Internet security analysis system and process

US 6,996,845 B1
Filed: 11/28/2000
Issued: 02/07/2006
Est. Priority Date: 11/28/2000
Status: Expired due to Term

- Alert
- Pin

First Claim

Patent Images

1. A process of detecting security vulnerabilities present in a target Web site, comprising:

establishing an Internet connection with the target Web site;

retrieving a default Web page for the target Web site;

parsing through the default Web page to identify any linked-to Web pages or objects which are included in the default Web page;

automatically passing an authorized username and password to the target Web site, if required to gain access to the target Web site;

scanning the target Web site for at least one known exploit in order to identify security vulnerabilities;

applying at least one predetermined hack method to the target Web site in order to identify security vulnerabilities; and

outputting the security vulnerabilities.

View all claims

11 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

An automated Web security analysis system and process identifies security vulnerabilities in a target Internet Web site by parsing through the target Web site to search for a predetermined list of common security vulnerabilities. The process is recursive, exploiting information gathered throughout the process to search for additional security vulnerabilities. A prioritized list of detected security vulnerabilities is then presented to a user, including preferably a list of recommendations to eliminate the detected security vulnerabilities.

128 Citations

View as Search Results

66 Claims

1. A process of detecting security vulnerabilities present in a target Web site, comprising:
- establishing an Internet connection with the target Web site;
  
  retrieving a default Web page for the target Web site;
  
  parsing through the default Web page to identify any linked-to Web pages or objects which are included in the default Web page;
  
  automatically passing an authorized username and password to the target Web site, if required to gain access to the target Web site;
  
  scanning the target Web site for at least one known exploit in order to identify security vulnerabilities;
  
  applying at least one predetermined hack method to the target Web site in order to identify security vulnerabilities; and
  
  outputting the security vulnerabilities.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. the method of claim 1, further comprising scanning at least one of the security vulnerabilities for at least one known exploit in order to identify further security vulnerabilities.
  - 3. The method of claim 1, further comprising parsing through the linked-to Web pages to identify any further-linked-to Web pages or objects which are included in the linked-to Web pages.
  - 4. The method of claim 3, further comprising parsing through the default Web page to identify any hidden Web pages or objects which are included in the hidden Web pages.
  - 5. The method of claim 4, further comprising parsing through the hidden Web-pages to identify any further-hidden Web pages or objects which are included in the further-hidden Web pages.
  - 6. The method of claim 5, further comprising:
    - comparing each hidden Web page and each further-hidden Web page to each linked-to Web page and each further-linked-to Web page; and
      
      identifying each hidden Web page and each further-hidden Web page that is different from the linked-to Web pages and the further-linked to Web pages.
  - 7. The method of claim 3, wherein the parsing through the default Web page and the parsing through the linked-to Web pages include performing a keyword search in order to detect at least one point of interest.
  - 8. The method of claim 7, wherein the at least one point of interest is selected from the group consisting of an administration Web page and a directory list tag.
  - 9. The method of claim 7, wherein the applying at least one predetermined hack method includes attempting to access unauthorized files located outside the target Web site'"'"'s root directory.
  - 10. The method of claim 3, wherein the applying at least one predetermined hack method includes attempting to access unauthorized files located outside the target Web site'"'"'s root directory.
  - 11. The method of claim 10, wherein the scanning the target Web site for at least one known exploit includes checking for at least one common filename.
  - 12. The method of claim 11, wherein the at least one common filename is selected from the group consisting of “
    - msadcs.dll” and
      
      “
      
      WS_FTP.LOG.”
  - 13. The method of claim 3, wherein the applying at least one predetermined hack method includes automatically passing multiple usernames and passwords to the target Web site if a login Web page is encountered.

