Web Application Vulnerability Scanner
First Claim
Patent Images
1. A method of detecting website vulnerabilities;
- connecting to a website;
retrieving a webpage from the website;
identifying a link within the retrieved webpage;
comparing the identified link to a known database of links to determine a unique link;
requesting the unique link from a server;
generating an attack string directed to the requested unique link; and
identifying security vulnerabilities within the requested unique link.
5 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is a method for quickly indentifying vulnerabilities in web applications. The method determines website links of interest and evaluates sites for web application vulnerabilities. Both in the selection of links and in their evaluation the method employs various heuristics to enforce a fast evaluation while requiring minimal resources to run.
56 Citations
20 Claims
-
1. A method of detecting website vulnerabilities;
-
connecting to a website; retrieving a webpage from the website; identifying a link within the retrieved webpage; comparing the identified link to a known database of links to determine a unique link; requesting the unique link from a server; generating an attack string directed to the requested unique link; and identifying security vulnerabilities within the requested unique link. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of detecting website vulnerabilities;
-
connecting to a website; retrieving a webpage from the website; identifying a link within the retrieved webpage; comparing the identified link to a known database of links to determine a unique link; disposing of links determined not to be unique and characterizing and storing the unique links; ending the retrieval of webpages and identification of links therein upon the occurrence of an end condition being selected from the group consisting essentially of a time based event, a determined number of examined links event and a lack of new webpages to crawl; requesting the unique link from a server; generating an attack string directed to the requested unique link; and identifying security vulnerabilities within the requested unique link. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A method of detecting website vulnerabilities;
-
connecting to a website; retrieving a webpage from the website; identifying a link within the retrieved webpage; comparing the identified link to a known database of links to determine a unique link; ending the retrieval of webpages and identification of links therein upon the occurrence of an end condition selected from the group consisting essentially of a time based event, a determined number of examined links event and a lack of new webpages to crawl; requesting the unique link from a server; generating an attack string directed to the requested unique link, wherein the generated attack string instructs a plurality of errors is selected from two or more of the vectors groups essentially consisting of structured query languages (SQL), cross-site scripting (XSS), remote file inclusion (RFI) and combinations thereof; and identifying security vulnerabilities within the requested unique link. - View Dependent Claims (18, 19, 20)
-
Specification