Patents by Inventor Yair Amit
Yair Amit has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20130340031Abstract: A method, apparatus and product that provide a access control system for mobile devices. The mobile device performing: selecting a proxy to handle a request to a remote server, the request is issued by a program being executed by the mobile device, wherein the proxy is configured to perform a security action in response to the request; and sending the request to the proxy; whereby selectively performing the predetermined security action on a portion of the requests issued by the mobile device. Additionally or alternatively, a computer performing: receiving from a mobile device, an instruction to provide a Proxy Auto Config (PAC) file; and generating a PAC file that comprises a function which is configured to receive a URL and return a proxy to handle a request to the URL, wherein the proxy is configured to perform a security action in response to receiving a request.Type: ApplicationFiled: June 13, 2013Publication date: December 19, 2013Inventors: Yair Amit, Adi Sharabani
-
Publication number: 20130339724Abstract: A method, product and system for selective encryption in a mobile device. The method comprising: selectively encrypting requests issued by the mobile device, wherein said selectively encrypting comprises: obtaining a request issued by an application executed by the mobile device, the request having one or more characteristics, the request has a destination; determining, based on the one or more characteristics, whether to encrypt the request; and in response to a determination to encrypt the request, re-routing the request to be transmitted to the destination through a secure channel; whereby the request is encrypted regardless of the destination being a priori associated with the secure channel.Type: ApplicationFiled: June 13, 2013Publication date: December 19, 2013Inventors: Yair AMIT, Adi SHARABANI
-
Patent number: 8510842Abstract: A build process management system can acquire data pertaining to a software build process that is currently being executed by an automated software build system. The software build process can include executable process steps, metadata, and/or environmental parameter values. An executable process step can utilize a build artifact, representing an electronic document that supports the software build process. The acquired data can then be synthesized into an immutable baseline build process and associated baseline artifact library. The baseline artifact library can store copies of the build artifacts. The immutable baseline build process can include baseline objects that represent data values and dependencies indicated in the software build process. In response to a user-specified command, an operation can be performed upon the baseline build process and associated baseline artifact library.Type: GrantFiled: April 13, 2011Date of Patent: August 13, 2013Assignee: International Business Machines CorporationInventors: Yair Amit, Roee Hay, Roi Saltzman, Adi Sharabani
-
Publication number: 20130191913Abstract: Collecting log file data from at least one log file. From the collected log file data, at least one HTTP request can be generated to exercise a web application to perform a security analysis of the web application. The HTTP request can be communicated to the web application. At least one HTTP response to the HTTP request can be received. The HTTP response can be analyzed to perform validation of the web application. Results of the validation can be output.Type: ApplicationFiled: July 31, 2012Publication date: July 25, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: YAIR AMIT, RONEN BACHAR, LOTEM GUY, IGAL KREICHMAN, RON NORDAN, ROI SALTZMAN, ORI SEGAL
-
Publication number: 20130191920Abstract: Collecting log file data from at least one log file. From the collected log file data, at least one HTTP request can be generated to exercise a web application to perform a security analysis of the web application. The HTTP request can be communicated to the web application. At least one HTTP response to the HTTP request can be received. The HTTP response can be analyzed to perform validation of the web application. Results of the validation can be output.Type: ApplicationFiled: January 24, 2012Publication date: July 25, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Yair AMIT, Ronen BACHAR, Lotem GUY, Igal KREICHMAN, Ron NORDAN, Roi SALTZMAN, Ori SEGAL
-
Patent number: 8495135Abstract: Preventing Cross-Site Request Forgery (CSRF) security attacks on a server in a client-server environment comprises: embedding a nonce and a script in all responses from the server to the client, the script adapted for executing to add the nonce to each request from the client to the server; sending the response with the nonce and the script to the client; and verifying that each request from the client includes the nonce. The script preferably modifies all objects, including dynamically generated objects, in a server response that may generate future requests to the server to add the nonce to the requests. The server verifies the nonce value in a request and optionally confirms the request with the client if the value is not the same as the value previously sent by the server. Server-side aspects might be embodied in the server or a proxy between the server and the client.Type: GrantFiled: September 23, 2010Date of Patent: July 23, 2013Assignee: International Business Machines CorporationInventors: Yair Amit, Guy Podjarny, Adi Sharabani
-
