SYSTEM AND METHOD FOR DETECTING SECURITY DEFECTS IN APPLICATIONS

US 20090100518A1
Filed: 09/19/2008
Published: 04/16/2009
Est. Priority Date: 09/21/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method for detecting vulnerabilities in a deployed web application, the method comprising:

developing a profile of acceptable behavior for inbound communication and outbound communication of a web application;

receiving a current inbound communication including an inbound user request and a current outbound communication from the web application that is in response to the current inbound communication; and

validating the current inbound communication and the current outbound communication with the profile of acceptable behavior to identify an anomaly, the identified anomaly including an occurrence of an acceptable behavior for the current inbound communication in combination with an occurrence of an unacceptable behavior for the current outbound communication.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for detecting vulnerabilities in a deployed web application includes developing a profile of acceptable behavior for inbound communication and outbound communication of a web application. The method also includes receiving a current inbound communication and a current outbound communication from the web application. The current inbound communication includes an inbound user request and the current outbound communication is in response to the current inbound communication. The current inbound communication and the current outbound communication are validated with the profile of acceptable behavior to identify an anomaly. The identified anomaly includes an occurrence of an acceptable behavior for the current inbound communication in combination with an occurrence of an unacceptable behavior for the current outbound communication.

Citations

21 Claims

1. A method for detecting vulnerabilities in a deployed web application, the method comprising:
- developing a profile of acceptable behavior for inbound communication and outbound communication of a web application;
  
  receiving a current inbound communication including an inbound user request and a current outbound communication from the web application that is in response to the current inbound communication; and
  
  validating the current inbound communication and the current outbound communication with the profile of acceptable behavior to identify an anomaly, the identified anomaly including an occurrence of an acceptable behavior for the current inbound communication in combination with an occurrence of an unacceptable behavior for the current outbound communication.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 16, 17, 18, 19, 20, 21)
- - 2. The method of claim 1, further comprising automatically developing the profile of acceptable behavior.
  - 3. The method of claim 1, further comprising automatically updating the profile of acceptable behavior as users interact with the application.
  - 4. The method of claim 1, further comprising receiving and analyzing the anomaly by at least one threat-detection engine to determine if there is a vulnerability in the web application which caused the anomaly.
  - 5. The method of claim 1, further comprising triggering an alert when an anomaly is identified.
  - 6. The method of claim 5, further comprising sending the alert to a database where it is retrieved for further analysis.
  - 7. The method of claim 5, further comprising sending the alert to a user console for further analysis.
  - 16. The method of claim 1, further comprising a means for automatically developing the profile of acceptable behavior.
  - 17. The method of claim 1, further comprising a means for automatically updating the profile of acceptable behavior as users interact with the application.
  - 18. The method of claim 1, further comprising a means for receiving and analyzing the anomaly by at least one threat-detection engine to determine if there is a vulnerability in the web application which caused the anomaly.
  - 19. The method of claim 1, further comprising a means for triggering an alert when an anomaly is identified.
  - 20. The method of claim 5, further comprising a means for sending the alert to a database where it is retrieved for further analysis.
  - 21. The method of claim 5, further comprising a means for sending the alert to a user console for further analysis.

8. A system for detecting defects in a web application, the system comprising:
- a dynamic profiling module configured to develop a profile of acceptable behavior for inbound communication and outbound communication of a web application; and
  
  a collaborative detection module configured to receive a current inbound communication including an inbound user request and a current outbound communication from the web application that is in response to the current inbound communication, to validate the current inbound communication and the current outbound communication with the profile of acceptable behavior to identify an anomaly, the identified anomaly including an occurrence of an acceptable behavior for the current inbound communication in combination with an occurrence of an unacceptable behavior for the current outbound communication.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, further comprising an adaptation module configured to monitor the inbound and outbound communication and modify the profile of acceptable behavior during the life of the web application.
  - 10. The system of claim 8, wherein the collaborative detection module further comprises an outgoing detection module configured to monitor and model the web applications behavior independently or in response to users accessing the web application.
  - 11. The system of claim 8, wherein the collaborative detection module further comprises an outgoing detection module configured to monitor and model the web application'"'"'s behavior independently and in response to users accessing the web application.
  - 12. The system of claim 8, wherein the dynamic profiling module is configured to automatically develop the profile of acceptable behavior.
  - 13. The system of claim 9, wherein the adaptation module is configured to automatically update the profile of acceptable behavior as users interact with the application.
  - 14. The system of claim 8, further comprising an analysis and correlation module coupled to the collaborative detection module and configured to receive and analyze the anomaly by at least one threat-detection engine to determine if there is a vulnerability in the web application which caused the anomaly

15. A means for detecting vulnerabilities in a deployed web application, the means comprising:
- a means for developing a profile of acceptable behavior for inbound communication and outbound communication of a web application;
  
  a means for receiving a current inbound communication including an inbound user request and a current outbound communication from the web application that is in response to the current inbound communication; and
  
  a means for validating the current inbound communication and the current outbound communication with the profile of acceptable behavior to identify an anomaly, the identified anomaly including an occurrence of an acceptable behavior for the current inbound communication in combination with an occurrence of an unacceptable behavior for the current outbound communication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trustwave Holdings Incorporated (Singapore Telecommunications Limited)
Original Assignee
Trustwave Holdings Incorporated (Singapore Telecommunications Limited)
Inventors
Overcash, Kevin

Application Number

US12/234,303
Publication Number

US 20090100518A1
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/554   involving event detection a...

H04L 63/1433   Vulnerability analysis

SYSTEM AND METHOD FOR DETECTING SECURITY DEFECTS IN APPLICATIONS

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR DETECTING SECURITY DEFECTS IN APPLICATIONS

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links