Locating security vulnerabilities in source code

Invention Grant

US09128728B2 Locating security vulnerabilities in source code 有权

Title translation: 查找源代码中的安全漏洞

Please log in to see more content

Patent Title: Locating security vulnerabilities in source code
Patent Title (中): 查找源代码中的安全漏洞
Application No.: US13772377

Application Date: 2013-02-21
Publication No.: US09128728B2

Publication Date: 2015-09-08
Inventor: Maty Siman
Applicant: Checkmarx Ltd.
Applicant Address: IL Tel Aviv
Assignee: CHECKMARX LTD.
Current Assignee: CHECKMARX LTD.
Current Assignee Address: IL Tel Aviv
Agency: D. Kligler I.P. Services Ltd.
Main IPC: G06F21/57
IPC: G06F21/57 ; G06F9/45

Locating security vulnerabilities in source code

Abstract:

A tool (22) automatically analyzes application source code (16) for application level vulnerabilities. The tool integrates seamlessly into the software development process, so vulnerabilities are found early in the software development life cycle, when removing the defects is far cheaper than in the post-production phase. Operation of the tool is based on static analysis, but makes use of a variety of techniques, for example methods of dealing with obfuscated code.

Abstract(Chinese):

工具（22）自动分析应用程序源代码（16）以获取应用程序级漏洞。该工具无缝集成到软件开发过程中，因此在软件开发生命周期早期发现漏洞，当删除缺陷比后期制作阶段便宜得多时。该工具的操作基于静态分析，但利用各种技术，例如处理模糊代码的方法。

Public/Granted literature

US20130167241A1 Locating security vulnerabilities in source code Public/Granted day:2013-06-27

Information query

Espacenet

IPC分类:

G	物理
G06	计算；推算或计数
G06F	电数字数据处理（基于特定计算模型的计算机系统入G06N）
G06F21/00	防止未授权行为的保护计算机、其部件、程序或数据的安全装置
G06F21/50	.监控用户、程序或设备，以维护平台完整。例如：处理器、固件或操作系统
G06F21/57	..确保或维持可信任的计算机平台，例如安全引导或断电、版本控制、系统软件检查、安全更新或评估漏洞