Automated security threat testing of web pages
First Claim
Patent Images
1. A method of security testing a web application comprising:
- identifying a web application to be tested;
generating one or more functional test scripts that are configured to access the web application and to simulate user interaction with the web application;
executing the one or more functional test scripts on the web application and storing responses from the web application;
identifying potential security vulnerabilities of the web application based at least in part on the stored responses, wherein said potential security vulnerabilities include session management vulnerability, and authentication/access control vulnerability;
generating at least one security test script based at least in part from the functional test scripts, where the security test script tests said potential vulnerabilities;
executing said security test script on said web application;
logging session identifiers obtained during the execution of the security test script and determining whether the session identifiers are secure;
analyzing results of said executing said security test script; and
using the results of said executing said security test script to modify and provide increased security of said web application.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of security testing a web application is presented. The method identifies a web application to be tested, determines potential security vulnerabilities of the web application, generates one or more security tests for testing the potential vulnerabilities, and executes the security test on the web application. The results of the security testing are then used to make the web application less vulnerable to security attacks.
60 Citations
20 Claims
-
1. A method of security testing a web application comprising:
-
identifying a web application to be tested; generating one or more functional test scripts that are configured to access the web application and to simulate user interaction with the web application; executing the one or more functional test scripts on the web application and storing responses from the web application; identifying potential security vulnerabilities of the web application based at least in part on the stored responses, wherein said potential security vulnerabilities include session management vulnerability, and authentication/access control vulnerability; generating at least one security test script based at least in part from the functional test scripts, where the security test script tests said potential vulnerabilities; executing said security test script on said web application; logging session identifiers obtained during the execution of the security test script and determining whether the session identifiers are secure; analyzing results of said executing said security test script; and using the results of said executing said security test script to modify and provide increased security of said web application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory computer-readable medium storing computer executable instructions, comprising:
-
instructions for identifying a web application to be tested; instructions for generating one or more functional test scripts that are configured to access the web application and to simulate user interaction with the web application; instructions for executing the one or more functional test scripts on the web application and storing responses from the web application; instructions for identifying potential security vulnerabilities of the web application based at least in part on the stored responses, wherein said potential security vulnerabilities include session management vulnerability, and authentication/access control vulnerability instructions for generating at least one security test script based at least in part from the functional test scripts, where the security test script tests said potential vulnerabilities; instructions for executing said security test script on said web application; instructions for logging session identifiers obtained during the execution of the security test script and determining whether the session identifiers are secure; instructions for analyzing results of said executing said security test script; and instructions for using the results of said executing said security test script to provide increased security of said web application. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification