Patents by Inventor Yair Amit
Yair Amit has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9213832Abstract: Collecting log file data from at least one log file. From the collected log file data, at least one HTTP request can be generated to exercise a web application to perform a security analysis of the web application. The HTTP request can be communicated to the web application. At least one HTTP response to the HTTP request can be received. The HTTP response can be analyzed to perform validation of the web application. Results of the validation can be output.Type: GrantFiled: January 24, 2012Date of Patent: December 15, 2015Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Yair Amit, Ronen Bachar, Lotem Guy, Igal Kreichman, Ron Nordan, Roi Saltzman, Ori Segal
-
Patent number: 9208309Abstract: Collecting log file data from at least one log file. From the collected log file data, at least one HTTP request can be generated to exercise a web application to perform a security analysis of the web application. The HTTP request can be communicated to the web application. At least one HTTP response to the HTTP request can be received. The HTTP response can be analyzed to perform validation of the web application. Results of the validation can be output.Type: GrantFiled: July 31, 2012Date of Patent: December 8, 2015Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Yair Amit, Ronen Bachar, Lotem Guy, Igal Kreichman, Ron Nordan, Roi Saltzman, Ori Segal
-
Patent number: 9124624Abstract: A method, computer program product, and system for detecting vulnerabilities in web applications is described. A method may comprise determining one or more values associated with a web application that flow to response data associated with the web application. The one or more values may be modifiable by unreliable input. The method may further comprise generating a representation of the response data associated with the web application. The method may additionally comprise determining one or more potentially vulnerable portions of the response data based upon, at least in part, the one or more values modifiable by the unreliable input that flow to the response data associated with the web application, and the representation of the response data associated with the web application.Type: GrantFiled: April 5, 2012Date of Patent: September 1, 2015Assignee: International Business Machines CorporationInventors: Yair Amit, Daniel Kalman, Omer Tripp
-
Patent number: 9087137Abstract: Identifying at least one custom parameter in a request uniform resource locator (URL). At least a first portion of source code of a Web application that typically consumes the custom parameter provided in the request URL can be identified. The Web application can be instrumented at the first portion of the source code. The Web application can receive the request URL and the Web application can be executed with the instrumented source code. At least one run-time value consumed by the second portion of the source code can be identified, and the run-time value can be compared to the request URL to determine whether the run-time value intersects with the request URL. Responsive to determining that the run-time value intersects with the request URL, the run-time value can be identified as the custom parameter. A custom parameter rule can be generated based on the comparison.Type: GrantFiled: December 22, 2011Date of Patent: July 21, 2015Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Yair Amit, Roee Hay, Roi Saltzman, Omer Tripp
-
Patent number: 9077688Abstract: A method, apparatus and product that provide a access control system for mobile devices. The mobile device performing: selecting a proxy to handle a request to a remote server, the request is issued by a program being executed by the mobile device, wherein the proxy is configured to perform a security action in response to the request; and sending the request to the proxy; whereby selectively performing the predetermined security action on a portion of the requests issued by the mobile device. Additionally or alternatively, a computer performing: receiving from a mobile device, an instruction to provide a Proxy Auto Config (PAC) file; and generating a PAC file that comprises a function which is configured to receive a URL and return a proxy to handle a request to the URL, wherein the proxy is configured to perform a security action in response to receiving a request.Type: GrantFiled: June 13, 2013Date of Patent: July 7, 2015Assignee: SKYCURE LTDInventors: Yair Amit, Adi Sharabani
-
Patent number: 9032529Abstract: A method, computer program product, and system for detecting vulnerabilities in web applications is described. A method may comprise determining one or more values associated with a web application that flow to response data associated with the web application. The one or more values may be modifiable by unreliable input. The method may further comprise generating a representation of the response data associated with the web application. The method may additionally comprise determining one or more potentially vulnerable portions of the response data based upon, at least in part, the one or more values modifiable by the unreliable input that flow to the response data associated with the web application, and the representation of the response data associated with the web application.Type: GrantFiled: November 30, 2011Date of Patent: May 12, 2015Assignee: International Business Machines CorporationInventors: Yair Amit, Daniel Kalman, Omer Tripp
-
Patent number: 9026612Abstract: Identifying at least one custom parameter in a request uniform resource locator (URL). The method can include identifying at least a first portion of source code of a Web application that typically consumes the custom parameter provided in the request URL and, via a processor, instrumenting the Web application at the first portion of the source code. The Web application can receive the request URL and the Web application can be executed with the instrumented source code. At least one run-time value consumed by the second portion of the source code can be identified, and the run-time value can be compared to the request URL to determine whether the run-time value intersects with the request URL. Responsive to determining that the run-time value intersects with the request URL, the run-time value can be identified as the custom parameter. A custom parameter rule can be generated based on the comparison.Type: GrantFiled: April 16, 2012Date of Patent: May 5, 2015Assignee: International Business MachinesInventors: Yair Amit, Roee Hay, Roi Saltzman, Omer Tripp
-
Publication number: 20150106889Abstract: A method, apparatus and product for potential attack detection based on dummy network traffic. One embodiment includes a method comprising analyzing an activity, wherein the activity is performed in response to a message, wherein the message is transmitted by a first application that is executed by a computing device, wherein the computing device is connected to a computerized network, wherein the first application is configured to transmit the message in order to induce a potential attacker to perform a malicious activity, wherein said analyzing comprises comparing the activity to a predetermined expected activity in response to the message; and determining, based on the analysis of the activity, that a second application is under a potential attack; whereby an operation of the first application is capable of exposing potential attacks on the second application without monitoring network traffic of the second application.Type: ApplicationFiled: October 8, 2014Publication date: April 16, 2015Applicant: SKYCURE LTDInventors: Adi SHARABANI, Yair AMIT
-
Patent number: 9009841Abstract: A system for detecting file upload vulnerabilities in web applications is provided. The system may include a black-box tester configured to upload, via a file upload interface exposed by a web application, a file together with a signature associated with the file. An execution monitor may be configured to receive information provided by instrumentation instructions within the web application during the execution of the web application. The execution monitor may be configured to recognize the signature of the uploaded file as indicating that the uploaded file was uploaded by the black-box tester. The execution monitor may also be configured to use any of the information to make at least one predefined determination assessing the vulnerability of the web application to a file upload exploit.Type: GrantFiled: March 30, 2012Date of Patent: April 14, 2015Assignee: International Business Machines CorporationInventors: Yair Amit, Roee Hay, Roi Saltzman
-
Patent number: 8996856Abstract: A method, product and system for selective encryption in a mobile device. The method comprising: selectively encrypting requests issued by the mobile device, wherein said selectively encrypting comprises: obtaining a request issued by an application executed by the mobile device, the request having one or more characteristics, the request has a destination; determining, based on the one or more characteristics, whether to encrypt the request; and in response to a determination to encrypt the request, re-routing the request to be transmitted to the destination through a secure channel; whereby the request is encrypted regardless of the destination being a priori associated with the secure channel.Type: GrantFiled: June 13, 2013Date of Patent: March 31, 2015Assignee: Skycure LtdInventors: Yair Amit, Adi Sharabani
-
Patent number: 8949985Abstract: A method, computer program product, and computer system for sending, by a first computing device, a payload from a plurality of payloads to a second computing device. A response from the second computing device responding to the payload is received at the first computing device. It is determined whether the payload has successfully attacked an application executing at the second computing device based upon, at least in part, the response. If not, at least a portion of the plurality of payloads that shares a structural overlap with the first payload is identified. At least a second payload of the portion is prevented from being sent to the second computing device in response to identifying that the second payload shares the structural overlap with the first payload.Type: GrantFiled: October 8, 2013Date of Patent: February 3, 2015Assignee: International Business Machines CorporationInventors: Yair Amit, Adi Cohen, Lotem Guy, Alexander Landau, Omer Tripp, Avishai Vana, Omri Weisman
-
Patent number: 8949992Abstract: A method, including storing a test payload to a persistent state of an application and performing a static analysis to identify a first code location in the application that retrieves the test payload, to identify a first path from an entry point to the first code location, and to identify a second path from the first code location to a second code location that executes a security sensitive operation using the retrieved data. A dynamic analysis is then performed to retrieve the test payload via the first path, and to convey the test payload to the second code location via the second path.Type: GrantFiled: May 31, 2011Date of Patent: February 3, 2015Assignee: International Business Machines CorporationInventors: Yair Amit, Omer Tripp
-
Patent number: 8949994Abstract: A method, including storing a test payload to a persistent state of an application and performing a static analysis to identify a first code location in the application that retrieves the test payload, to identify a first path from an entry point to the first code location, and to identify a second path from the first code location to a second code location that executes a security sensitive operation using the retrieved data. A dynamic analysis is then performed to retrieve the test payload via the first path, and to convey the test payload to the second code location via the second path.Type: GrantFiled: March 15, 2012Date of Patent: February 3, 2015Assignee: International Business Machines CorporationInventors: Yair Amit, Omer Tripp
-
