Security Testing Using Semantic Modeling
First Claim
1. A method for optimized testing of vulnerabilities in an application, the method comprising:
- generating a first probe directed to determine whether an application is vulnerable to a first type of attack;
analyzing one or more responses from the application based on the application responding to the first probe;
in response to determining that the one or more responses from the application validate a first hypothesis about one or more vulnerabilities associated with the application, generating at least a second probe to further verify the first hypothesis, wherein the second probe focuses on discovering additional details about the application'"'"'s vulnerabilities to the first type of attack or a second type of attack.
6 Assignments
0 Petitions
Accused Products
Abstract
Optimized testing of vulnerabilities in an application implemented by a method includes generating a first probe directed to determine whether an application is vulnerable to a first type of attack; analyzing one or more responses from the application based on the application responding to the first probe; in response to determining that the one or more responses from the application validate a first hypothesis about one or more vulnerabilities associated with the application, and generating at least a second probe to further verify the first hypothesis. The second probe focuses on discovering additional details about the application'"'"'s vulnerabilities to the first type of attack or a second type of attack.
-
Citations
15 Claims
-
1. A method for optimized testing of vulnerabilities in an application, the method comprising:
-
generating a first probe directed to determine whether an application is vulnerable to a first type of attack; analyzing one or more responses from the application based on the application responding to the first probe; in response to determining that the one or more responses from the application validate a first hypothesis about one or more vulnerabilities associated with the application, generating at least a second probe to further verify the first hypothesis, wherein the second probe focuses on discovering additional details about the application'"'"'s vulnerabilities to the first type of attack or a second type of attack. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer program product comprising a computer readable storage medium having a computer readable program, wherein the computer readable program when executed on a computer causes the computer to:
-
generate a first probe directed to determine whether an application is vulnerable to a first type of attack; analyze one or more responses from the application based on the application responding to the first probe; and in response to determining that the one or more responses from the application validate a first hypothesis about one or more vulnerabilities associated with the application, generate at least a second probe to further verify the first hypothesis, wherein the second probe focuses on discovering additional details about the application'"'"'s vulnerabilities to the first type of attack or a second type of attack. - View Dependent Claims (12, 13, 14, 15)
-
Specification