Security scanner
First Claim
Patent Images
1. A security scanner system that provides automated selection of payloads for a security scan, the security scanner system comprising:
- a computing device including a processing unit and a memory, the processing unit implementing a scan system and an automated payload selection system, the automated payload selection system is operable to;
receive new payloads;
update a list of payloads based on the new payloads;
store the list of payloads to form a list of stored payloads;
select a first set of payloads from the list of stored payloads;
attack a test target with the first set of payloads;
receive a test response for each payload in the first set of payloads from the test target;
determine a second set of payloads from the first set of payloads that generated a valid test response from the test target;
determine a symmetrical difference for each valid test response for the second set of payloads;
cluster the second set of payloads into groups based on the symmetrical differences for the valid test responses for the second set of payloads, wherein payloads within a same group are identified as functionally equivalent; and
select at least one payload from each group to form a third set of payloads,wherein selecting at least one payload from each group to form the third set of payloads includes selecting the payloads at random; and
the scan system is operable to;
attack a security target with the third set of payloads.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for automated selection of payloads for use in a security scan of a web application by a security scanner are described herein. More specifically, the systems and methods test potential payloads for a security scan of a given web application on a test application with known security vulnerabilities, evaluate valid response returned by this test application, determine functionally equivalent responses, group payloads based the equivalence of their valid responses, and select one or more payloads from each created group for use in the security scan of the given web application.
-
Citations
20 Claims
-
1. A security scanner system that provides automated selection of payloads for a security scan, the security scanner system comprising:
-
a computing device including a processing unit and a memory, the processing unit implementing a scan system and an automated payload selection system, the automated payload selection system is operable to; receive new payloads; update a list of payloads based on the new payloads; store the list of payloads to form a list of stored payloads; select a first set of payloads from the list of stored payloads; attack a test target with the first set of payloads; receive a test response for each payload in the first set of payloads from the test target; determine a second set of payloads from the first set of payloads that generated a valid test response from the test target; determine a symmetrical difference for each valid test response for the second set of payloads; cluster the second set of payloads into groups based on the symmetrical differences for the valid test responses for the second set of payloads, wherein payloads within a same group are identified as functionally equivalent; and select at least one payload from each group to form a third set of payloads, wherein selecting at least one payload from each group to form the third set of payloads includes selecting the payloads at random; and the scan system is operable to; attack a security target with the third set of payloads. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for automated selection of payloads for a security scan of a web application by a security scanner, the method comprising:
-
selecting a first set of payloads from a list of stored payloads; attacking a test target with the first set of payloads; receiving a test response for each payload in the first set of payloads from the test target; determining a second set of payloads that generated a valid test response from the test target; determining a symmetrical difference for each valid test response for the second set of payloads; clustering the second set of payloads into groups, the clustering comprising; comparing each symmetrical difference to a configurable threshold, classifying payloads of the second set of payloads into one group when the payloads have valid test responses with symmetrical differences that are less than the configurable threshold, and classifying the payloads of the second set of payloads into different groups when the payloads have valid test responses with symmetrical differences that are more than the configurable threshold, wherein the payloads within a same group are identified as functionally equivalent; selecting at least one payload from each group to form a third set of payloads, wherein selecting at least one payload from each group to form the third set of payloads comprises;
selecting oldest payloads, selecting human readable payloads, selecting payloads with fewest characters, or selecting random payloads; andattacking a security target with the third set of payloads. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system for automated selection of payloads for a security scan, the system comprising:
-
at least one processor; and one or more computer-readable storage media including computer-executable instructions stored thereon that, responsive to execution by the at least one processor, cause the system to perform operations including; receiving a security target; reading attack surfaces for the security target; determining attack types for the security target based on the attack surfaces; selecting a first set of payloads from a list of stored payloads based on the attack types; attacking a test target with the first set of payloads; receiving a test response for each payload in the first set of payloads from the test target; determining a second set of payloads that generated a valid test response from the test target, wherein the valid test response is a response that returned results from the test target; determining a symmetrical difference for each valid test response for the second set of payloads; clustering the second set of payloads into groups based on the symmetrical difference for the valid test responses for the second set of payloads, wherein payloads within a same group are identified as functionally equivalent; selecting at least one payload from each group to form a third set of payloads, wherein selecting at least one payload from each group to form the third set of payloads comprises; selecting oldest payload, selecting human readable payloads, selecting payloads with fewest characters, or selecting random payloads; attacking the security target with the third set of payloads; evaluating responses for each of the third set of payloads received from the security target; and generating a report based on the evaluating of the responses. - View Dependent Claims (19, 20)
-
Specification