Patent number: 8943589Abstract: A method, computer program product, and computer system for sending, by a first computing device, a payload from a plurality of payloads to a second computing device. A response from the second computing device responding to the payload is received at the first computing device. It is determined whether the payload has successfully attacked an application executing at the second computing device based upon, at least in part, the response. If not, at least a portion of the plurality of payloads that shares a structural overlap with the first payload is identified. At least a second payload of the portion is prevented from being sent to the second computing device in response to identifying that the second payload shares the structural overlap with the first payload.Type: GrantFiled: December 4, 2012Date of Patent: January 27, 2015Assignee: International Business Machines CorporationInventors: Yair Amit, Adi Cohen, Lotem Guy, Alexander Landau, Omer Tripp, Avishai Vana, Omri Weisman
-
Patent number: 8931102Abstract: A system for detecting file upload vulnerabilities in web applications is provided. The system may include a black-box tester configured to upload, via a file upload interface exposed by a web application, a file together with a signature associated with the file. An execution monitor may be configured to receive information provided by instrumentation instructions within the web application during the execution of the web application. The execution monitor may be configured to recognize the signature of the uploaded file as indicating that the uploaded file was uploaded by the black-box tester. The execution monitor may also be configured to use any of the information to make at least one predefined determination assessing the vulnerability of the web application to a file upload exploit.Type: GrantFiled: June 1, 2011Date of Patent: January 6, 2015Assignee: International Business Machines CorporationInventors: Yair Amit, Roee Hay, Roi Saltzman
-
Patent number: 8813237Abstract: Embodiments of the invention generally relate to thwarting fraud perpetrated with a computer by receiving a request from a computer to perform a transaction. Embodiments of the invention may include receiving the request together with transaction data and a cookie, where the transaction data are separate from the cookie; determining in accordance with predefined validation criteria whether the cookie includes a valid representation of the transaction data; and performing the transaction only if the cookie includes a valid representation of the transaction data.Type: GrantFiled: June 28, 2010Date of Patent: August 19, 2014Assignee: International Business Machines CorporationInventors: Yair Amit, Roee Hay, Roi Saltzman, Adi Sharabani
-
Patent number: 8752182Abstract: A build process management system can acquire data pertaining to a software build process that is currently being executed by an automated software build system. The software build process can include executable process steps, metadata, and/or environmental parameter values. An executable process step can utilize a build artifact, representing an electronic document that supports the software build process. The acquired data can then be synthesized into an immutable baseline build process and associated baseline artifact library. The baseline artifact library can store copies of the build artifacts. The immutable baseline build process can include baseline objects that represent data values and dependencies indicated in the software build process. In response to a user-specified command, an operation can be performed upon the baseline build process and associated baseline artifact library.Type: GrantFiled: March 2, 2012Date of Patent: June 10, 2014Assignee: International Business Machines CorporationInventors: Yair Amit, Roee Hay, Roi Saltzman, Adi Sharabani
-
Publication number: 20140157413Abstract: A method, computer program product, and computer system for sending, by a first computing device, a payload from a plurality of payloads to a second computing device. A response from the second computing device responding to the payload is received at the first computing device. It is determined whether the payload has successfully attacked an application executing at the second computing device based upon, at least in part, the response. If not, at least a portion of the plurality of payloads that shares a structural overlap with the first payload is identified. At least a second payload of the portion is prevented from being sent to the second computing device in response to identifying that the second payload shares the structural overlap with the first payload.Type: ApplicationFiled: October 8, 2013Publication date: June 5, 2014Applicant: International Business Machines CorporationInventors: Yair Amit, Adi Cohen, Lotem Guy, Alexander Landau, Omer Tripp, Avishai Vana, Omri Weisman
-
Publication number: 20140157406Abstract: A method, computer program product, and computer system for sending, by a first computing device, a payload from a plurality of payloads to a second computing device. A response from the second computing device responding to the payload is received at the first computing device. It is determined whether the payload has successfully attacked an application executing at the second computing device based upon, at least in part, the response. If not, at least a portion of the plurality of payloads that shares a structural overlap with the first payload is identified. At least a second payload of the portion is prevented from being sent to the second computing device in response to identifying that the second payload shares the structural overlap with the first payload.Type: ApplicationFiled: December 4, 2012Publication date: June 5, 2014Applicant: International Business Machines CorporationInventors: Yair Amit, Adi Cohen, Lotem Guy, Alexander Landau, Omer Tripp, Avishai Vana, Omri Weisman
-
Patent number: 8683596Abstract: Testing a Web-based application for security vulnerabilities. At least one client request including a payload having a unique identifier can be communicated to the Web-based application. Response HTML and an associated Document Object Model (DOM) object can be received from the Web-based application. Content corresponding to the payload can be identified in the DOM object via the unique identifier. A section of the DOM object including the payload can be identified as un-trusted.Type: GrantFiled: October 28, 2011Date of Patent: March 25, 2014Assignee: International Business Machines CorporationInventors: Yair Amit, Yinnon A. Haviv, Daniel Kalman, Omer Tripp, Omri Weisman