DETECTING PERSISTENT VULNERABILITIES IN WEB APPLICATIONS
First Claim
Patent Images
1. A method, comprising:
- storing a test payload to a persistent state of an application;
performing a static analysis to identify a first code location in the application that retrieves the test payload, to identify a first path from an entry point to the first code location, and to identify a second path from the first code location to a second code location that executes a security sensitive operation using the retrieved data; and
performing a dynamic analysis to retrieve the test payload via the first path, and to convey the test payload to the second code location via the second path.
0 Assignments
0 Petitions
Accused Products
Abstract
A method, including storing a test payload to a persistent state of an application and performing a static analysis to identify a first code location in the application that retrieves the test payload, to identify a first path from an entry point to the first code location, and to identify a second path from the first code location to a second code location that executes a security sensitive operation using the retrieved data. A dynamic analysis is then performed to retrieve the test payload via the first path, and to convey the test payload to the second code location via the second path.
51 Citations
7 Claims
-
1. A method, comprising:
-
storing a test payload to a persistent state of an application; performing a static analysis to identify a first code location in the application that retrieves the test payload, to identify a first path from an entry point to the first code location, and to identify a second path from the first code location to a second code location that executes a security sensitive operation using the retrieved data; and performing a dynamic analysis to retrieve the test payload via the first path, and to convey the test payload to the second code location via the second path. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification