Security scan based on dynamic taint
First Claim
Patent Images
1. A computing system comprising:
- an application security scanner including at least one hardware processor and a machine-readable storage medium storing instructions that, when executed by the at least one hardware processor, cause the at least one hardware processor to;
cause a dynamic taint module associated with the application security scanner to initiate a crawl phase of a security test for an application under test to execute at a server separate from the scanner,wherein the dynamic taint module is executed at the server,wherein the dynamic taint module is to;
intercept program execution of the application under test during the crawl phase to determine a plurality of security vulnerability candidates, wherein the dynamic taint module is to mark a plurality of untrusted user inputs as taint sources and trace the respective untrusted user inputs to determine whether the respective untrusted user input lead to a function call associated with vulnerability;
wherein the security test includes the crawl phase and an attack;
perform a dynamic taint analysis by the dynamic taint module as part of the crawl phase of the security test;
receive a report including the security vulnerability candidates from the dynamic taint module;
cause restriction of the dynamic taint module; and
generate a scanning strategy based on the security vulnerability candidates from the report received from the dynamic taint module to use in the attack.
8 Assignments
0 Petitions
Accused Products
Abstract
Example embodiments disclosed herein relate to generating a scanning strategy based on a dynamic taint module. A dynamic taint module associated with an application is caused to be initiated for a crawling phase of a security test. A report is received from the dynamic taint module. The dynamic taint module is restricted. The scanning strategy is based on the report.
44 Citations
16 Claims
-
1. A computing system comprising:
-
an application security scanner including at least one hardware processor and a machine-readable storage medium storing instructions that, when executed by the at least one hardware processor, cause the at least one hardware processor to; cause a dynamic taint module associated with the application security scanner to initiate a crawl phase of a security test for an application under test to execute at a server separate from the scanner, wherein the dynamic taint module is executed at the server, wherein the dynamic taint module is to;
intercept program execution of the application under test during the crawl phase to determine a plurality of security vulnerability candidates, wherein the dynamic taint module is to mark a plurality of untrusted user inputs as taint sources and trace the respective untrusted user inputs to determine whether the respective untrusted user input lead to a function call associated with vulnerability;wherein the security test includes the crawl phase and an attack; perform a dynamic taint analysis by the dynamic taint module as part of the crawl phase of the security test; receive a report including the security vulnerability candidates from the dynamic taint module; cause restriction of the dynamic taint module; and generate a scanning strategy based on the security vulnerability candidates from the report received from the dynamic taint module to use in the attack. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory machine-readable storage medium storing instructions that, when executed by at least one hardware processor of an application security scanner, cause the application security scanner to:
-
cause a dynamic taint module associated with the application security scanner to initiate during a crawl phase of a security test of an application under test, wherein the security test includes the crawl phase and an attack, wherein the dynamic taint module is located on a server that is used to execute the application under test and that is separate from the application security scanner, wherein the dynamic taint module is to perform a dynamic taint analysis as part of the crawl phase of the security test that includes interception of program execution of the application under test during the crawl phase to determine a plurality of security vulnerability candidates by marking a plurality of untrusted inputs as taint sources and tracing the respective untrusted user inputs to determine whether the respective untrusted user inputs lead to a function call associated with vulnerability; receive a report from the dynamic taint module that includes a vulnerability candidate list that includes the security vulnerability candidates; cause restriction of the dynamic taint module; and generate a scanning strategy based on the vulnerability candidate list received from the dynamic taint module to use in the attack. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A method implemented by at least one hardware processor of an application security scanner, the method comprising:
-
causing, by the at least one hardware processor, a dynamic taint module associated with the application security scanner, the dynamic taint module executing at a server separate from the application security scanner, to initiate during a crawl phase of a security test for an application under test also executing at the server, wherein the security test includes the crawl phase and an attack, wherein the dynamic taint module performs a dynamic taint analysis during the crawl phase of the security test to yield a plurality of security vulnerability candidates by intercepting program execution of the application under test to determine the security vulnerability candidates by marking a plurality of untrusted user inputs of the crawling of the application under test as taint sources and tracing the respective untrusted user input to determine whether the respective untrusted user input leads to a function call associated with vulnerability; receiving a report from the dynamic taint module that includes the vulnerability candidate list; causing, by the at least one hardware processor, restriction of the dynamic taint module; generating, by the at least one hardware processor, a scanning strategy based on the vulnerability candidate list received from the dynamic taint module to use in the attack; and attacking, by the at least one hardware processor, the application under test based on the scanning strategy. - View Dependent Claims (14, 15, 16)
-
Specification