Application security testing
First Claim
1. A system, comprising:
- a server hosting an application under test (AUT);
an observer configured to i) monitor instructions executed by the AUT, ii) generate a trace identifying instructions executed by the AUT as a result of an application request, and iii) send the trace to a requesting computing device in a body of a service response; and
a computing device communicatively coupled to the AUT and the observer through a common communication channel, the computing device comprising a processor and a memory device for storing computer-readable instructions configured to direct the processor to;
send the application request to the AUT, wherein the application request is configured to expose a potential vulnerability of the AUT;
receive an application response from the AUT in accordance with the AUT'"'"'s programming;
send a service request to the observer; and
receive the service response from the observer, the service response containing information corresponding to the instructions executed by the AUT due to the application request, information about the AUT, or information about a server hosting the AUT.
8 Assignments
0 Petitions
Accused Products
Abstract
The present disclosure provides a system that includes a server hosting an application under test (AUT), an observer configured to monitor instructions executed by the AUT, and a computing device communicatively coupled to the AUT and the observer through a common communication channel. The computing device may be configured to send an application request to the AUT, wherein the application request is configured to expose a potential vulnerability of the AUT. The computing device may receive an application response from the AUT in accordance with the AUT'"'"'s programming. The computing device may send a service request to the observer, and receive a service response from the observer that contains information corresponding to the instructions executed by the AUT due to the application request, information about the AUT, or information about a server hosting the AUT.
33 Citations
20 Claims
-
1. A system, comprising:
-
a server hosting an application under test (AUT); an observer configured to i) monitor instructions executed by the AUT, ii) generate a trace identifying instructions executed by the AUT as a result of an application request, and iii) send the trace to a requesting computing device in a body of a service response; and a computing device communicatively coupled to the AUT and the observer through a common communication channel, the computing device comprising a processor and a memory device for storing computer-readable instructions configured to direct the processor to; send the application request to the AUT, wherein the application request is configured to expose a potential vulnerability of the AUT; receive an application response from the AUT in accordance with the AUT'"'"'s programming; send a service request to the observer; and receive the service response from the observer, the service response containing information corresponding to the instructions executed by the AUT due to the application request, information about the AUT, or information about a server hosting the AUT. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method, comprising:
-
sending an application request to an application under test (AUT), wherein the application request is configured to expose a potential vulnerability of the AUT; receiving an application response from the AUT in accordance with the AUT'"'"'s programming; sending a service request to an observer that i) monitors instructions executed by the AUT, ii) generates a trace identifying instructions executed by the AUT as a result of the application request, and iii) sends the trace in a body of a service response; and receiving the service response from the observer, the service response containing information corresponding to instructions executed by the AUT due to the application request, information about the AUT, or information about a server hosting the AUT; wherein the application request, application response, service request, and service response are communicated over a same network channel. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory, compute le medium, comprising code configured to direct a processor to:
-
send an application request to an application under test (AUT), wherein the application request is configured to expose a potential vulnerability of the AUT; receive an application response from the AUT in accordance with the ALT'"'"'s programming; send a service request to an observer that i) monitors instructions executed by the AUT, ii) generates a trace identifying instructions executed by the AUT as a result of the application request, and iii) sends the trace in a body of a service response; and receive the service response from the observer, the service response containing information corresponding to instructions executed by the AUT due to the application request, information about the AUT, or information about a server hosting the AUT; wherein the application request, application response, service request, and service response are communicated over a same network channel. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification