Systems and methods for client-side vulnerability scanning and detection

US 8,752,183 B1
Filed: 07/10/2012
Issued: 06/10/2014
Est. Priority Date: 07/10/2012
Status: Expired due to Fees

First Claim

Patent Images

1. A method for testing a vulnerability of a web site, comprising:

receiving a first set of addresses;

identifying a second set of addresses by analyzing a first set of web pages located at the first set of addresses;

identifying a third set of addresses by analyzing a first set of document object models (DOMs) associated with the first set of web pages and associated with a second set of web pages located at the second set of addresses;

probing a third set of web pages for presence of a set of vulnerabilities using a document object model (DOM) analysis script to analyze a second set of document object models (DOMs) associated with the third set of web pages as a set of attack vectors is applied to the third set of web pages, wherein the third set of web pages is located at the first, second, and third sets of addresses, and the DOM analysis script is inserted into the third set of web pages; and

determining presence of the set of vulnerabilities for the third set of web pages based on a set of results from the probing, wherein the attack vectors are designed to exploit a vulnerability of a web page.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments presented herein relate to scanning for and detecting web page vulnerabilities, including cross-site scripting (XSS). Some embodiments are configured to scan for and detect vulnerabilities of a target web page using a client-based approach, which may employ a remotely-controlled web browser application capable of generating a document object model (DOM) for the target web page as it is accessed. Some embodiments may scan for and detect web page vulnerabilities by monitoring the DOM associated with a targeted web page as one or more attack vectors are applied to the target web page. Certain embodiments are capable of detecting web page vulnerabilities independent of the complexity or presence of an event model, or obfuscation of the malicious code (e.g., XSS code). Target web pages that are scanned may include those associated with an application coded in a web browser-supported language, such a Rich Internet Application (RIA).

108 Citations

31 Claims

1. A method for testing a vulnerability of a web site, comprising:
- receiving a first set of addresses;
  
  identifying a second set of addresses by analyzing a first set of web pages located at the first set of addresses;
  
  identifying a third set of addresses by analyzing a first set of document object models (DOMs) associated with the first set of web pages and associated with a second set of web pages located at the second set of addresses;
  
  probing a third set of web pages for presence of a set of vulnerabilities using a document object model (DOM) analysis script to analyze a second set of document object models (DOMs) associated with the third set of web pages as a set of attack vectors is applied to the third set of web pages, wherein the third set of web pages is located at the first, second, and third sets of addresses, and the DOM analysis script is inserted into the third set of web pages; and
  
  determining presence of the set of vulnerabilities for the third set of web pages based on a set of results from the probing, wherein the attack vectors are designed to exploit a vulnerability of a web page.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising inserting the DOM analysis script into each web page in the third set of web pages before probing the third set of web pages.
  - 3. The method of claim 1, wherein the DOM analysis script is inserted into the third set of web pages using a proxy.
  - 4. The method of claim 1, wherein the DOM analysis script is inserted into the third set of web pages by embedding code from the DOM analysis script into code of each web page in the third set of web pages.
  - 5. The method of claim 1, wherein the DOM analysis script is written in JavaScript.
  - 6. The method of claim 1, wherein the DOM analysis script enables monitoring of read access or write access to a document object model (DOM) property, and the DOM property relates to a document object model (DOM) of a web page in which the DOM analysis script is inserted.
  - 7. The method of claim 1, wherein the DOM analysis script is written in a specific scripting language, and the DOM analysis script overwrites an operation native to the specific scripting language such that inspection of a function call, defined using the specific scripting language, is enabled.
  - 8. The method of claim 1, wherein the DOM analysis script is configured to prevent a property change to a document object model (DOM) associated with a web page in which the DOM analysis script is inserted.
  - 9. The method of claim 1, wherein the tested vulnerability comprises a Cross-Site Scripting (XSS) vulnerability.
  - 10. The method of claim 1, wherein the tested vulnerability comprises a document object model (DOM)-based Cross-Site Scripting (DOMXSS) vulnerability.
  - 11. The method of claim 1, further comprising generating the first set of DOMs in association with the first and second sets of web pages by opening the first and second sets of web pages in a web browser context.
  - 12. The method of claim 1, further comprising generating the second set of DOMs in association with the third set of web pages by opening the third set of web pages in a web browser context.
  - 13. The method of claim 1, wherein determining the presence of the set of vulnerabilities based on the set of results comprises matching a result in the set of results with a vulnerability result signature associated with a vulnerability in the set of vulnerabilities.

14. A system for testing a vulnerability of a web site, comprising:
- a processor; and
  
  a non-transitory computer readable medium having instructions embedded therein, the instructions executable by a processor and configured to;
  
  receive a first set of addresses,identify a second set of addresses by analyzing the first set of web pages located at the first set of addresses, andidentify a third set of addresses by analyzing a first set of document object models (DOMs) associated with the first set of web pages and a second set of web pages located at the second set of addresses;
  
  probe a third set of web pages for presence of a set of vulnerabilities using a document object model (DOM) analysis script to analyze a second set of document object models (DOMs) associated with the third set of web pages as a set of attack vectors is applied to the third set of web pages, anddetermine presence of the set of vulnerabilities for the third set of web pages based on a result from the probing,wherein the third set of web pages is located at the first, second, and third sets of addresses, wherein the DOM analysis script is inserted into the third set of web pages, and wherein the attack vectors are designed to exploit a vulnerability of a web page.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 15. The system of claim 14, the instructions further configured to insert, using a proxy, the DOM analysis script into each web page in the third set of web pages before probing the third set of web pages.
  - 16. The system of claim 14, wherein the DOM analysis script is inserted into the third set of web pages by embedding code from the DOM analysis script into code of each web page in the third set of web pages.
  - 17. The system of claim 14, wherein the DOM analysis script is written in JavaScript.
  - 18. The system of claim 14, wherein the DOM analysis script enables monitoring of read access or write access to a document object model (DOM) property, and the DOM property relates to a document object model (DOM) of a web page in which the DOM analysis script is inserted.
  - 19. The system of claim 14, wherein the DOM analysis script is written in a specific scripting language, and the DOM analysis script overwrites an operation native to the specific scripting language such that inspection of a function call, defined using the specific scripting language, is enabled.
  - 20. The system of claim 14, wherein the DOM analysis script is configured to prevent a property change to a document object model (DOM) associated with a web page in which the DOM analysis script is inserted.
  - 21. The system of claim 14, wherein the tested vulnerability comprises a Cross-Site Scripting (XSS) vulnerability.
  - 22. The system of claim 14, wherein the tested vulnerability comprises a document object model (DOM)-based Cross-Site Scripting (DOMXSS) vulnerability.
  - 23. The system of claim 14, the instructions further configured to generate the first set of DOMs in association with the first and second sets of web pages by opening the first and second sets of web pages in a web browser context.
  - 24. The system of claim 14, the instructions further configured to generate the second set of DOMs in association with the third set of web pages by opening the third set of web pages in a web browser context.
  - 25. The system of claim 14, wherein determining the presence of the set of vulnerabilities based on the set of results comprises matching a result in the set of results with a vulnerability result signature associated with a vulnerability in the set of vulnerabilities.

26. A system for testing a vulnerability of a web site, comprising:
- a processor; and
  
  a non-transitory computer readable medium having instructions embedded therein, the instructions executable by a processor and configured to;
  
  traverse a first set of URLs to a first set of web pages, andidentify a second set of universal resource locators (URLs) from the first set of web pages;
  
  traverse the first and second sets of URLs to a second set of web pages in a web browser context such that a first set of document object models (DOMs) is generated in association with the second set of web pages, andidentify a third set of universal record locators (URLs) based on the first set of document object models (DOMs); and
  
  traverse the first, second, and third sets of URLs to a third set of web pages in the web browser context such that a second set of document object models (DOMs) is generated in association with the third set of web pages and in context of a document object model (DOM) analysis script inserted into the third set of web pages,probe the third set of web pages for presence of a set of vulnerabilities by using the DOM analysis script to analyze the second set of DOMs as a set of attack vectors is applied to the third set of web pages, anddetermine presence of the set of vulnerabilities for the third set of web pages based on a result from the probing, wherein the attack vectors are designed to exploit a vulnerability of a web page.
- View Dependent Claims (27, 28, 29, 30)
- - 27. The system of claim 26, the instructions further configured to:
    - traverse a universal resource locater (URL) to a target web page using a web browser application, andprovide a traversal result from the web browser application, wherein the traversal result includes a document object module (DOM) generated for the target web page.
  - 28. The system of claim 26, the instructions further configured to:
    - insert the DOM analysis script into a requested web page as the requested web page is provided through the web browser context.
  - 29. The system of claim 26, wherein the first set of DOMs is generated in association with the second set of web pages and in context of the DOM analysis script inserted into the second set of web pages.
  - 30. The system of claim 29, the instructions further configured to:
    - insert the DOM analysis script into a requested web page as the requested web page is provided through the web browser context.

31. A system for testing a vulnerability of a web site, comprising:
- means for receiving a first set of addresses;
  
  means for identifying a second set of addresses by analyzing a first set of web pages located at the first set of addresses;
  
  means for identifying a third set of addresses by analyzing a first set of document object models (DOMs) associated with the first set of web pages and associated with a second set of web pages located at the second set of addresses;
  
  means for probing a third set of web pages for presence of a set of vulnerabilities using a document object model (DOM) analysis script to analyze a second set of document object models (DOMs) associated with the third set of web pages as a set of attack vectors is applied to the third set of web pages, wherein the third set of web pages is located at the first, second, and third sets of addresses, and the DOM analysis script is inserted into the third set of web pages; and
  
  means for determining presence of the set of vulnerabilities for the third set of web pages based on a set of results from the probing, wherein the attack vectors are designed to exploit a vulnerability of a web page.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hoyt Technologies, Inc.
Original Assignee
Hoyt Technologies, Inc.
Inventors
Heiderich, Mario, Heyes, Gareth, Aranguren-Aznarez, Abraham
Primary Examiner(s)
Dinh, Minh

Application Number

US13/545,890
Time in Patent Office

700 Days
Field of Search

None
US Class Current

726/25
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/2119   Authenticating web pages, e...

H04L 63/1483   service impersonation, e.g....

H04L 67/02   based on web technology, e....

Systems and methods for client-side vulnerability scanning and detection

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

108 Citations

31 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for client-side vulnerability scanning and detection

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

108 Citations

31 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others