BINARY STATIC ANALYSIS OF APPLICATION STRUCTURE TO IDENTIFY VULNERABILITIES

摘要

Described are methods and devices to identify vulnerabilities in a software package that includes two or more build files. The build files include at least an application file and one or more resource files. The method includes scanning the build files to identify strings. Strings that appear in one of the resource files and are not referenced in the application file are labelled orphaned. Strings that appear in the application file and are node defined in any of the resources files are labelled hardcoded. The identity of hardcoded and orphaned strings is output as potential vulnerabilities or data leakage points.