Security Testing Using Semantic Modeling

US 20150096033A1
Filed: 09/30/2013
Published: 04/02/2015
Est. Priority Date: 09/30/2013
Status: Active Grant

First Claim

Patent Images

1-10. -10. (canceled)

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Optimized testing of vulnerabilities in an application implemented by a method includes generating a first probe directed to determine whether an application is vulnerable to a first type of attack; analyzing one or more responses from the application based on the application responding to the first probe; in response to determining that the one or more responses from the application validate a first hypothesis about one or more vulnerabilities associated with the application, and generating at least a second probe to further verify the first hypothesis. The second probe focuses on discovering additional details about the application'"'"'s vulnerabilities to the first type of attack or a second type of attack.

15 Citations

View as Search Results

16 Claims

1-10. -10. (canceled)

11. A system for optimized testing of vulnerabilities in an application, the system comprising:
- a logic unit for generating a first probe directed to determine whether an application is vulnerable to a first type of attack;
  
  a logic unit for analyzing one or more responses from the application based on the application responding to the first probe; and
  
  a logic unit that in response to determining that the one or more responses from the application validate a first hypothesis about one or more vulnerabilities associated with the application, generates at least a second probe to further verify the first hypothesis, wherein the second probe focuses on discovering additional details about the application'"'"'s vulnerabilities to the first type of attack or a second type of attack.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system of claim 11, wherein one or more responses from the application based on the application responding to the second probe are analyzed to determine whether the first hypothesis is accurate.
  - 13. The system of claim 11, wherein one or more responses from the application based on the application responding to the second probe are analyzed to determine whether the first hypothesis is accurate, within a first degree of certainty.
  - 14. The system of claim 13, wherein if it is determined that the first hypothesis is accurate with in the first degree of certainty, then it is concluded that the application is vulnerable to at least the first type of attack.
  - 15. The system of claim 11, wherein a test tool is utilized to generate one or more probes targeting the application.

16-20. -20. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Globalfoundries US Incorporated (GlobalFoundries, Inc.)
Original Assignee
International Business Machines Corporation
Inventors
Beskrovny, Evgeny, Landa, Alexander, Tripp, Omer

Granted Patent

US 9,390,269 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 11/3668   Software testing software t...

G06F 11/3672   Test management

G06F 21/577   Assessing vulnerabilities a...

H04L 41/28   Restricting access to netwo...

H04L 63/1433   Vulnerability analysis

Security Testing Using Semantic Modeling

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

15 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Security Testing Using Semantic Modeling

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links