Detecting persistent vulnerabilities in web applications

US 8,949,992 B2
Filed: 05/31/2011
Issued: 02/03/2015
Est. Priority Date: 05/31/2011
Status: Expired due to Fees

First Claim

Patent Images

1. An apparatus, comprising:

a memory;

an application at the memory;

a static analysis application at the memory;

a dynamic analysis application at the memory; and

a processor in communication with the memory and configured to;

execute an instrumentation application configured to monitor a persistent state of the application;

perform, by the dynamic analysis application at the memory, a first dynamic analysis to explore the application at the memory to provide for a conveyance of a test payload to the persistent state of the application, including a file that is accessed by the application, wherein the test payload comprises a malware application configured to perform a persistent cross-site scripting (XSS) attack;

store, at a storage device, the test payload, the test payload transferred to the persistent state of the application, wherein the test payload remains dormant until the test payload is retrieved by the application from the storage device;

process a notification including information that the test payload is transferred to a location at the storage device;

perform, by the static analysis application at the memory in response to receiving the notification that the test payload was transmitted to the persistent state, a static analysis to identify a first code location in the application that interacts with the persistent state of the application at the storage device, to identify a first path from an entry point of the application to the first code location in the application, and to identify a second path from the first code location to a second code location in the application that executes a security sensitive operation using retrieved data, the static analysis performed to identify how the persistent XSS attack related to the test payload can attack the application at the memory; and

perform, by the dynamic analysis application at the memory, a second dynamic analysis to retrieve the test payload from the persistent state via the first path, and to convey the test payload to the second code location via the second path, the second dynamic analysis performed to verify the persistent XSS attack using the first and second paths identified in the static analysis.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, including storing a test payload to a persistent state of an application and performing a static analysis to identify a first code location in the application that retrieves the test payload, to identify a first path from an entry point to the first code location, and to identify a second path from the first code location to a second code location that executes a security sensitive operation using the retrieved data. A dynamic analysis is then performed to retrieve the test payload via the first path, and to convey the test payload to the second code location via the second path.

36 Citations

View as Search Results

12 Claims

1. An apparatus, comprising:
- a memory;
  
  an application at the memory;
  
  a static analysis application at the memory;
  
  a dynamic analysis application at the memory; and
  
  a processor in communication with the memory and configured to;
  
  execute an instrumentation application configured to monitor a persistent state of the application;
  
  perform, by the dynamic analysis application at the memory, a first dynamic analysis to explore the application at the memory to provide for a conveyance of a test payload to the persistent state of the application, including a file that is accessed by the application, wherein the test payload comprises a malware application configured to perform a persistent cross-site scripting (XSS) attack;
  
  store, at a storage device, the test payload, the test payload transferred to the persistent state of the application, wherein the test payload remains dormant until the test payload is retrieved by the application from the storage device;
  
  process a notification including information that the test payload is transferred to a location at the storage device;
  
  perform, by the static analysis application at the memory in response to receiving the notification that the test payload was transmitted to the persistent state, a static analysis to identify a first code location in the application that interacts with the persistent state of the application at the storage device, to identify a first path from an entry point of the application to the first code location in the application, and to identify a second path from the first code location to a second code location in the application that executes a security sensitive operation using retrieved data, the static analysis performed to identify how the persistent XSS attack related to the test payload can attack the application at the memory; and
  
  perform, by the dynamic analysis application at the memory, a second dynamic analysis to retrieve the test payload from the persistent state via the first path, and to convey the test payload to the second code location via the second path, the second dynamic analysis performed to verify the persistent XSS attack using the first and second paths identified in the static analysis.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The apparatus according to claim 1, wherein the processor is configured to store the test payload by performing the first dynamic analysis.
  - 3. The apparatus according to claim 2, wherein the processor is configured to, prior to performing the first dynamic analysis, execute the instrumentation application configured to monitor the persistent state of the application.
  - 4. The apparatus according to claim 3, wherein the processor is configured to initiate the static analysis upon the instrumentation application detecting the stored test payload.
  - 5. The apparatus according to claim 1, wherein the entry point comprises a Uniform Resource Locator (URL) of the application.
  - 6. The apparatus according to claim 1, wherein the second dynamic analysis verifies the persistent XSS attack.

7. A computer program product, the computer program product comprising:
- a non-transitory computer readable storage medium having computer readable program code embodied therewith that is executable by a processor, the computer readable program code comprising;
  
  computer readable program code configured to execute an instrumentation application configured to monitor a persistent state of an application at a memory;
  
  computer readable program code configured to perform a first dynamic analysis to explore the application at the memory to provide for a conveyance of a test payload to the persistent state of the application, including a file that is accessed by the application, wherein the test payload comprises a malware application configured to perform a persistent cross-site scripting (XSS) attack;
  
  computer readable program code configured to store, at a storage device, the test payload, the test payload transferred to the persistent state of the application, wherein the test payload remains dormant until the test payload is retrieved by the application from the storage device;
  
  computer readable program code configured to process a notification including information that the test payload is transferred to a location at the storage device;
  
  computer readable program code configured to, in response to receiving the notification that the test payload was transmitted to the persistent state, perform a static analysis to identify a first code location in the application that interacts with the persistent state of the application at the storage device, to identify a first path in the application from an entry point to the first code location in the application, and to identify a second path from the first code location to a second code location in the application that executes a security sensitive operation using retrieved data, the static analysis performed to identify how the persistent XSS attack related to the test payload can attack the application at the memory; and
  
  computer readable program code configured to perform a second dynamic analysis to retrieve the test payload from the persistent state via the first path, and to convey the test payload to the second code location via the second path, the second dynamic analysis performed to verify the persistent XSS attack using the first and second paths identified in the static analysis.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer program product according to claim 7, wherein the computer readable program code is configured to store the test payload by performing the first dynamic analysis.
  - 9. The computer program product according to claim 8, wherein the computer readable program code is configured to, prior to performing the first dynamic analysis, execute the instrumentation application configured to monitor the persistent state of the application.
  - 10. The computer program product according to claim 9, wherein the computer readable program code is configured to initiate the static analysis upon the instrumentation application detecting the stored test payload.
  - 11. The computer program product according to claim 7, wherein the entry point comprises a Uniform Resource Locator (URL) of the application.
  - 12. The computer program product according to claim 7, wherein the second dynamic analysis verifies the persistent XSS attack.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Amit, Yair, Tripp, Omer
Primary Examiner(s)
LESNIEWSKI, VICTOR D

Application Number

US13/149,158
Publication Number

US 20120311711A1
Time in Patent Office

1,344 Days
Field of Search

726/22, 726/25, 713/187
US Class Current

726/25
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/563   by source code analysis

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/1433   Vulnerability analysis

H04L 63/1466   Active attacks involving in...

Detecting persistent vulnerabilities in web applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

36 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Detecting persistent vulnerabilities in web applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links