DETERMINING VULNERABILITY OF A WEBSITE TO SECURITY THREATS

US 20160127408A1
Filed: 10/31/2014
Published: 05/05/2016
Est. Priority Date: 10/31/2014
Status: Abandoned Application

First Claim

Patent Images

1. A method for determining a vulnerability of a website to at least one security threat, the method comprising:

providing a user interface (UI);

receiving, via the UI, website data associated with the website;

based on the website data, probing the website with at least one request, the at least one request including at least one security threat signature;

receiving at least one response from the website;

comparing the at least one response to at least one expected response for the at least one request;

based on the comparison, determining the at least one security threat; and

reporting results of the determination for review.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided are methods and systems for determining a vulnerability of a website to at least one security threat. An example method can comprise providing a user interface; receiving, via the user interface, website data associated with the website; based on the website data, probing the website with at least one request, with the at least one request including at least one security threat signature; receiving at least one response from the website; comparing the least one response to at least one expected response for the at least one request; based on the comparison, determining the at least one security threat; and reporting results of the determination for review.

11 Citations

20 Claims

1. A method for determining a vulnerability of a website to at least one security threat, the method comprising:
- providing a user interface (UI);
  
  receiving, via the UI, website data associated with the website;
  
  based on the website data, probing the website with at least one request, the at least one request including at least one security threat signature;
  
  receiving at least one response from the website;
  
  comparing the at least one response to at least one expected response for the at least one request;
  
  based on the comparison, determining the at least one security threat; and
  
  reporting results of the determination for review.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein the at least one request includes at least one of the following:
    - a Hypertext Transfer Protocol (HTTP) request, a Hypertext Transfer Protocol Secure (HTTPS) request, and a Transmission Control Protocol (TCP) request; and
      
      wherein the security threat includes a Distributed Denial of Service (DDoS) attack.
  - 3. The method of claim 1, wherein the results of determination are reported to a user associated with the website.
  - 4. The method of claim 3, wherein report includes at least one of the following:
    - a list of top vulnerabilities and a comparative analysis of the website with respect to at least one similar website.
  - 5. The method of claim 4, wherein the at least one similar website is determined based on data received from a third party web traffic data provider.
  - 6. The method of claim 1, further comprising providing a management portal.
  - 7. The method of claim 1, wherein the results are provided in a predetermined format.
  - 8. The method of claim 1, wherein the results include further information associated with the at least one security threat.
  - 9. The method of claim 1, further comprising advertising further services associated with the at least one security threat.
  - 10. The method of claim 1, wherein the at least one security threat signature is received from a database or a third party provider.
  - 11. The method of claim 1, further comprising:
    - determining whether previously generated results exist for the website; and
      
      based on the determination, selectively providing the previously generated results.
  - 12. The method of claim 1, further comprising ranking the at least one security threat.
  - 13. The method of claim 1, further comprising classifying the at least one security threat into categories based on corresponding threat levels.
  - 14. The method of claim 1, wherein at least one security threat signature includes at least one of the following:
    - a code, a name, a category, a publication date, an emergence of the attack, a geo location of a botnet, a severity, a gravity of impact, and an attack pattern.
  - 15. The method of claim 1, wherein probing of the website with the at least one request is performed within a predetermined time period to prevent the website from implementing countermeasures.
  - 16. The method of claim 1, wherein the results include at least one of the following:
    - a brief description of the results, threats, and risks.
  - 17. The method of claim 1, further comprising analyzing the at least one security threat on a predetermined periodic basis.

18. A system for determining a vulnerability of a website to at least one security threat, the system comprising:
- a processor configured to;
  
  provide a user interface (UI);
  
  receive, via the UI, website data associated with the website;
  
  based on the website data, probe the website with at least one request, the at least one request including at least one security threat signature;
  
  receive at least one response from the website;
  
  compare the at least one response to at least one expected response for the at least one request;
  
  based on the comparison, determine the at least one security threat; and
  
  report results of the determination for review.
- View Dependent Claims (19)
- - 19. The system of claim 18, wherein the at least one request includes at least one of the following:
    - a Hypertext Transfer Protocol (HTTP) request, a Hypertext Transfer Protocol Secure (HTTPS) request, and a Transmission Control Protocol (TCP) request; and
      
      wherein the security threat includes a Distributed Denial of Service (DDoS) attack.

20. A non-transitory processor-readable medium having embodied thereon a program being executable by at least one processor to perform a method for determining a vulnerability of a website to at least one security threat, the method comprising:
- providing a user interface (UI);
  
  receiving, via the UI, website data associated with the website;
  
  based on the website data, probing the website with at least one request, the at least one request including at least one security threat signature;
  
  receiving at least one response from the website;
  
  comparing the at least one response to at least one expected response for the at least one request;
  
  based on the comparison, determining the at least one security threat; and
  
  reporting results of the determination for review.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nxlabs Limited
Original Assignee
Nxlabs Limited
Inventors
Miu, Tony, Yam, Reggie, Supan, Elmer, Lee, Wai Leng, Chin, Ryan

Application Number

US14/530,509
Publication Number

US 20160127408A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/1433 Vulnerability analysis

H04L 63/1458 Denial of Service

DETERMINING VULNERABILITY OF A WEBSITE TO SECURITY THREATS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

11 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

DETERMINING VULNERABILITY OF A WEBSITE TO SECURITY THREATS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others