Application security testing
First Claim
1. A system, comprising:
- a server hosting an application under test (AUT);
an observer to i) monitor instructions executed by the AUT, and ii) communicate with a computing device, at least in part, by adding a custom header to an application response; and
the computing device communicatively coupled to the AUT and the observer through a common communication channel, the computing device comprising a processor and a memory device for storing computer-readable instructions configured to direct the processor to;
send an application request to the AUT, wherein the application request is configured to expose a potential vulnerability of the AUT;
receive the application response from the AUT in accordance with the AUT'"'"'s programming;
send a service request to the observer; and
receive a service response from the observer, the service response containing information corresponding to the instructions executed by the AUT due to the application request, information about the AUT, or information about a server hosting the AUT.
8 Assignments
0 Petitions
Accused Products
Abstract
The present disclosure provides a system that includes a server hosting an application under test (AUT), an observer configured to monitor instructions executed by the AUT, and a computing device communicatively coupled to the AUT and the observer through a common communication channel. The computing device may be configured to send an application request to the AUT, wherein the application request is configured to expose a potential vulnerability of the AUT. The computing device may receive an application response from the AUT in accordance with the AUT'"'"'s programming. The computing device may send a service request to the observer, and receive a service response from the observer that contains information corresponding to the instructions executed by the AUT due to the application request, information about the AUT, or information about a server hosting the AUT.
-
Citations
20 Claims
-
1. A system, comprising:
-
a server hosting an application under test (AUT); an observer to i) monitor instructions executed by the AUT, and ii) communicate with a computing device, at least in part, by adding a custom header to an application response; and the computing device communicatively coupled to the AUT and the observer through a common communication channel, the computing device comprising a processor and a memory device for storing computer-readable instructions configured to direct the processor to; send an application request to the AUT, wherein the application request is configured to expose a potential vulnerability of the AUT; receive the application response from the AUT in accordance with the AUT'"'"'s programming; send a service request to the observer; and receive a service response from the observer, the service response containing information corresponding to the instructions executed by the AUT due to the application request, information about the AUT, or information about a server hosting the AUT. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method, comprising:
-
sending an application request to an application under test (AUT), wherein the application request is configured to expose a potential vulnerability of the AUT; receiving an application response from the AUT in accordance with the AUT'"'"'s programming, the application response including a custom header that was added by an observer that monitors instructions executed by the AUT; sending a service request to the observer; and receiving a service response from the observer, the service response containing information corresponding to instructions executed by the AUT due to the application request, information about the AUT, or information about a server hosting the AUT; wherein the application request, application response, service request, and service response are communicated over a same network channel. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory, computer readable medium, comprising code configured to direct a processor to:
-
send an application request to an application under test (AUT), wherein the application request is configured to expose a potential vulnerability of the AUT; receive an application response from the AUT in accordance with the AUT'"'"'s programming, the application response including a custom header that was added by an observer that monitors instructions executed by the AUT; send a service request to the observer; and receive a service response from the observer, the service response containing information corresponding to instructions executed by the AUT due to the application request, information about the AUT, or information about a server hosting the AUT; wherein the application request, application response, service request, and service response are communicated over a same network channel. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification