Systems and methods for client-side vulnerability scanning and detection
First Claim
1. A method for testing a vulnerability of a web site, comprising:
- receiving a first set of addresses;
identifying a second set of addresses by analyzing a first set of web pages located at the first set of addresses;
identifying a third set of addresses by analyzing a first set of document object models (DOMs) associated with the first set of web pages and associated with a second set of web pages located at the second set of addresses;
probing a third set of web pages for presence of a set of vulnerabilities using a document object model (DOM) analysis script to analyze a second set of document object models (DOMs) associated with the third set of web pages as a set of attack vectors is applied to the third set of web pages, wherein the third set of web pages is located at the first, second, and third sets of addresses, and the DOM analysis script is inserted into the third set of web pages; and
determining presence of the set of vulnerabilities for the third set of web pages based on a set of results from the probing, wherein the attack vectors are designed to exploit a vulnerability of a web page.
1 Assignment
0 Petitions
Accused Products
Abstract
Various embodiments presented herein relate to scanning for and detecting web page vulnerabilities, including cross-site scripting (XSS). Some embodiments are configured to scan for and detect vulnerabilities of a target web page using a client-based approach, which may employ a remotely-controlled web browser application capable of generating a document object model (DOM) for the target web page as it is accessed. Some embodiments may scan for and detect web page vulnerabilities by monitoring the DOM associated with a targeted web page as one or more attack vectors are applied to the target web page. Certain embodiments are capable of detecting web page vulnerabilities independent of the complexity or presence of an event model, or obfuscation of the malicious code (e.g., XSS code). Target web pages that are scanned may include those associated with an application coded in a web browser-supported language, such a Rich Internet Application (RIA).
108 Citations
31 Claims
-
1. A method for testing a vulnerability of a web site, comprising:
-
receiving a first set of addresses; identifying a second set of addresses by analyzing a first set of web pages located at the first set of addresses; identifying a third set of addresses by analyzing a first set of document object models (DOMs) associated with the first set of web pages and associated with a second set of web pages located at the second set of addresses; probing a third set of web pages for presence of a set of vulnerabilities using a document object model (DOM) analysis script to analyze a second set of document object models (DOMs) associated with the third set of web pages as a set of attack vectors is applied to the third set of web pages, wherein the third set of web pages is located at the first, second, and third sets of addresses, and the DOM analysis script is inserted into the third set of web pages; and determining presence of the set of vulnerabilities for the third set of web pages based on a set of results from the probing, wherein the attack vectors are designed to exploit a vulnerability of a web page. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for testing a vulnerability of a web site, comprising:
-
a processor; and a non-transitory computer readable medium having instructions embedded therein, the instructions executable by a processor and configured to; receive a first set of addresses, identify a second set of addresses by analyzing the first set of web pages located at the first set of addresses, and identify a third set of addresses by analyzing a first set of document object models (DOMs) associated with the first set of web pages and a second set of web pages located at the second set of addresses; probe a third set of web pages for presence of a set of vulnerabilities using a document object model (DOM) analysis script to analyze a second set of document object models (DOMs) associated with the third set of web pages as a set of attack vectors is applied to the third set of web pages, and determine presence of the set of vulnerabilities for the third set of web pages based on a result from the probing, wherein the third set of web pages is located at the first, second, and third sets of addresses, wherein the DOM analysis script is inserted into the third set of web pages, and wherein the attack vectors are designed to exploit a vulnerability of a web page. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A system for testing a vulnerability of a web site, comprising:
-
a processor; and a non-transitory computer readable medium having instructions embedded therein, the instructions executable by a processor and configured to; traverse a first set of URLs to a first set of web pages, and identify a second set of universal resource locators (URLs) from the first set of web pages; traverse the first and second sets of URLs to a second set of web pages in a web browser context such that a first set of document object models (DOMs) is generated in association with the second set of web pages, and identify a third set of universal record locators (URLs) based on the first set of document object models (DOMs); and traverse the first, second, and third sets of URLs to a third set of web pages in the web browser context such that a second set of document object models (DOMs) is generated in association with the third set of web pages and in context of a document object model (DOM) analysis script inserted into the third set of web pages, probe the third set of web pages for presence of a set of vulnerabilities by using the DOM analysis script to analyze the second set of DOMs as a set of attack vectors is applied to the third set of web pages, and determine presence of the set of vulnerabilities for the third set of web pages based on a result from the probing, wherein the attack vectors are designed to exploit a vulnerability of a web page. - View Dependent Claims (27, 28, 29, 30)
-
-
31. A system for testing a vulnerability of a web site, comprising:
-
means for receiving a first set of addresses; means for identifying a second set of addresses by analyzing a first set of web pages located at the first set of addresses; means for identifying a third set of addresses by analyzing a first set of document object models (DOMs) associated with the first set of web pages and associated with a second set of web pages located at the second set of addresses; means for probing a third set of web pages for presence of a set of vulnerabilities using a document object model (DOM) analysis script to analyze a second set of document object models (DOMs) associated with the third set of web pages as a set of attack vectors is applied to the third set of web pages, wherein the third set of web pages is located at the first, second, and third sets of addresses, and the DOM analysis script is inserted into the third set of web pages; and means for determining presence of the set of vulnerabilities for the third set of web pages based on a set of results from the probing, wherein the attack vectors are designed to exploit a vulnerability of a web page.
-
Specification