System for determining web application vulnerabilities
First Claim
1. A method for detecting security vulnerabilities in a web application executing on a web server or web application server, the method comprising:
- actuating the application in order to discover pre-defined elements of the application'"'"'s interface with external clients;
generating client requests having unauthorized values for said elements in order to generate exploits unique to the application;
attacking the application using the exploits; and
evaluating the results of the attack.
4 Assignments
0 Petitions
Accused Products
Abstract
A method for detecting security vulnerabilities in a web application includes analyzing the client requests and server responses resulting therefrom in order to discover pre-defined elements of the application'"'"'s interface with external clients and the attributes of these elements. The client requests are then mutated based on a pre-defined set of mutation rules to thereby generate exploits unique to the application. The web application is attacked using the exploits and the results of the attack are evaluated for anomalous application activity.
200 Citations
1 Claim
-
1. A method for detecting security vulnerabilities in a web application executing on a web server or web application server, the method comprising:
-
actuating the application in order to discover pre-defined elements of the application'"'"'s interface with external clients;
generating client requests having unauthorized values for said elements in order to generate exploits unique to the application;
attacking the application using the exploits; and
evaluating the results of the attack.
-
Specification