Automated user interaction in application assessment

US 7,647,631 B2
Filed: 12/07/2004
Issued: 01/12/2010
Est. Priority Date: 12/10/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method for performing a vulnerability assessment of a computer application that is accessible through a network as a web application by monitoring user interactions with the computer application through a network application and storing at least portions of the user interactions for playback during a vulnerability assessment, the method comprising the steps of:

invoking a network application used to interact with the computer application through the use of a plurality of winsocks;

searching the network application to discover where at least some of the plurality of winsocks reside in memory;

setting a breakpoint at the start of at least one of the of the discovered winsocks;

detecting the occurrence of hitting breakpoints as the result of user interactions with the web application through the network application;

in response to each detection of hitting a breakpoint;

suspending operation of the network application;

probing the network application to obtain data identifying the user interactions with a web application;

recording the obtained data as recorded interactions; and

resuming operation of the network application; and

playing back the user interactions to simulate a user interacting with the computer application through the network application, to perform a vulnerability assessment of the web application using the recorded interactions.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments of systems, methods, software tools, etc. for performing an assessment of an application are provided. One embodiment comprises a method for performing an assessment of a web application. One such method comprises: recording user interactions with a web application; and playing back the user interactions to perform an assessment of the web application.

55 Citations

View as Search Results

21 Claims

1. A method for performing a vulnerability assessment of a computer application that is accessible through a network as a web application by monitoring user interactions with the computer application through a network application and storing at least portions of the user interactions for playback during a vulnerability assessment, the method comprising the steps of:
- invoking a network application used to interact with the computer application through the use of a plurality of winsocks;
  
  searching the network application to discover where at least some of the plurality of winsocks reside in memory;
  
  setting a breakpoint at the start of at least one of the of the discovered winsocks;
  
  detecting the occurrence of hitting breakpoints as the result of user interactions with the web application through the network application;
  
  in response to each detection of hitting a breakpoint;
  
  suspending operation of the network application;
  
  probing the network application to obtain data identifying the user interactions with a web application;
  
  recording the obtained data as recorded interactions; and
  
  resuming operation of the network application; and
  
  playing back the user interactions to simulate a user interacting with the computer application through the network application, to perform a vulnerability assessment of the web application using the recorded interactions.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the step of detecting the occurrence of hitting breakpoints further comprises employing an operating system API to monitor user interactions via the browser.
  - 3. The method of claim 2, wherein the operating system API comprises a debugging functionality.
  - 4. The method of claim 1, wherein the step of playing back the user interactions to perform a vulnerability assessment of the web application comprises:
    - allowing recorded user interactions of the computer application to be selected;
      
      simulating the network application interacting with the computer application by replaying the selected user interactions in various scenarios to perform a vulnerability assessment of the computer application to the user interactions.
  - 5. The method of claim 1, further comprising:
    - receiving a request to commence the recording of user interactions;
      
      recording an authentication procedure used to establish an authenticated connection with the web application; and
      
      receiving a request to stop the recording of user interactions.
  - 6. The method of claim 5, further comprising:
    - determining when an authenticated connection has been lost; and
      
      automatically replaying the authentication procedure to re-establish connection with the computer application.

7. A vulnerability assessment system for assessing the vulnerability of computer applications available over a network as web application, the system comprising:
- a user interaction recorder for capturing interactions between a browser and a web application and storing the interactions into a storage device for future playback, the user interaction recorder being configured to invoke a network application to interact with the computer application, probe the network application to identify the memory location of a plurality of functions used to interface with the computer application over the network, setting breakpoints at one or more of the identified functions so as to allow the user interaction recorder to assume control over the network application when user interaction with the network application results in triggering a breakpoint, further probe the network application to record data of user interactions, and return control to the network application; and
  
  a processor running a playback tool for selectively accessing the recorded data of user interactions in the storage device and automatically repeating at least a subset of the recorded user interactions by simulating a user interacting with the computer application with the recorded interactions for performing a vulnerability assessment of the computer application using the previously recorded user interactions.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 8. The web application assessment system of claim 7, wherein the user interaction recorder comprises a socket recorder that operates to set breakpoints upon the invocation of a winsock.
  - 9. The vulnerability assessment system of claim 8, wherein the socket recorder comprises an operating system debug functionality.
  - 10. The vulnerability assessment system of claim 7, wherein the user interaction recorder comprises a network proxy.
  - 11. The vulnerability assessment system of claim 7, wherein the playback tool interfaces with an assessment agent for performing a vulnerability assessment of the computer application.
  - 12. The vulnerability assessment system of claim 7, wherein the playback tool automatically repeats the recorded interactions for performing a security assessment of the web application.
  - 13. The vulnerability assessment system of claim 7, wherein the user interaction recorder comprises a browser plug-in.
  - 14. The vulnerability assessment system of claim 7, wherein the user interaction recorder comprises an interactive user menu configured to enable a user to specify when the user interaction recorder records user interactions.
  - 15. The vulnerability assessment system of claim 7, further comprising a database of recorded user interactions.
  - 16. The vulnerability assessment system of claim 7, wherein the user interaction recorder records an authentication procedure used to establish an authenticated connection with the computer application.
  - 17. The vulnerability assessment system of claim 16, wherein the playback tool is configured to determine when the authenticated connection has been lost and automatically replay the authentication procedure to re-establish the authenticated connection with the web application.

18. A computer application vulnerability assessment system comprising:
- means for invoking a network application for interacting with the computer application so that a recording of the user interactions can be captured and stored, the network application being invoked by a user interaction recorder that sets breakpoints at strategic points to detect desired user interactions and to suspend the operation of the network application while recording data indicative of the user interactions; and
  
  means for selectively and automatically retrieving and repeating various portions of the captured user interactions for performing a vulnerability assessment of the computer application.

19. A web application vulnerability assessment system comprising:
- a user interaction recorder that invokes and interfaces with a web browser to capture interactions between the web browser and a web application being accessed by the web browser and stores the interactions into a memory storage device, the user interaction recorder interfacing to the web browser by identifying various functions of the web browser that result in network accesses to the web application, setting breakpoints to be triggered upon invoking one or more of these various functions and invoking a debug application to capture the breakpoints and provide control to the user interaction recorder to detect and record user interactions that resulted in invoking the functions; and
  
  a processor executing a web application assessment agent that can access the recorded user interactions in the memory storage device as input for conducting a vulnerability assessment of the web application.
- View Dependent Claims (20, 21)
- - 20. The web application vulnerability assessment system of claim 19, wherein the recorder comprises a browser plug-in.
  - 21. The web application vulnerability assessment system of claim 19, wherein the recorder comprises a socket.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus LLC (Open Text Corporation)
Original Assignee
Hewlett-Packard Development Co. (HP Inc.)
Inventors
Sima, Caleb
Primary Examiner(s)
Robinson; Greta L
Assistant Examiner(s)
Weinrich; Brian E

Application Number

US11/007,713
Publication Number

US 20050132232A1
Time in Patent Office

1,862 Days
Field of Search

726/22
US Class Current

726/22
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

Automated user interaction in application assessment

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

55 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Automated user interaction in application assessment

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links