Invention Grant
- Patent Title: Systems and/or methods for static-dynamic security testing using a test configurator to identify vulnerabilities and automatically repair defects
-
Application No.: US16834712Application Date: 2020-03-30
-
Publication No.: US11550923B2Publication Date: 2023-01-10
- Inventor: Heiko Weber
- Applicant: Software AG
- Applicant Address: DE Darmstadt
- Assignee: Software AG
- Current Assignee: Software AG
- Current Assignee Address: DE Darmstadt
- Agency: Nixon & Vanderhye P.C.
- Main IPC: G06F21/57
- IPC: G06F21/57 ; G06F11/36
Abstract:
Certain example embodiments test an application for security vulnerabilities. Binary and/or source code representations are subjected to static testing. Static testing identifies potential security weaknesses in the application. For each potential security weakness, a corresponding dynamic test set, containing one or more test cases, is generated based on (i) the corresponding potential security weakness, and (ii) lookups to weakness, application context, and attack pattern databases. The weakness database includes different weakness types and descriptions thereof. The attack pattern database includes information about how to generate attacks for the different weakness types. An instance of the application running in a test runtime environment is dynamically tested using the dynamic test cases. The dynamic test results verify whether each potential security weakness is a real vulnerability. The dynamic test results include fewer false-positives than the raw static test results. Verified security weakness of the application are repairable automatically.
Public/Granted literature
Information query
