BROWSER BASED METHOD OF ASSESSING WEB APPLICATION VULNERABILITY

US 20100050263A1
Filed: 08/25/2008
Published: 02/25/2010
Est. Priority Date: 08/25/2008
Status: Active Grant

First Claim

Patent Images

1. A method of assessing the vulnerability of a web form, said web form comprising one or more elements loaded from a server to a browser, said method comprising the steps of:

monitoring one or more HTTP requests transmitted from said browser to said server;

analyzing said one or more HTTP requests to detect one or more elements to be analyzed;

executing one or more security vulnerability tests for said one or more elements to be analyzed; and

displaying the results of said one or more security vulnerability tests.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A novel and useful mechanism and method for assessing the vulnerability of web applications while browsing the application. As a user interacts with the web application, HTTP requests are sent from the browser to the web server. Each HTTP request is analyzed to determine if its associated elements need testing. Vulnerability assessment tests are sent to the server. Test results are then returned to the browser, where they are analyzed, displayed and/or stored in a log file.

Citations

25 Claims

1. A method of assessing the vulnerability of a web form, said web form comprising one or more elements loaded from a server to a browser, said method comprising the steps of:
- monitoring one or more HTTP requests transmitted from said browser to said server;
  
  analyzing said one or more HTTP requests to detect one or more elements to be analyzed;
  
  executing one or more security vulnerability tests for said one or more elements to be analyzed; and
  
  displaying the results of said one or more security vulnerability tests.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method according to claim 1, wherein said one or more HTTP requests are issued by an element of said web form.
  - 3. The method according to claim 1, wherein one or more of said one or more elements is not displayed on said web form.
  - 4. The method according to claim 1, wherein said step of analyzing comprises the steps of:
    - generating one or more tests for each of said one or more elements to be analyzed;
      
      transmitting said one or more tests to said server; and
      
      receiving a response to each of said one or more tests.
  - 5. The method according to claim 4, wherein said step of generating is executed by said browser.
  - 6. The method according to claim 4, wherein said step of transmitting is executed by said browser
  - 7. The method according to claim 2, wherein said step of receiving is executed by said browser.
  - 8. The method according to claim 2, wherein said one or more tests are executed by said server.

9. A method of assessing the vulnerability of a web form, said web form comprising one or more elements loaded from a server to a browser, said method comprising the steps of:
- monitoring one or more HTTP requests transmitted from said browser to said server;
  
  analyzing said one or more HTTP requests to detect one or more elements to be analyzed;
  
  executing one or more security vulnerability tests for said one or more elements to be analyzed; and
  
  saving the results of said one or more security vulnerability tests to a log file.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method according to claim 9, wherein said one or more HTTP requests are issued by an element of said web form.
  - 11. The method according to claim 9, wherein said step of analyzing comprises the steps of:
    - generating one or more tests for each of said one or more elements to be analyzed;
      
      transmitting said one or more tests to said server; and
      
      receiving a response to each of said one or more tests.
  - 12. The method according to claim 11, wherein said step of generating is executed by said browser.
  - 13. The method according to claim 10, wherein said step of transmitting is executed by said browser
  - 14. The method according to claim 10, wherein said step of receiving is executed by said browser.
  - 15. The method according to claim 10, wherein said one or more tests are executed by said server.

16. A computer program product for assessing the vulnerability of a web form, said web form comprising one or more elements loaded from a server to a browser, the computer program product comprising:
- a computer usable medium having computer usable code embodied therewith, the computer program product comprising;
  
  computer usable code configured for monitoring one or more HTTP requests transmitted from said browser to said server;
  
  computer usable code configured for analyzing said one or more HTTP requests to detect one or more elements to be analyzed;
  
  computer usable code configured for executing one or more security vulnerability tests for said one or more elements to be analyzed; and
  
  computer usable code configured for displaying any detected the results of said one or more security vulnerability tests.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer program product according to claim 16, wherein said computer program product comprises a web browser plug-in.
  - 18. The computer program product according to claim 16, wherein said one or more HTTP requests are issued by an element of said web form.
  - 19. The computer program product according to claim 16, wherein one or more of said one or more elements is not displayed on said web form.
  - 20. The computer program product according to claim 16, wherein said computer usable code configured for analyzing comprises:
    - computer usable code configured for generating one or more tests for each of said one or more elements to be analyzed;
      
      computer usable code configured for transmitting said one or more tests to said server; and
      
      computer usable code configured for receiving a response to each of said one or more tests.

21. A computer program product for assessing the vulnerability of a web form, said web form comprising one or more elements loaded from a server to a browser, the computer program product comprising:
- a computer usable medium having computer usable code embodied therewith, the computer program product comprising;
  
  computer usable code configured for monitoring one or more HTTP requests transmitted from said browser to said server;
  
  computer usable code configured for analyzing said one or more HTTP requests to detect one or more elements to be analyzed;
  
  computer usable code configured for executing one or more security vulnerability tests for said one or more elements to be analyzed;
  
  computer usable code configured for saving the results of said one or more security vulnerability tests to a log file; and
  
  computer usable code configured for displaying said log file.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The computer program product according to claim 21, wherein said computer program product comprises a web browser plug-in.
  - 23. The computer program product according to claim 21, wherein said one or more HTTP requests are issued by an element of said web form.
  - 24. The computer program product according to claim 21, wherein one or more of said one or more elements is not displayed on said web form.
  - 25. The computer program product according to claim 21, wherein said computer usable code configured for analyzing comprises:
    - computer usable code configured for generating one or more tests for each of said one or more elements to be analyzed;
      
      computer usable code configured for transmitting said one or more tests to said server; and
      
      computer usable code configured for receiving a response to each of said one or more tests.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Finjan Blue, Inc. (FIG LLC (d/b/a Fortress Investment Group LLC))
Original Assignee
International Business Machines Corporation
Inventors
WEISMAN, Omri

Granted Patent

US 9,264,443 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

H04L 63/1433 Vulnerability analysis

BROWSER BASED METHOD OF ASSESSING WEB APPLICATION VULNERABILITY

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

BROWSER BASED METHOD OF ASSESSING WEB APPLICATION VULNERABILITY

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links