×

Detecting vulnerabilities in web applications

  • US 9,032,529 B2
  • Filed: 11/30/2011
  • Issued: 05/12/2015
  • Est. Priority Date: 11/30/2011
  • Status: Active Grant
First Claim
Patent Images

1. A computer program product residing on a non-transitory computer readable storage medium having a plurality of instructions stored thereon, which, when executed by a processor, cause the processor to perform operations comprising:

  • determining, via one or more computing devices, one or more values associated with a web application that flow to response data associated with the web application, wherein the one or more values are modifiable by unreliable input, wherein the one or more values modifiable by the unreliable input that flow to the response data associated with the web application are determined via, at least in part, a server-side taint analysis algorithm;

    determining whether there is a path reaching a statement that renders data to the response data;

    marking a value of the one or more values flowing into the response data as untrusted in response to determining that there is a path reaching the statement that renders data to the response data;

    generating, via the one or more computing devices, an abstract representation of the response data associated with the web application generated via, at least in part, a string analysis algorithm that approximates at least one of a string output of the response data associated with the web application with a context-free grammar and a logical formula; and

    determining, via the one or more computing devices, one or more potentially vulnerable portions of the response data based upon, at least in part, the one or more values modifiable by the unreliable input that flow to the response data associated with the web application, the abstract representation of the response data associated with the web application, and a taint analysis algorithm operating on the abstract representation of the response data.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×