Black-box testing of web applications with client-side code evaluation
First Claim
Patent Images
1. A system for detecting security vulnerabilities in web applications, the system comprising:
- at least one hardware processor, whereinthe at least one hardware processor includes a block-box tester, and a client-side evaluator,the black-box tester is configured tointeract with a web application at a computer server during its execution at the computer server, andidentify client-side instructions provided by the web application responsive to an interaction with the web application,the client-side instructions are configured to be implemented by a client computer that receives the client-side instructions from the computer server; and
the client-side evaluator is configured toevaluate the client-side instructions identified by the black-box tester, andidentify a security vulnerability associated with the client-side instructions.
2 Assignments
0 Petitions
Accused Products
Abstract
Detecting security vulnerabilities in web applications by interacting with a web application at a computer server during its execution at the computer server, identifying client-side instructions provided by the web application responsive to an interaction with the web application, where the client-side instructions are configured to be implemented by a client computer that receives the client-side instructions from the computer server, evaluating the identified client-side instructions, and identifying a security vulnerability associated with the client-side instructions.
-
Citations
15 Claims
-
1. A system for detecting security vulnerabilities in web applications, the system comprising:
-
at least one hardware processor, wherein the at least one hardware processor includes a block-box tester, and a client-side evaluator, the black-box tester is configured to interact with a web application at a computer server during its execution at the computer server, and identify client-side instructions provided by the web application responsive to an interaction with the web application, the client-side instructions are configured to be implemented by a client computer that receives the client-side instructions from the computer server; and the client-side evaluator is configured to evaluate the client-side instructions identified by the black-box tester, and identify a security vulnerability associated with the client-side instructions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer program product for detecting security vulnerabilities in web applications, the computer program product comprising:
-
a computer-readable storage medium; and computer-readable program code embodied in the computer-readable storage medium, where the computer-readable program code is configured to interact with a web application at a computer server during its execution at the computer server, identify client-side instructions provided by the web application responsive to an interaction with the web application, where the client-side instructions are configured to be implemented by a client computer that receives the client-side instructions from the computer server, evaluate the client-side instructions, and identify a security vulnerability associated with the client-side instructions, wherein the computer-readable storage medium is not a transitory, propagating signal per se. - View Dependent Claims (12, 13, 14, 15)
-
Specification