DETECTING PERSISTENT VULNERABILITIES IN WEB APPLICATIONS
1 Assignment
0 Petitions
Accused Products
Abstract
A method, including storing a test payload to a persistent state of an application and performing a static analysis to identify a first code location in the application that retrieves the test payload, to identify a first path from an entry point to the first code location, and to identify a second path from the first code location to a second code location that executes a security sensitive operation using the retrieved data. A dynamic analysis is then performed to retrieve the test payload via the first path, and to convey the test payload to the second code location via the second path.
-
Citations
21 Claims
-
1-7. -7. (canceled)
-
8. An apparatus, comprising:
-
a memory; and a processor coupled to the memory and configured to; store a test payload to a persistent state of an application; perform a static analysis to identify a first code location in the application that retrieves the test payload, to identify a first path from an entry point to the first code location, and to identify a second path from the first code location to a second code location that executes a security sensitive operation using the retrieved data; and perform a dynamic analysis to retrieve the test payload via the first path, and to convey the test payload to the second code location via the second path. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product, the computer program product comprising:
-
a computer readable storage medium having computer readable program code embodied therewith, the computer readable program code comprising; computer readable program code configured to store a test payload to a persistent state of an application; computer readable program code configured to perform a static analysis to identify a first code location in the application that retrieves the data, to identify a first path from an entry point to the first code location, and to identify a second path from the first code location to a second code location that executes a security sensitive operation using the retrieved data; and computer readable program code configured to perform a dynamic analysis to retrieve the test payload via the first path, and to convey the test payload to the second code location via the second path. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification