Patent attributes
Security auditing of an application is performed based on object data associated with the application. An application is executed on a physical or emulated host device, and assembly code is generated for the executing application. The assembly code is analyzed to identify objects associated with the application, and to identify relationships between the objects. Data stored in member variables of the objects is retrieved by setting analysis points at which to extract member variable data during execution of the application. Based on the object data, relationship data, and retrieved member variable data, potential security risks are identified for the application. Security risks may include access of data on the host device and external communication of the accessed data. The application may be instrumented to include logging functionality, or to disable certain features of the application, and deployed to enable further monitoring for security risks.
