Integrated crawling and auditing of web applications and web content
First Claim
Patent Images
1. A method for performing a vulnerability assessment of a target object, the method comprising the steps of:
- identifying a target object to assess;
initiating a crawling process on the identified object;
storing the results of the crawling process into a queue in a memory storage device;
initiating an audit process while the crawling process is still in operation and additional results of the crawling process are being stored into the memory storage device;
extracting one or more stored results of the crawling process from the memory storage device and providing them to the audit process;
storing the results of the audit process into the memory storage device;
extracting the stored results of the audit process from the memory storage device and providing them to the crawling process, while the crawling process is still in operation, for further crawling; and
allocating processing power to the co-operating crawling process and the audit process based on the number of results existing in the queue.
10 Assignments
0 Petitions
Accused Products
Abstract
A vulnerability assessment tool that is operative to analyze web sites by simultaneously operating a crawling process and an audit process. Once the crawling process is invoked, the results are provided to the audit process. The audit process, rather than waiting until the crawl process is completed, simultaneously audits the web site based on the already provided crawl results. The results of the audit are also fed back to the crawl process to further enhance the crawl.
-
Citations
15 Claims
-
1. A method for performing a vulnerability assessment of a target object, the method comprising the steps of:
-
identifying a target object to assess; initiating a crawling process on the identified object; storing the results of the crawling process into a queue in a memory storage device; initiating an audit process while the crawling process is still in operation and additional results of the crawling process are being stored into the memory storage device; extracting one or more stored results of the crawling process from the memory storage device and providing them to the audit process; storing the results of the audit process into the memory storage device; extracting the stored results of the audit process from the memory storage device and providing them to the crawling process, while the crawling process is still in operation, for further crawling; and allocating processing power to the co-operating crawling process and the audit process based on the number of results existing in the queue. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for assessing the vulnerability of a target object, the system comprising:
-
a memory device; a crawler process, communicatively coupled to the memory device and operative to conduct a crawl of the target object and store the results of the crawl into the memory device; a scanner process, communicatively coupled to the crawler process and operative to invoke the crawler process by providing the identity of the target object; an audit process, communicatively coupled to the memory device and operative to conduct an audit simultaneously with the operation of the crawler process by extracting the results of the crawler process from the memory device while the crawler process continues to add new results to the memory device; and a plurality of audit engines invoked by the audit process and operative to perform various attacks on the target object, wherein the audit process is further operative to obtain attack results from the plurality of audit engines and provide at least a portion of the attack results as further input to the crawler process while the crawler process is still operating, and wherein the audit process is further operative to store the attack results into the memory device and the scanner process is further operative to allocate processing power between the crawling process and the auditing process based at least in part on the number of crawling results and attack results stored in the memory device. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A method for performing a vulnerability assessment of a target object and providing results thereof to a user, the method comprising the steps of:
-
receiving input identifying a target object to assess; conducting a crawling process on the identified object; storing the results of the crawling process into a queue in a memory storage device; conducting an audit process while the crawling process is still in operation and results are still being stored into the memory storage device; extracting one or more of the stored results of the crawling process from the memory storage device and providing them to the audit process; storing the results of the audit process into the memory storage device; extracting the stored results of the audit process from the memory storage device and providing them to the crawling process, while the crawling process is still in operation, for further crawling; and allocating processing power to the co-operating crawling process and the audit process based on the number of results existing in the queue. - View Dependent Claims (15)
-
Specification