System and method for testing web applications with recursive discovery and analysis
First Claim
1. A method for testing web applications with recursive discovery and analysis comprising the steps of:
- (a) receiving a target;
(b) crawling the target to discover analyzable objects;
(c) conduct attack sequences on the analyzable objects;
(d) discovering an additional analyzable object during the attack, and continuing at step (b) with the additional analyzable object.
10 Assignments
0 Petitions
Accused Products
Abstract
A recursive web crawling and analysis tool that includes conducting an initial crawl of a target to identify testable or analyzable objects. The objects are then parsed to identify vulnerabilities, as well as additional objects that can be analyzed. An attack is then launched against the analyzable objects in an effort to break or verify the vulnerabilities. During this attack, additional analyzable objects may be discovered. If such additional objects are discovered, the web crawler is invoked on the additional objects as well, and the results of the crawl are fed back into the parser and attacker functions.
-
Citations
18 Claims
-
1. A method for testing web applications with recursive discovery and analysis comprising the steps of:
-
(a) receiving a target;
(b) crawling the target to discover analyzable objects;
(c) conduct attack sequences on the analyzable objects;
(d) discovering an additional analyzable object during the attack, and continuing at step (b) with the additional analyzable object. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for testing web applications with recursive discovery and analysis comprising the steps of:
-
(a) receiving a target;
(b) crawling the target to discover analyzable objects;
(c) conduct attack sequences on the analyzable objects;
(d) discovering additional analyzable objects during the attack, and (e) continuing at step (b) with each additional analyzable object. - View Dependent Claims (8)
-
-
9. A system for testing web applications with recursive discovery and analysis, the system comprising:
-
a sessions table for housing sessions;
a crawler that is operable to;
retrieve information from the sessions table and to examine web items associated with the session information; and
entering additional sessions identified into the sessions table;
a request queue that is operable to;
extract unsent session information from the sessions table and to exercise he web application using the extracted session information; and
receive response information from the web application and enter the response information into the sessions table in a manner to associate the response with the extracted session information;
a parser operative to;
extract session information from the sessions table and search the session information to identify vulnerabilities and sessions; and
enter identified vulnerabilities and sessions into the sessions table; and
an application audit that is operable to attack the web application by applying the session information within the sessions table. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method for analyzing web based objects using recursive discovery and analysis, the method comprising the steps of:
-
(a) receiving a web-based address of a target;
(b) crawling the target starting at the web-based address to discover analyzable objects;
(c) parsing each analyzable object to identify a first additional object;
(d) conduct attack sequences on each analyzable objects;
(d) discovering a second additional analyzable object during the attack, and continuing at step (b) with the first and second additional analyzable object.
-
Specification