Patent number: 8495137Abstract: Preventing Cross-Site Request Forgery security attacks on a server in a client-server environment. In one aspect, this comprises embedding a nonce and a script in all responses from the server to the client wherein, when executed, the script adds the nonce to each request from the client to the server; sending the response with the nonce and the script to the client; and verifying that each request from the client includes the nonce sent by the server to the client. The script preferably modifies all objects, including dynamically generated objects, in a server response that may generate future requests to the server to add the nonce to the requests. The server verifies the nonce value in a request and optionally confirms the request with the client if the value differs from the value previously sent. Server-side aspects might be embodied in the server or a proxy.Type: GrantFiled: March 4, 2012Date of Patent: July 23, 2013Assignee: International Business Machines CorporationInventors: Yair Amit, Guy Podjarny, Adi Sharabani
-
Publication number: 20130174260Abstract: Source code of a plurality of web pages including script code is statically analyzed. A page including a potential vulnerability is identified based on the static analysis. A page not including a potential vulnerability is identified based on the static analysis. The web page including the potential vulnerability is dynamically analyzed using a set of test payloads. The page not including the potential vulnerability is dynamically analyzed using a subset of the set of test payloads, the subset including fewer test payloads than the set of test payloads.Type: ApplicationFiled: December 30, 2011Publication date: July 4, 2013Applicant: International Business Machines CorporationInventors: Yair Amit, Lotem Guy, Daniel Kalman, Ori Segal, Omri Weisman
-
Publication number: 20130174262Abstract: Source code of a plurality of web pages including script code is statically analyzed. A page including a potential vulnerability is identified based on the static analysis. A page not including a potential vulnerability is identified based on the static analysis. The web page including the potential vulnerability is dynamically analyzed using a set of test payloads. The page not including the potential vulnerability is dynamically analyzed using a subset of the set of test payloads, the subset including fewer test payloads than the set of test payloads.Type: ApplicationFiled: March 27, 2012Publication date: July 4, 2013Applicant: International Business Machines CorporationInventors: Yair Amit, Lotem Guy, Daniel Kalman, Ori Segal, Omri Weisman
-
Publication number: 20130167239Abstract: A method of detecting a vulnerability in a Web service can include determining, using a processor, whether a Web service uses identity of a requester to select one of a plurality of different paths of a branch in program code of the Web service. The method further can include, responsive to determining that the Web service does select one of a plurality of different paths of a branch according to identity of the requester, indicating that the Web service has a potential vulnerability.Type: ApplicationFiled: March 26, 2012Publication date: June 27, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: YAIR AMIT, EVGENY BESKROVNY, OMER TRIPP
-
Publication number: 20130166676Abstract: Identifying at least one custom parameter in a request uniform resource locator (URL). At least a first portion of source code of a Web application that typically consumes the custom parameter provided in the request URL can be identified. The Web application can be instrumented at the first portion of the source code. The Web application can receive the request URL and the Web application can be executed with the instrumented source code. At least one run-time value consumed by the second portion of the source code can be identified, and the run-time value can be compared to the request URL to determine whether the run-time value intersects with the request URL. Responsive to determining that the run-time value intersects with the request URL, the run-time value can be identified as the custom parameter. A custom parameter rule can be generated based on the comparison.Type: ApplicationFiled: December 22, 2011Publication date: June 27, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: YAIR AMIT, ROEE HAY, ROI SALTZMAN, OMER TRIPP
-
Publication number: 20130167237Abstract: A system for detecting a vulnerability in a Web service can include a processor configured to initiate executable operations including determining whether a Web service uses identity of a requester to select one of a plurality of different paths of a branch in program code of the Web service and, responsive to determining that the Web service does select one of a plurality of different paths of a branch according to identity of the requester, indicating that the Web service has a potential vulnerability.Type: ApplicationFiled: December 22, 2011Publication date: June 27, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: YAIR AMIT, EVGENY BESKROVNY, OMER TRIPP
-
Publication number: 20130167124Abstract: Identifying at least one custom parameter in a request uniform resource locator (URL). The method can include identifying at least a first portion of source code of a Web application that typically consumes the custom parameter provided in the request URL and, via a processor, instrumenting the Web application at the first portion of the source code. The Web application can receive the request URL and the Web application can be executed with the instrumented source code. At least one run-time value consumed by the second portion of the source code can be identified, and the run-time value can be compared to the request URL to determine whether the run-time value intersects with the request URL. Responsive to determining that the run-time value intersects with the request URL, the run-time value can be identified as the custom parameter. A custom parameter rule can be generated based on the comparison.Type: ApplicationFiled: April 16, 2012Publication date: June 27, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: YAIR AMIT, ROEE HAY, ROI SALTZMAN, OMER TRIPP
-
