DYNAMICALLY SCANNING A WEB APPLICATION THROUGH USE OF WEB TRAFFIC INFORMATION

US 20130191913A1
Filed: 07/31/2012
Published: 07/25/2013
Est. Priority Date: 01/24/2012
Status: Active Grant

First Claim

Patent Images

1. A method of dynamically scanning a web application, the method comprising:

collecting log file data from at least one log file;

from the collected log file data, generating at least one HTTP request to exercise a web application to perform a security analysis of the web application;

communicating the HTTP request to the web application;

receiving at least one HTTP response to the HTTP request;

analyzing the HTTP response to perform validation of the web application; and

outputting results of the validation.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Collecting log file data from at least one log file. From the collected log file data, at least one HTTP request can be generated to exercise a web application to perform a security analysis of the web application. The HTTP request can be communicated to the web application. At least one HTTP response to the HTTP request can be received. The HTTP response can be analyzed to perform validation of the web application. Results of the validation can be output.

Citations

10 Claims

1. A method of dynamically scanning a web application, the method comprising:
- collecting log file data from at least one log file;
  
  from the collected log file data, generating at least one HTTP request to exercise a web application to perform a security analysis of the web application;
  
  communicating the HTTP request to the web application;
  
  receiving at least one HTTP response to the HTTP request;
  
  analyzing the HTTP response to perform validation of the web application; and
  
  outputting results of the validation.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - filtering the collected log file data to remove redundant information from the collected log file data.
  - 3. The method of claim 1, further comprising:
    - transforming at least a portion of the collected log file data into at least one data structure recognizable by the web application; and
      
      including the data structure in the HTTP request.
  - 4. The method of claim 1, wherein the at least one log file comprises a log file maintained by an application client on which a client application is executed to access the web application.
  - 5. The method of claim 1, wherein the at least one log file comprises a log file maintained by a web server that hosts the web application.
  - 6. The method of claim 1, wherein the at least one log file comprises a log file maintained by network infrastructure of a communication network to which an application client on which a client application is executed is communicatively linked.
  - 7. The method of claim 1, wherein the at least one log file comprises a log file maintained by network infrastructure of a communication network to which a web server that hosts the web application is communicatively linked.
  - 8. The method of claim 1, wherein the log file data comprises at least one cookie, the method further comprising:
    - refreshing the cookie for the HTTP request.
  - 9. The method of claim 1, further comprising:
    - identifying at least one URL identified in the collected log file data;
      
      wherein generating the at least one HTTP request comprises submitting in the HTTP request a hazardous payload to the URL.

10-25. -25. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
AMIT, YAIR, KREICHMAN, IGAL, BACHAR, RONEN, GUY, LOTEM, NORDAN, RON, SALTZMAN, ROI, SEGAL, ORI

Granted Patent

US 9,208,309 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/552   involving long-term monitor...

H04L 63/166   at the transport layer

H04L 67/02   based on web technology, e....

DYNAMICALLY SCANNING A WEB APPLICATION THROUGH USE OF WEB TRAFFIC INFORMATION

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

DYNAMICALLY SCANNING A WEB APPLICATION THROUGH USE OF WEB TRAFFIC INFORMATION

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links