14. A process of detecting security vulnerabilities present in a target Web site, comprising:
- establishing an Internet connection with the target Web site;
  
  retrieving a default Web page for the target Web site;
  
  parsing through the default Web page to identify any linked-to Web pages or objects which are included in the default Web page, wherein the parsing includes performing a keyword search in order to detect at least one point of interest;
  
  scanning the target Web site for at least one known exploit in order to identify security vulnerabilities;
  
  applying at least one predetermined hack method to the target Web site in order to identify security vulnerabilities; and
  
  prioritizing the security vulnerabilities.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 15. The method of claim 14, further comprising parsing through the default Web page to identify any hidden Web pages or objects which are included in the hidden Web pages.
  - 16. The method of claim 15, further comprising parsing through the hidden Web-pages to identify any further-hidden Web pages or objects which are included in the further-hidden Web pages.
  - 17. The method of claim 16, further comprising:
    - comparing each hidden Web page and each further-hidden Web page to each linked-to Web page and each further-linked-to Web page; and
      
      identifying each hidden Web page and each further-hidden Web page that is different from the linked-to Web pages and the further-linked to Web pages.
  - 18. The method of claim 14, further comprising parsing through the linked-to Web pages to identify any further-linked-to Web pages or objects which are included in the linked-to Web pages.
  - 19. The method of claim 18, wherein the at least one point of interest is selected from the group consisting of an administration Web page and a directory list tag.
  - 20. The method of claim 18, further comprising scanning at least one of the security vulnerabilities for at least one known exploit in order to identify further security vulnerabilities.
  - 21. The method of claim 18, wherein the applying at least one predetermined hack method includes attempting to access unauthorized files located outside the target Web site'"'"'s root directory.
  - 22. The method of claim 18, further comprising automatically passing an authorized username and password to the target Web site, if required to gain access to the target Web site.
  - 23. The method of claim 18, wherein the applying at least one predetermined hack method includes automatically passing multiple usernames and passwords to the target Web site if a login Web page is encountered.
  - 24. The method of claim 18, wherein the applying at least one predetermined hack method includes passing invalid data to a data entry field of the target Web site and evaluating the result.
  - 25. The method of claim 24, further comprising:
    - recording the invalid data which produces a security vulnerability; and
      
      passing the recorded invalid data to at least one other data entry field of the target Web site.

26. A process of detecting security vulnerabilities present in a target Web site, comprising:
- establishing an Internet connection with the target Web site;
  
  retrieving a default Web page for the target Web site;
  
  parsing through the default Web page to identify any linked-to Web pages or objects which are included in the default Web page;
  
  scanning the target Web site for at least one known exploit in order to identify security vulnerabilities;
  
  applying at least one predetermined hack method to the target Web site in order to identify security vulnerabilities, wherein the applying at least one predetermined hack method includes attempting to access unauthorized files located outside the target Web site'"'"'s root directory; and
  
  outputting the security vulnerabilities.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 27. The method of claim 26, further comprising scanning at least one of the security vulnerabilities for at least one known exploit in order to identify further security vulnerabilities.
  - 28. The method of claim 26, further comprising parsing through the linked-to Web pages to identify any further-linked-to Web pages or objects which are included in the linked-to Web pages.
  - 29. The method of claim 28, further comprising parsing through the default Web page to identify any hidden Web pages or objects which are included in the hidden Web pages.
  - 30. The method of claim 29, further comprising parsing through the hidden Web-pages to identify any further-hidden Web pages or objects which are included in the further-hidden Web pages.
  - 31. The method of claim 30, further comprising:
    - comparing each hidden Web page and each further-hidden Web page to each linked-to Web page and each further-linked-to Web page; and
      
      identifying each hidden Web page and each further-hidden Web page that is different from the linked-to Web pages and the further-linked to Web pages.
  - 32. The method of claim 28, wherein the parsing through the default Web page and the parsing through the linked-to Web pages include performing a keyword search in order to detect at least one point of interest.
  - 33. The method of claim 32, wherein the at least one point of interest is selected from the group consisting of an administrative Web page and a directory list tag.
  - 34. The method of claim 33, further comprising automatically passing an authorized username and password to the target Web site, if required to gain access to the target Web site.
  - 35. The method of claim 28, wherein the scanning the target Web site for at least one known exploit includes checking for at least one common filename.
  - 36. The method of claim 35, wherein the at least one common filename is selected from the group consisting of “
    - msadcs.dll” and
      
      “
      
      WS_FTP.LOG.”

37. A system for detecting security vulnerabilities present in a target Web site, comprising:
- memory for storing;
  
  a Web page database;
  
  at least one exploit; and
  
  a security vulnerability database; and
  
  a processor connected to the memory and being configured to;
  
  establish an Internet connection with the target Web site;
  
  retrieve a default Web page for the target Web site;
  
  parse through the default Web page to identify any linked-to Web pages or objects which are included in the default Web page;
  
  automatically pass an authorized username and password to the target Web site, if required to gain access to the target Web site;
  
  scan the target Web site for at least one known exploit in order to identify security vulnerabilities;
  
  apply at least one predetermined hack method to the target Web site in order to identify security vulnerabilities; and
  
  prioritize the security vulnerabilities.
- View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46)
- - 38. The system of claim 37, wherein the processor is further configured to parse through the linked-to Web pages to identify any further-linked-to Web pages or objects which are included in the linked-to Web pages.
  - 39. The system of claim 38, wherein the processor is further configured to scan at least one of the security vulnerabilities for at least one known exploit in order to identify further security vulnerabilities.
  - 40. The system of claim 39, wherein the processor is further configured to parse through the default Web page to identify any hidden Web pages or objects which are included in the hidden Web pages.
  - 41. The system of claim 40, wherein the processor is further configured to parse through the hidden Web-pages to identify any further-hidden Web pages or objects which are included in the further-hidden Web pages.
  - 42. The system of claim 41, wherein the processor is further configured to:
    - compare each hidden Web page and each further-hidden Web page to each linked-to Web page and each further-linked-to Web page; and
      
      identify each hidden Web page and each further-hidden Web page that is different from the linked-to Web pages and the further-linked to Web pages.
  - 43. The system of claim 38, wherein the applying at least one predetermined hack method includes attempting to access unauthorized files located outside the target Web site'"'"'s root directory.
  - 44. The system of claim 43, wherein the parsing through the default Web page and the parsing through the linked-to Web pages include performing a keyword search in order to detect at least one point of interest.
  - 45. The system of claim 44, wherein the at least one point of interest is selected from the group consisting of an administrative Web page and a directory list tag.
  - 46. The system of claim 38, wherein the applying at least one predetermined hack method includes automatically passing multiple usernames and passwords to the target Web site if a login Web page is encountered.

47. A system for detecting security vulnerabilities present in a target Web site, comprising:
- memory for storing;
  
  a Web page database;
  
  at least one exploit; and
  
  a security vulnerability database; and
  
  a processor connected to the memory and being configured to;
  
  establish an Internet connection with the target Web site;
  
  retrieve a default Web page for the target Web site;
  
  parse through the default Web page to identify any linked-to Web pages or objects which are included in the default Web page, wherein the parsing includes performing a keyword search in order to detect at least one point of interest;
  
  scan the target Web site for at least one known exploit in order to identify security vulnerabilities;
  
  apply at least one predetermined hack method to the target Web site in order to identify security vulnerabilities; and
  
  output the security vulnerabilities.
- View Dependent Claims (48, 49, 50, 51, 52, 53, 54, 55, 56, 57)
- - 48. The system of claim 47, wherein the processor is further configured to scan at least one of the security vulnerabilities for at least one known exploit in order to identify further security vulnerabilities.
  - 49. The system of claim 47, wherein the processor is further configured to parse through the linked-to Web pages to identify any further-linked-to Web pages or objects which are included in the linked-to Web pages.
  - 50. The system of claim 49, wherein the at least one point of interest is selected from the group consisting of an administrative Web page and a directory list tag.
  - 51. The system of claim 49, wherein the processor is further configured to parse through the default Web page to identify any hidden Web pages or objects which are included in the hidden Web pages.
  - 52. The system of claim 51, wherein the processor is further configured to parse through the hidden Web-pages to identify any further-hidden Web pages or objects which are included in the further-hidden Web pages.
  - 53. The system of claim 52, wherein the processor is further configured to:
    - compare each hidden Web page and each further-hidden Web page to each linked-to Web page and each further-linked-to Web page; and
      
