This invention generally relates to malicious software detection. More particularly, the invention relates to improving code coverage for web content and code that is analyzed for security purposes by dynamic code execution.
A typical web page for viewing by a browser is no longer a simple static “hypertext page.” Instead the web page is for engaging dynamic functionality of the browser. The dynamic functionality of the browser allows for interactive and animated web sites. Additionally, the dynamic functionality of the browser opens numerous possibilities of malicious code to exploit the browser and other applications at runtime.
Network security content scanners are inherently limited in their ability to find malicious code. For example, when running code through a dynamic analyzer or code execution box, some portions of the code potentially go unchecked. This could be the result of different environmental settings, of missing code (e.g. a function is declared but it is only called by an external file that was not yet fetched), or a direct result of hackers trying to fool the dynamic analyzer while retaining the ability of the code to run in a normal browser. The browser executes the unchecked portions of the code resulting in exploitation of the browser and other applications during runtime.
Therefore, what is needed are a method and system for improving code coverage for web code that is analyzed for security purposes by dynamic code execution.