Security testing using semantic modeling
First Claim
1. A method for optimized testing of vulnerabilities in an application, the method comprising:
- performing vulnerability testing on a software application, comprising;
generating a first probe configured to determine whether the software application is vulnerable to a first type of attack, the generating comprising selecting the first probe from a list of tests, and embedding test data in a payload that simulates a particular type of attack on the software application, each of the tests from the list of tests simulating a different type of attack;
inputting the first probe to the software application;
analyzing one or more responses to the first probe received from the software application;
in response to determining that the one or more responses from the software application validate a first hypothesis that one or more vulnerabilities is associated with the software application, generating at least a second probe to further verify the first hypothesis, wherein the second probe is configured to discover additional details about the software application'"'"'s vulnerabilities to the first type of attack;
inputting the second probe to the software application;
analyzing one or more responses to the second probe received from the software application;
determining an accuracy of the first hypothesis based on results of the analyzing the one or more responses to the second probe, the first hypothesis is determined to be accurate when an attack on the software application, as defined by the payload, is successful in exposing a vulnerability in the software application; and
performing further testing of the software application as a function of the accuracy of the first hypothesis.
6 Assignments
0 Petitions
Accused Products
Abstract
Optimized testing of vulnerabilities in an application implemented by a method includes generating a first probe directed to determine whether an application is vulnerable to a first type of attack; analyzing one or more responses from the application based on the application responding to the first probe; in response to determining that the one or more responses from the application validate a first hypothesis about one or more vulnerabilities associated with the application, and generating at least a second probe to further verify the first hypothesis. The second probe focuses on discovering additional details about the application'"'"'s vulnerabilities to the first type of attack or a second type of attack.
19 Citations
14 Claims
-
1. A method for optimized testing of vulnerabilities in an application, the method comprising:
-
performing vulnerability testing on a software application, comprising; generating a first probe configured to determine whether the software application is vulnerable to a first type of attack, the generating comprising selecting the first probe from a list of tests, and embedding test data in a payload that simulates a particular type of attack on the software application, each of the tests from the list of tests simulating a different type of attack; inputting the first probe to the software application; analyzing one or more responses to the first probe received from the software application; in response to determining that the one or more responses from the software application validate a first hypothesis that one or more vulnerabilities is associated with the software application, generating at least a second probe to further verify the first hypothesis, wherein the second probe is configured to discover additional details about the software application'"'"'s vulnerabilities to the first type of attack; inputting the second probe to the software application; analyzing one or more responses to the second probe received from the software application; determining an accuracy of the first hypothesis based on results of the analyzing the one or more responses to the second probe, the first hypothesis is determined to be accurate when an attack on the software application, as defined by the payload, is successful in exposing a vulnerability in the software application; and performing further testing of the software application as a function of the accuracy of the first hypothesis. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 14)
-
-
10. A computer program product comprising a nontransitory computer readable storage medium having a computer readable program, wherein the computer readable program when executed on a computer causes the computer to:
-
perform vulnerability testing on a software application, comprising; generate a first probe configured to determine whether the software application is vulnerable to a first type of attack, the generating comprising selecting the first probe from a list of tests, and embedding test data in a payload that simulates a particular type of attack on the software application, each of the tests from the list of tests simulating a different type of attack; input the first probe to the software application; analyze one or more responses to the first probe received from the software application; in response to determining that the one or more responses from the software application validate a first hypothesis that one or more vulnerabilities is associated with the software application, generate at least a second probe to further verify the first hypothesis, wherein the second probe is configured to discover additional details about the software application'"'"'s vulnerabilities to the first type of attack; input the second probe to the software application; analyze one or more responses to the second probe received from the software application; determine an accuracy of the first hypothesis based on results of the analyzing the one or more responses to the second probe, the first hypothesis is determined to be accurate when an attack on the software application, as defined by the payload, is successful in exposing a vulnerability in the software application; and perform further testing of the software application as a function of the accuracy of the first hypothesis. - View Dependent Claims (11, 12, 13)
-
Specification