      identify each hidden Web page and each further-hidden Web page that is different from the linked-to Web pages and the further-linked to Web pages.
  - 54. The system of claim 49, wherein the processor is further configured to automatically pass an authorized username and password to the target Web site, if required to gain access to the target Web site.
  - 55. The system of claim 54, wherein the applying at least one predetermined hack method includes attempting to access unauthorized files located outside the target Web site'"'"'s root directory.
  - 56. The system of claim 49, wherein the applying at least one predetermined hack method includes passing invalid data to a data entry field of the target Web site and evaluating the result.
  - 57. The system of claim 56, wherein the processor is further configured to:
    - record the invalid data which produces a security vulnerability; and
      
      pass the recorded invalid data to at least one other data entry field of the target Web site.

58. A system for detecting security vulnerabilities present in a target Web site, comprising:
- memory for storing;
  
  a Web page database;
  
  at least one exploit; and
  
  a security vulnerability database; and
  
  a processor connected to the memory and being configured to;
  
  establish an Internet connection with the target Web site;
  
  retrieve a default Web page for the target Web site;
  
  parse through the default Web page to identify any linked-to Web pages or objects which are included in the default Web page;
  
  scan the target Web site for at least one known exploit in order to identify security vulnerabilities;
  
  apply at least one predetermined hack method to the target Web site in order to identify security vulnerabilities, wherein the applying at least one predetermined hack method includes attempting to access unauthorized files located outside the target Web site'"'"'s root directory; and
  
  output the security vulnerabilities.
- View Dependent Claims (59, 60, 61, 62, 63, 64, 65, 66)
- - 59. The system of claim 58, wherein the processor is further configured to parse through the linked-to Web pages to identify any further-linked-to Web pages or objects which are included in the linked-to Web pages.
  - 60. The system of claim 59, wherein the processor is further configured to parse through the default Web page to identify any hidden Web pages or objects which are included in the hidden Web pages.
  - 61. The system of claim 60, wherein the processor is further configured to parse through the hidden Web-pages to identify any further-hidden Web pages or objects which are included in the further-hidden Web pages.
  - 62. The system of claim 61, wherein the processor is further configured to:
    - compare each hidden Web page and each further-hidden Web page to each linked-to Web page and each further-linked-to Web page; and
      
      identify each hidden Web page and each further-hidden Web page that is different from the linked-to Web pages and the further-linked to Web pages.
  - 63. The system of claim 62, wherein the parsing through the default Web page and the parsing through the linked-to Web pages include performing a keyword search in order to detect at least one point of interest.
  - 64. The system of claim 63, wherein the at least one point of interest is selected from the group consisting of an administration Web page and a directory list tag.
  - 65. The system of claim 59, wherein the processor is further configured to automatically pass an authorized username and password to the target Web site, if required to gain access to the target Web site.
  - 66. The system of claim 65, wherein the processor is further configured to scan at least one of the security vulnerabilities for at least one known exploit in order to identify further security vulnerabilities.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Micro Focus LLC (Open Text Corporation)
Original Assignee
SPI Dynamics Incorporated (HP Inc.)
Inventors
Sima, Caleb Ikaki, Barrall, Darrin Ray, Hurst, Dennis Wayne
Primary Examiner(s)
Smithers, Matthew

Application Number

US09/722,655
Time in Patent Office

1,897 Days
Field of Search

713/201, 713/200, 726/25, 726/22
US Class Current

726/25
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/2119   Authenticating web pages, e...

H04L 63/1433   Vulnerability analysis

H04L 63/168   above the transport layer

Internet security analysis system and process

First Claim

11 Assignments

Litigations

0 Petitions

Accused Products

Abstract

128 Citations

66 Claims

Specification

Solutions

Use Cases

Quick Links

Internet security analysis system and process

First Claim

11 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

128 Citations

66 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links