Publication number: 20130139267Abstract: A method, computer program product, and system for detecting vulnerabilities in web applications is described. A method may comprise determining one or more values associated with a web application that flow to response data associated with the web application. The one or more values may be modifiable by unreliable input. The method may further comprise generating a representation of the response data associated with the web application. The method may additionally comprise determining one or more potentially vulnerable portions of the response data based upon, at least in part, the one or more values modifiable by the unreliable input that flow to the response data associated with the web application, and the representation of the response data associated with the web application.Type: ApplicationFiled: April 5, 2012Publication date: May 30, 2013Applicant: International Business Machines CorporationInventors: Yair Amit, Daniel Kalman, Omer Tripp
-
Publication number: 20130139266Abstract: A method, computer program product, and system for detecting vulnerabilities in web applications is described. A method may comprise determining one or more values associated with a web application that flow to response data associated with the web application. The one or more values may be modifiable by unreliable input. The method may further comprise generating a representation of the response data associated with the web application. The method may additionally comprise determining one or more potentially vulnerable portions of the response data based upon, at least in part, the one or more values modifiable by the unreliable input that flow to the response data associated with the web application, and the representation of the response data associated with the web application.Type: ApplicationFiled: November 30, 2011Publication date: May 30, 2013Applicant: International Business Machines CorporationInventors: Yair Amit, Daniel Kalman, Omer Tripp
-
Publication number: 20130111595Abstract: Testing a Web-based application for security vulnerabilities. At least one client request including a payload having a unique identifier can be communicated to the Web-based application. Response HTML and an associated Document Object Model (DOM) object can be received from the Web-based application. Content corresponding to the payload can be identified in the DOM object via the unique identifier. A section of the DOM object including the payload can be identified as un-trusted.Type: ApplicationFiled: April 16, 2012Publication date: May 2, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: YAIR AMIT, YINNON A. HAVIV, DANIEL KALMAN, OMER TRIPP, OMRI WEISMAN
-
Publication number: 20130111594Abstract: Testing a Web-based application for security vulnerabilities. At least one client request including a payload having a unique identifier can be communicated to the Web-based application. Response HTML and an associated Document Object Model (DOM) object can be received from the Web-based application. Content corresponding to the payload can be identified in the DOM object via the unique identifier. A section of the DOM object including the payload can be identified as un-trusted.Type: ApplicationFiled: October 28, 2011Publication date: May 2, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: YAIR AMIT, YINNON A. HAVIV, DANIEL KALMAN, OMER TRIPP, OMRI WEISMAN
-
Publication number: 20130055402Abstract: A method for detecting security vulnerabilities in web applications can include providing a payload to a web application during a first interaction with the web application at a computer server, where the payload includes a payload instruction and an identifier, detecting the identifier within the payload received during an interaction with the web application subsequent to the first interaction, and determining, responsive to detecting the identifier within the payload, whether the payload instruction underwent a security check prior to execution of the payload instruction.Type: ApplicationFiled: March 26, 2012Publication date: February 28, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: YAIR AMIT, ALEXANDER LANDA, OMER TRIPP
-
Publication number: 20130055397Abstract: A system for detecting security vulnerabilities in web applications, the system including, a black-box tester configured to provide a payload to a web application during a first interaction with the web application at a computer server, where the payload includes a payload instruction and an identifier, and an execution engine configured to detect the identifier within the payload received during an interaction with the web application subsequent to the first interaction, and determine, responsive to detecting the identifier within the payload, whether the payload instruction underwent a security check prior to execution of the payload instruction.Type: ApplicationFiled: August 25, 2011Publication date: February 28, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: YAIR AMIT, ALEXANDER LANDA, OMER TRIPP
-
Patent number: 8370945Abstract: Identifying a security breach caused when a computer-based software application uses a computer-based web browser application, including identifying at least one function within a computer-based software application that causes a computer-based web browser application to access data from a source that is external to the software application, at least partially replacing the data with malicious content that is configured to cause a predefined action to occur when the malicious content is accessed by the web browser application, where the predefined action is associated with a known security breach when the predefined action occurs subsequent to the malicious content being accessed by the web browser application, causing the software application to perform the function, and determining whether the predefined action is performed.Type: GrantFiled: May 20, 2009Date of Patent: February 5, 2013Assignee: International Business Machines CorporationInventors: Yair Amit, Roee Hay, Adi Sharabani