting security vulnerabilities in web applications, the system including, a black-box tester configured to provide a payload to a web application during a first interaction with the web application at a computer server, where the payload includes a payload instruction and an identifier, and an execution engine configured to detect the identifier within the payload received during an interaction with the web application subsequent to the first interaction, and determine, responsive to detecting the identifier within the payload, whether the payload instruction underwent a security check prior to execution of the payload instruction.Type: GrantFiled: October 3, 2016Date of Patent: January 23, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Yair Amit, Alexander Landa, Omer Tripp
-
Publication number: 20170026402Abstract: A system for detecting security vulnerabilities in web applications, the system including, a black-box tester configured to provide a payload to a web application during a first interaction with the web application at a computer server, where the payload includes a payload instruction and an identifier, and an execution engine configured to detect the identifier within the payload received during an interaction with the web application subsequent to the first interaction, and determine, responsive to detecting the identifier within the payload, whether the payload instruction underwent a security check prior to execution of the payload instruction.Type: ApplicationFiled: October 3, 2016Publication date: January 26, 2017Inventors: YAIR AMIT, ALEXANDER LANDA, OMER TRIPP
-
Publication number: 20170024567Abstract: A system for detecting security vulnerabilities in web applications, the system including, a black-box tester configured to provide a payload to a web application during a first interaction with the web application at a computer server, where the payload includes a payload instruction and an identifier, and an execution engine configured to detect the identifier within the payload received during an interaction with the web application subsequent to the first interaction, and determine, responsive to detecting the identifier within the payload, whether the payload instruction underwent a security check prior to execution of the payload instruction.Type: ApplicationFiled: October 3, 2016Publication date: January 26, 2017Inventors: YAIR AMIT, ALEXANDER LANDA, OMER TRIPP
-
Patent number: 9471787Abstract: A system for detecting security vulnerabilities in web applications, the system including, a black-box tester configured to provide a payload to a web application during a first interaction with the web application at a computer server, where the payload includes a payload instruction and an identifier, and an execution engine configured to detect the identifier within the payload received during an interaction with the web application subsequent to the first interaction, and determine, responsive to detecting the identifier within the payload, whether the payload instruction underwent a security check prior to execution of the payload instruction.Type: GrantFiled: August 25, 2011Date of Patent: October 18, 2016Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Yair Amit, Alexander Landa, Omer Tripp
-
Patent number: 9460291Abstract: A method for detecting security vulnerabilities in web applications can include providing a payload to a web application during a first interaction with the web application at a computer server, where the payload includes a payload instruction and an identifier, detecting the identifier within the payload received during an interaction with the web application subsequent to the first interaction, and determining, responsive to detecting the identifier within the payload, whether the payload instruction underwent a security check prior to execution of the payload instruction.Type: GrantFiled: March 26, 2012Date of Patent: October 4, 2016Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Yair Amit, Alexander Landa, Omer Tripp
-
Publication number: 20160099956Abstract: System, method and product for detection of mutated apps and usage thereof. A method comprises obtaining features of an Application Under Check (AUC); comparing the features with sets of features of applications to determine a host application of the AUC; determining that the AUC is a mutated application of the host application, wherein said determined comprises comparing the AUC with the host application; and in response to said determining, performing a predetermined action. A server may be configured to perform the steps of collecting features relating to trusted applications, wherein the trusted applications are potentially useable as a basis for a mutated application, wherein the features are features that are indicative of a mutated versions of the trusted applications; and retaining the features in a repository, whereby collecting and retaining a list of positive signatures of trusted applications that are useful to approximately identify a host application of a mutated application.Type: ApplicationFiled: October 6, 2015Publication date: April 7, 2016Inventor: Yair Amit
-
Patent number: 9288223Abstract: A method, apparatus and product for potential attack detection based on dummy network traffic. One embodiment includes a method comprising analyzing an activity, wherein the activity is performed in response to a message, wherein the message is transmitted by a first application that is executed by a computing device, wherein the computing device is connected to a computerized network, wherein the first application is configured to transmit the message in order to induce a potential attacker to perform a malicious activity, wherein said analyzing comprises comparing the activity to a predetermined expected activity in response to the message; and determining, based on the analysis of the activity, that a second application is under a potential attack; whereby an operation of the first application is capable of exposing potential attacks on the second application without monitoring network traffic of the second application.Type: GrantFiled: October 8, 2014Date of Patent: March 15, 2016Assignee: SKYCURE LTDInventors: Adi Sharabani, Yair Amit
-
Patent number: 9223977Abstract: Testing a Web-based application for security vulnerabilities. At least one client request including a payload having a unique identifier can be communicated to the Web-based application. Response HTML and an associated Document Object Model (DOM) object can be received from the Web-based application. Content corresponding to the payload can be identified in the DOM object via the unique identifier. A section of the DOM object including the payload can be identified as un-trusted.Type: GrantFiled: April 16, 2012Date of Patent: December 29, 2015Assignee: International Business Machines CorporationInventors: Yair Amit, Yinnon A. Haviv, Daniel Kalman, Omer Tripp, Omri Weisman