Methodology, system and computer readable medium for analyzing target web-based applications
First Claim
1. A computerized method for analyzing a target web-based application to identify design characteristics which render the target application susceptible to exploit, said computerized method comprising:
- a. establishing a set of search items pertaining to sensitive data categories of interest;
b. launching a web browser application on a first network computer;
c. accessing the target application via said web browser application, whereby the target application is hosted by a second network computer;
d. navigating through hypertext links within the target application to obtain a listing of web pages associated with the target application, each web page being characterized by associated HTML traffic; and
e. sequentially, for each respective web page within said listing;
(i) downloading the respective web page from the second network computer;
(ii) parsing the respective web page'"'"'s HTML traffic to extract traffic data which matches any of said search items; and
(iii) storing said traffic data within a sensitive data storage location, thereby to identify a compilation of said design characteristics.
5 Assignments
0 Petitions
Accused Products
Abstract
A computerized method, a computer-readable medium and a computerized test system are provided for analyzing target web-based applications, for example, to identify design characteristics of the application which render it susceptible to exploit. Hypertext links within the application are navigated to obtain a listing of associated web pages. Each web page may then be parsed to extract associated traffic data which matches any search items pertaining to sensitive data categories of interest. The extracted traffic data is stored within a storage location to identify a compilation of potentially exploitable design characteristics.
-
Citations
23 Claims
-
1. A computerized method for analyzing a target web-based application to identify design characteristics which render the target application susceptible to exploit, said computerized method comprising:
-
a. establishing a set of search items pertaining to sensitive data categories of interest;
b. launching a web browser application on a first network computer;
c. accessing the target application via said web browser application, whereby the target application is hosted by a second network computer;
d. navigating through hypertext links within the target application to obtain a listing of web pages associated with the target application, each web page being characterized by associated HTML traffic; and
e. sequentially, for each respective web page within said listing;
(i) downloading the respective web page from the second network computer;
(ii) parsing the respective web page'"'"'s HTML traffic to extract traffic data which matches any of said search items; and
(iii) storing said traffic data within a sensitive data storage location, thereby to identify a compilation of said design characteristics. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computerized method for analyzing a target web-based application for potentially exploitable design characteristics, said computerized method comprising:
-
a. examining HTML traffic that is respectively associated with each of a plurality of navigable web pages of the target application;
b. extracting from said HTML traffic any matching traffic data which satisfies pre-established search criteria; and
c. storing said matching traffic data within a common data storage location thereby to identify the potentially exploitable design characteristics. - View Dependent Claims (15, 16)
-
-
17. A computerized method according to claim whereby said HTML traffic includes an associated HTML header and associated HTML code, and whereby examination of the HTML traffic is accomplished by sequentially analyzing each line within both the HTML header and the HTML code to assess satisfaction of the pre-established search criteria.
-
18. A computer-readable medium having executable instructions for performing a method comprising:
-
a. launching a web browser application on a first network computer;
b. accessing a target application hosted by a second network computer via said web browser application;
c. navigating through hypertext links within the target application to obtain a listing of web pages associated with the target application, each web page being characterized by associated HTML traffic; and
d. sequentially, for each respective web page within said listing;
(i) downloading the respective web page from the second network computer;
(ii) parsing the respective web page'"'"'s HTML traffic to extract traffic data which matches any of a plurality of pre-established search items; and
(iii) storing said traffic data within a data storage location, thereby to identify a compilation of said design characteristics. - View Dependent Claims (19, 20, 21, 22)
-
-
23. A computerized test system for analyzing a target web-based application, comprising:
-
a. a storage device;
b. a processor programmed to;
i. launch a web browser application on a first network computer;
ii. access a target application hosted by a second network via said web browser application;
iii. navigate through hypertext links within the target application to obtain a listing of web pages associated with the target application, each web page being characterized by associated HTML traffic; and
iv. sequentially, for each respective web page within said listing;
(a) download the respective web page from the second network computer;
(b) parse the respective web page'"'"'s HTML traffic to extract traffic data which matches any of a plurality of keyword search items; and
(c) store said traffic data within a sensitive data storage location, thereby to identify a compilation of said design characteristics; and
c. an output device for displaying said compilation of design characteristics.
-
Specification