Security testing using semantic modeling

US 9,390,270 B2
Filed: 06/03/2014
Issued: 07/12/2016
Est. Priority Date: 09/30/2013
Status: Active Grant

First Claim

Patent Images

1. A method for optimized testing of vulnerabilities in an application, the method comprising:

performing vulnerability testing on a software application, comprising;

generating a first probe configured to determine whether the software application is vulnerable to a first type of attack, the generating comprising selecting the first probe from a list of tests, and embedding test data in a payload that simulates a particular type of attack on the software application, each of the tests from the list of tests simulating a different type of attack;

inputting the first probe to the software application;

analyzing one or more responses to the first probe received from the software application;

in response to determining that the one or more responses from the software application validate a first hypothesis that one or more vulnerabilities is associated with the software application, generating at least a second probe to further verify the first hypothesis, wherein the second probe is configured to discover additional details about the software application'"'"'s vulnerabilities to the first type of attack;

inputting the second probe to the software application;

analyzing one or more responses to the second probe received from the software application;

determining an accuracy of the first hypothesis based on results of the analyzing the one or more responses to the second probe, the first hypothesis is determined to be accurate when an attack on the software application, as defined by the payload, is successful in exposing a vulnerability in the software application; and

performing further testing of the software application as a function of the accuracy of the first hypothesis.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Optimized testing of vulnerabilities in an application implemented by a method includes generating a first probe directed to determine whether an application is vulnerable to a first type of attack; analyzing one or more responses from the application based on the application responding to the first probe; in response to determining that the one or more responses from the application validate a first hypothesis about one or more vulnerabilities associated with the application, and generating at least a second probe to further verify the first hypothesis. The second probe focuses on discovering additional details about the application'"'"'s vulnerabilities to the first type of attack or a second type of attack.

19 Citations

14 Claims

1. A method for optimized testing of vulnerabilities in an application, the method comprising:
- performing vulnerability testing on a software application, comprising;
  
  generating a first probe configured to determine whether the software application is vulnerable to a first type of attack, the generating comprising selecting the first probe from a list of tests, and embedding test data in a payload that simulates a particular type of attack on the software application, each of the tests from the list of tests simulating a different type of attack;
  
  inputting the first probe to the software application;
  
  analyzing one or more responses to the first probe received from the software application;
  
  in response to determining that the one or more responses from the software application validate a first hypothesis that one or more vulnerabilities is associated with the software application, generating at least a second probe to further verify the first hypothesis, wherein the second probe is configured to discover additional details about the software application'"'"'s vulnerabilities to the first type of attack;
  
  inputting the second probe to the software application;
  
  analyzing one or more responses to the second probe received from the software application;
  
  determining an accuracy of the first hypothesis based on results of the analyzing the one or more responses to the second probe, the first hypothesis is determined to be accurate when an attack on the software application, as defined by the payload, is successful in exposing a vulnerability in the software application; and
  
  performing further testing of the software application as a function of the accuracy of the first hypothesis.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 14)
- - 2. The method of claim 1, wherein the one or more responses from the software application based on the software application responding to the second probe are analyzed to determine whether the first hypothesis is accurate within a predetermined degree of certainty.
  - 3. The method of claim 2, wherein upon determining that the first hypothesis is accurate within the predetermined degree of certainty, the software application is determined to be vulnerable to at least the first type of attack.
  - 4. The method of claim 1, wherein a test tool is utilized to generate the first probe or the second probe targeting the software application.
  - 5. The method of claim 1, wherein the application is a web application.
  - 6. The method of claim 2, wherein upon determining that the first hypothesis is not accurate within the predetermined degree of certainty, discontinuing any further probes for testing the software application with respect to the first type of attack.
  - 7. The method of claim 2, wherein in response to determining that the one or more responses from the software application do validate the first hypothesis that one or more vulnerabilities is associated with the software application, refraining from generating the second probe.
  - 8. The method of claim 1, wherein the software application responds to the first probe based on a sanitization process.
  - 9. The method of claim 1, wherein a probing space for the software application is represented as a graph with a plurality of nodes and edges connecting at least two nodes, where a node in the graph represents a hypothesis about a defense mechanism implemented by the software application, and an edge connecting two nodes in the graph defines a hierarchical relationship between the first hypothesis and a second hypothesis.
  - 14. The method of claim 1, wherein the software application responds to the first probe based on a validation process.

10. A computer program product comprising a nontransitory computer readable storage medium having a computer readable program, wherein the computer readable program when executed on a computer causes the computer to:
- perform vulnerability testing on a software application, comprising;
  
  generate a first probe configured to determine whether the software application is vulnerable to a first type of attack, the generating comprising selecting the first probe from a list of tests, and embedding test data in a payload that simulates a particular type of attack on the software application, each of the tests from the list of tests simulating a different type of attack;
  
  input the first probe to the software application;
  
  analyze one or more responses to the first probe received from the software application;
  
  in response to determining that the one or more responses from the software application validate a first hypothesis that one or more vulnerabilities is associated with the software application, generate at least a second probe to further verify the first hypothesis, wherein the second probe is configured to discover additional details about the software application'"'"'s vulnerabilities to the first type of attack;
  
  input the second probe to the software application;
  
  analyze one or more responses to the second probe received from the software application;
  
  determine an accuracy of the first hypothesis based on results of the analyzing the one or more responses to the second probe, the first hypothesis is determined to be accurate when an attack on the software application, as defined by the payload, is successful in exposing a vulnerability in the software application; and
  
  perform further testing of the software application as a function of the accuracy of the first hypothesis.
- View Dependent Claims (11, 12, 13)
- - 11. The computer program product of claim 10, wherein the one or more responses from the software application based on the software application responding to the second probe are analyzed to determine whether the first hypothesis is accurate within a predetermined degree of certainty.
  - 12. The computer program product of claim 11, wherein upon determining that the first hypothesis is accurate within the predetermined degree of certainty, the software application is determined to be vulnerable to at least the first type of attack.
  - 13. The computer program product of claim 10, wherein a test tool is utilized to generate the first probe or the second probe targeting the application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
GlobalFoundries, Inc.
Original Assignee
GlobalFoundries, Inc.
Inventors
Beskrovny, Evgeny, Landa, Alexander, Tripp, Omer
Primary Examiner(s)
JHAVERI, JAYESH M

Application Number

US14/294,294
Publication Number

US 20150096036A1
Time in Patent Office

770 Days
Field of Search

713/151, 726/25
US Class Current

1/1
CPC Class Codes

G06F 11/3668   Software testing software t...

G06F 11/3672   Test management

G06F 21/577   Assessing vulnerabilities a...

H04L 41/28   Restricting access to netwo...

H04L 63/1433   Vulnerability analysis

Security testing using semantic modeling

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Security testing using semantic modeling

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links