Fuzz testing and attack-surface scoping for URI handlers and pluggable protocols
First Claim
Patent Images
1. A computer-implemented system comprising:
- a processor configured to execute computer-executable instructions; and
memory storing computer-executable instructions for;
fuzzing, by a fuzzer, at least one valid uniform resource identifier body to generate a fuzzed uniform resource identifier body;
appending a uniform resource identifier header to the fuzzed uniform resource identifier body to create a fuzzed uniform resource identifier;
monitoring, by a debugger, a target application for effects of invocation of the fuzzed uniform resource identifier; and
automatically outputting, by the debugger to the fuzzer, suggested fuzzing for one or more subsequent valid uniform resource identifier bodies based, at least, on monitored effects of the invocation of the fuzzed uniform resource identifier.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for testing uniform resource identifier protocols, comprising a fuzzer that can accept an input, and produce a fuzzed uniform resource identifier (URI), and a debugger that monitors effects of invoking the fuzzed uniform resource identifier. The input can comprise a directory containing a plurality of valid uniform resource identifier bodies, which can be fuzzed and invoked. The debugger can monitor a target application as well as other applications and/or processes affected by the uniform resource identifier as invoked.
25 Citations
20 Claims
-
1. A computer-implemented system comprising:
a processor configured to execute computer-executable instructions; and
memory storing computer-executable instructions for;fuzzing, by a fuzzer, at least one valid uniform resource identifier body to generate a fuzzed uniform resource identifier body; appending a uniform resource identifier header to the fuzzed uniform resource identifier body to create a fuzzed uniform resource identifier; monitoring, by a debugger, a target application for effects of invocation of the fuzzed uniform resource identifier; and automatically outputting, by the debugger to the fuzzer, suggested fuzzing for one or more subsequent valid uniform resource identifier bodies based, at least, on monitored effects of the invocation of the fuzzed uniform resource identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
9. A computer-implemented method comprising:
-
fuzzing, by a fuzzer on a computing device, at least one valid uniform resource body to generate a fuzzed uniform resource identifier body; appending a uniform resource identifier header to the fuzzed uniform resource identifier body to create a fuzzed uniform resource identifier; monitoring, by a debugger on the computing device, a target application for effects of invocation of the fuzzed uniform resource identifier; and automatically outputting, by the debugger to the fuzzer, suggested fuzzing for one or more subsequent valid uniform resource identifier bodies based, at least, on monitored effects of the invocation of the fuzzed uniform resource identifier. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer-readable memory storing computer-executable instructions that, when executed by a computing device, cause the computing device to perform operations comprising:
-
fuzzing, by a fuzzer on the computing device, at least one valid uniform resource identifier body to generate a fuzzed uniform resource identifier body; appending a uniform resource identifier header to the fuzzed uniform resource identifier body to create a fuzzed uniform resource identifier; monitoring, by a debugger on the computing device, a target application for effects of invocation of the fuzzed uniform resource identifier; and automatically outputting, by the debugger to the fuzzer, suggested fuzzing for one or more subsequent valid uniform resource identifier bodies based, at least, on monitored effects of the invocation of the fuzzed uniform resource identifier. - View Dependent Claims (18, 19, 20)
-
Specification