DETERMINING THE VULNERABILITY OF COMPUTER SOFTWARE APPLICATIONS TO ATTACKS

1. A system for determining the vulnerability of computer software applications to attacks, the system comprising:

a variable identifier configured to identify a defense-related variable within a computer software application that is assigned results of a defense operation, wherein said defense operation is configured to defend against a predefined type of attack; and

a vulnerability identifier configured to

identify a control-flow predicate dominating a security-sensitive operation within said computer software application, wherein said security-sensitive operation is security-sensitive with respect to said predefined type of attack,

identify a data-flow dependent variable in said computer software application that is data-flow dependent on said defense-related variable,

determine that a first condition is true if said control-flow predicate uses said data-flow dependent variable to make a branching decision,

determine that a second condition is true if a control-flow path leading to said security-sensitive operation is taken only if said data-flow dependent variable is compared against a value of a predefined type,

determine that said security-sensitive operation is safe from said predefined type of attack if both of said conditions are true, and

determine that said computer software application is safe from said predefined type of attack if all security-sensitive operations in said computer software application are determined to be safe from said predefined type of attack.

2. The system according to claim 1 wherein said predefined type of attack is a cross-site request forgery attack.

3. The system according to claim 1 wherein said variable identifier and vulnerability identifier are implemented in either of

a) computer hardware configured to perform the functions of said variable identifier and vulnerability identifier, and

b) computer software embodied in a tangible, computer-readable storage medium.

4. The system according to claim 1 wherein said vulnerability identifier is configured to provide a notification that said computer software application is safe from said predefined type of attack.

5. The system according to claim 1 wherein said vulnerability identifier is configured to provide a notification that said computer software application is not safe from said predefined type of attack if said vulnerability identifier determines that fewer than both of said conditions are true regarding said security-sensitive operation.

6. The system according to claim 5 wherein said vulnerability identifier is configured to provide a notification identifying said security-sensitive operation regarding which fewer than both of said conditions are true.

7. The system according to claim 1 and further comprising a defense operation identifier configured to identify said defense operation within said computer software application.

8. The system according to claim 1 and further comprising a security-sensitive instructions identifier configured to identify said security-sensitive operation within said computer software application.

9. The system according to claim 1 wherein said vulnerability identifier is configured to determine that said second condition is true where said predefined type is the value of a query string or any part of said query string.

10. The system according to claim 1 wherein said vulnerability identifier is configured to determine that said second condition is true where said predefined type is the value of an HTTP POST or GET parameter.

11. The system according to claim 1 wherein said vulnerability identifier is configured to determine that said second condition is true where said predefined type is the value of an HTTP header.

12. A method for determining the vulnerability of computer software applications to attacks, the method comprising:

identifying a defense-related variable within a computer software application that is assigned results of a defense operation, wherein said defense operation is configured to defend against a predefined type of attack;

identifying a control-flow predicate dominating a security-sensitive operation within said computer software application, wherein said security-sensitive operation is security-sensitive with respect to said predefined type of attack;

identifying a data-flow dependent variable in said computer software application that is data-flow dependent on said defense-related variable;

determining that a first condition is true if said control-flow predicate uses said data-flow dependent variable to make a branching decision;

determining that a second condition is true if a control-flow path leading to said security-sensitive operation is taken only if said data-flow dependent variable is compared against a value of a predefined type;

determining that said security-sensitive operation is safe from said predefined type of attack if both of said conditions are true; and

determining that said computer software application is safe from said predefined type of attack if all security-sensitive operations in said computer software application are determined to be safe from said predefined type of attack.

13. The method according to claim 12 and further comprising performing said identifying and determining steps wherein said predefined type of attack is a cross-site request forgery attack.

14. The method according to claim 12 wherein said identifying and determining steps are implemented in either of

a) computer hardware configured to perform said identifying and determining steps, and

b) computer software embodied in a tangible, computer-readable storage medium.

15. The method according to claim 12 and further comprising providing a notification that said computer software application is safe from said predefined type of attack.

16. The method according to claim 12 and further comprising providing a notification that said computer software application is not safe from said predefined type of attack if said vulnerability identifier determines that fewer than both of said conditions are true regarding said security-sensitive operation.

17. The method according to claim 16 wherein said step of providing a notification comprises identifying said security-sensitive operation regarding which fewer than both of said conditions are true.

18. The method according to claim 12 and further comprising identifying said defense operation within said computer software application.

19. The method according to claim 12 and further comprising identifying said security-sensitive operation within said computer software application.

20. The method according to claim 12 and further comprising determining that said second condition is true where said predefined type is the value of a query string or any part of said query string.

21. The method according to claim 12 and further comprising determining that said second condition is true where said predefined type is the value of an HTTP POST or GET parameter.

22. The method according to claim 12 and further comprising determining that said second condition is true where said predefined type is the value of an HTTP header.

23. A computer program product for determining the vulnerability of computer software applications to attacks, the computer program product comprising:

a computer-readable storage medium; and

computer-readable program code embodied in said computer-readable storage medium, wherein said computer-readable program code is configured to

identify a defense-related variable within a computer software application that is assigned results of a defense operation, wherein said defense operation is configured to defend against a predefined type of attack;

identify a control-flow predicate dominating a security-sensitive operation within said computer software application, wherein said security-sensitive operation is security-sensitive with respect to said predefined type of attack;

identify a data-flow dependent variable in said computer software application that is data-flow dependent on said defense-related variable;

determine that a first condition is true if said control-flow predicate uses said data-flow dependent variable to make a branching decision;

determine that a second condition is true if a control-flow path leading to said security-sensitive operation is taken only if said data-flow dependent variable is compared against a value of a predefined type;

determine that said security-sensitive operation is safe from said predefined type of attack if both of said conditions are true; and

determine that said computer software application is safe from said predefined type of attack if all security-sensitive operations in said computer software application are determined to be safe from said predefined type of attack.

24. The computer program product according to claim 23 wherein said predefined type of attack is a cross-site request forgery attack.

25. The computer program product according to claim 23 wherein said computer-readable program code is configured to provide a notification that said computer software application is safe from said predefined type of attack.