Integrated interactive application security testing
First Claim
Patent Images
1. A method for testing a software application program, comprising:
- recording a sequence of functional tests that are applied to the program;
automatically identifying and collapsing sessions within the recorded functional tests;
creating modified tests by replacing parameters in the collapsed sessions with malicious inputs; and
applying the modified tests to the program in order to detect security vulnerabilities in the program,wherein applying the modified tests comprises;
adding instrumentation to a version of the program; and
while running the program and applying the modified tests to the version of the program, calling a security handler when the instrumentation generates an event,wherein the security handler detects a suspected vulnerability in the program by analyzing the event and responses of the program to the modified tests.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for testing a software application program includes recording a sequence of functional tests that are applied to the program and automatically identifying and collapsing sessions within the recorded functional tests. Modified tests are created by replacing parameters in the collapsed sessions with malicious inputs. The modified tests are applied to the program in order to detect security vulnerabilities in the program.
-
Citations
24 Claims
-
1. A method for testing a software application program, comprising:
-
recording a sequence of functional tests that are applied to the program; automatically identifying and collapsing sessions within the recorded functional tests; creating modified tests by replacing parameters in the collapsed sessions with malicious inputs; and applying the modified tests to the program in order to detect security vulnerabilities in the program, wherein applying the modified tests comprises; adding instrumentation to a version of the program; and while running the program and applying the modified tests to the version of the program, calling a security handler when the instrumentation generates an event, wherein the security handler detects a suspected vulnerability in the program by analyzing the event and responses of the program to the modified tests. - View Dependent Claims (2, 3, 5, 6, 7)
-
-
4. A method for testing a software application program, comprising:
-
recording a sequence of functional tests that are applied to the program, wherein recording the sequence of the functional tests comprises capturing test traffic conveyed over a network between a test station and a server running the program; automatically identifying and collapsing sessions within the recorded functional tests; creating modified tests by replacing parameters in the collapsed sessions with malicious inputs; and applying the modified tests to the program in order to detect security vulnerabilities in the program, wherein the software application program is a Web application, and wherein capturing the test traffic comprises intercepting Hypertext Transfer Protocol (HTTP) requests sent by the test station and responses returned by the server, wherein intercepting the HTTP requests and responses comprises identifying a correlation between a variable value of a request parameter in an HTTP request and a response parameter in an HTTP response previous to the HTTP request, and wherein applying the modified tests comprises generating test requests to the server while using the correlation to set the variable value of the request parameter in the test requests, based on the responses sent by the server during the modified tests. - View Dependent Claims (8)
-
-
9. Apparatus for testing a software application program, comprising:
-
a memory, configured to store a recorded sequence of functional tests that are applied to the program; and a processor, which is configured to automatically identify and collapse sessions within the recorded functional tests, to create modified tests by replacing parameters in the collapsed sessions with malicious inputs, and to apply the modified tests to the program in order to detect security vulnerabilities in the program, and wherein the processor is configured to add instrumentation to a version of the program, wherein the instrumentation generates events in response to applying the modified tests while running the version of the program, and wherein the processor is configured to detect a suspected vulnerability in the program by analyzing the event and responses of the program to the modified tests. - View Dependent Claims (10, 11, 13, 14, 15)
-
-
12. Apparatus for testing a software application program, comprising:
-
a memory, configured to store a recorded sequence of functional tests that are applied to the program; a processor, which is configured to automatically identify and collapse sessions within the recorded functional tests, to create modified tests by replacing parameters in the collapsed sessions with malicious inputs, and to apply the modified tests to the program in order to detect security vulnerabilities in the program; and a network interface configured to be coupled to a network, wherein the processor is configured to record the sequence of the functional tests by capturing, via the network interface, test traffic conveyed over the network between a test station and a server running the program, wherein the software application program is a Web application, and wherein the test traffic comprises Hypertext Transfer Protocol (HTTP) requests sent by the test station and responses returned by the server, and wherein the processor is configured to identify a correlation between a variable value of a request parameter in an HTTP request and a response parameter in an HTTP response previous to the HTTP request, and to use the correlation in setting the variable value of the request parameter in test requests submitted to the server, based on the responses sent by the server during the modified tests. - View Dependent Claims (16)
-
-
17. A computer software product for testing a software application program, the product comprising a non-transitory computer-readable medium in which program instructions are stored, which instructions, when ready by a computer, cause the computer to record sequence of functional tests that are applied to the program, to automatically identify and collapse sessions within the recorded functional tests, to create modified tests by replacing parameters in the collapsed sessions with malicious input, and to apply the modified tests to the program in order to detect security vulnerabilities in the program,
wherein the instructions cause the computer to add instrumentation to a version of the program, wherein the instrumentation generates events in response to applying the modified tests while running the version of the program, and wherein the instructions cause the computer to detect a suspected vulnerability in the program by analyzing the event and responses of the program to the modified tests.
-
20. A computer software product for testing a software application program, the product comprising a non-transitory computer-readable medium in which program instructions are stored, which instructions, when ready by a computer, cause the computer to record sequence of functional tests that are applied to the program, to automatically identify and collapse sessions within the recorded functional tests, to create modified tests by replacing parameters in the collapsed sessions with malicious input, and to apply the modified tests to the program in order to detect security vulnerabilities in the program,
wherein the instructions cause the computer to record the sequence of the functional tests by capturing test traffic conveyed over a network between a test station and a server running the program, wherein the software application program is a Web application, and wherein the test traffic comprises Hypertext Transfer Protocol (HTTP) requests sent by the test station and responses returned by the server, and wherein the instructions cause the computer to identify a correlation between a variable value of a request parameter in an HTTP request and a response parameter in an HTTP response previous to the HTTP request, and to use the correlation in setting the variable value of the request parameter in test requests submitted to the server, based on the responses sent by the server during the modified tests.
Specification