Systems and methods of soft patching security vulnerabilities

US 9,660,870 B1
Filed: 06/08/2016
Issued: 05/23/2017
Est. Priority Date: 06/08/2016
Status: Active Grant

First Claim

Patent Images

1. A computer system comprising:

one or more processors;

a non-transitory computer-readable medium storing instructions which, when executed by the one or more processors, cause the one or more processors to perform;

receiving, from a first researcher computer, a report of a security vulnerability that was identified in a computer program application that the first researcher computer accessed via a first web browser, the report generated by the first researcher computer and comprising a record of actions performed by the first researcher computer Document Object Model (DOM) events, Application Program Interface (API) requests, and network traffic that the computer program application outputted;

automatically generating a detection script comprising a set of requests associated with the security vulnerability from the record of actions, wherein the detection script, upon execution by an intermediary computer that is between a network and a second researcher computer, causes the intermediary computer to detect that the second researcher computer is performing actions that are recorded in the record of actions in the application accessed via the first web browser, and, in response, causing the intermediary computer to drop at least some network traffic that is otherwise forwarded in the network toward the second researcher computer;

sending the detection script to the intermediary computer.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for soft patching security vulnerabilities is provided. A method comprises: receiving, from a first researcher computer, a report of a security vulnerability that was identified in a computer program application that the first researcher computer accessed via a first web browser, the report comprising a record of actions performed by the first researcher computer and Document Object Model (DOM) events that the application outputted when the record of actions was generated; automatically generating a detection script comprising a set of requests associated with the security vulnerability from the record of actions, wherein the detection script, when executed by an intermediary computer that is between a network and a second researcher computer, causes the intermediary computer to detect that the second researcher computer is performing actions that are recorded in the record of actions in the application accessed via the first web browser, and, in response, causing the intermediary computer to drop at least some network traffic that is forwarded in the network toward the second researcher computer; sending the detection script to the intermediary computer.

Citations

16 Claims

1. A computer system comprising:
- one or more processors;
  
  a non-transitory computer-readable medium storing instructions which, when executed by the one or more processors, cause the one or more processors to perform;
  
  receiving, from a first researcher computer, a report of a security vulnerability that was identified in a computer program application that the first researcher computer accessed via a first web browser, the report generated by the first researcher computer and comprising a record of actions performed by the first researcher computer Document Object Model (DOM) events, Application Program Interface (API) requests, and network traffic that the computer program application outputted;
  
  automatically generating a detection script comprising a set of requests associated with the security vulnerability from the record of actions, wherein the detection script, upon execution by an intermediary computer that is between a network and a second researcher computer, causes the intermediary computer to detect that the second researcher computer is performing actions that are recorded in the record of actions in the application accessed via the first web browser, and, in response, causing the intermediary computer to drop at least some network traffic that is otherwise forwarded in the network toward the second researcher computer;
  
  sending the detection script to the intermediary computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer system of claim 1, wherein the detection script further comprises instructions which when executed cause the intermediary computer to intercept communications between the application and the second researcher computer and to determine that an outcome of the actions recorded in the record of actions has been sent from the application to the second researcher computer, and to block the second researcher computer from receiving the outcome.
  - 3. The computer system of claim 2, wherein the outcome comprises an alert.
  - 4. The computer system of claim 2, wherein the second researcher computer does not detect the security vulnerability.
  - 5. The computer system of claim 1, wherein the instructions which when executed cause generating the detection script comprise instructions which when executed cause:
    - using the one or more processors, isolating application program interface (API) calls from the record of actions;
      
      sequencing the API calls;
      
      identifying a uniform resource locator (URL) associated with the security vulnerability.
  - 6. The computer system of claim 1, wherein the security vulnerability is a cross-site scripting attack;
    - wherein the detection script further comprises instructions which when executed cause the intermediary computer to drop at least some of the network traffic to the second researcher computer by blocking an alert generated by the first web browser in response to receiving a uniform resource locator (URL) associated with the security vulnerability.
  - 7. The computer system of claim 1, wherein the computer program application is coded in JavaScript, Python, Go, or C++.
  - 8. The computer system of claim 1, wherein the detection script further comprises instructions which when executed cause the intermediary computer to identify two or more of the actions recorded in the record of actions.

9. A method comprising:
- receiving, from a first researcher computer, a report of a security vulnerability that was identified in a computer program application that the first researcher computer accessed via a first web browser, the report generated by the first researcher computer and comprising a record of actions performed by the first researcher computer, Document Object Model (DOM) events, Application Program Interface (API) requests, and network traffic that the computer program application outputted;
  
  automatically generating a detection script comprising a set of requests associated with the security vulnerability from the record of actions, wherein the detection script, upon execution by an intermediary computer that is between a network and a second researcher computer, causes the intermediary computer to detect that the second researcher computer is performing actions that are recorded in the record of actions in the application accessed via the first web browser, and, in response, causing the intermediary computer to drop at least some network traffic that is otherwise forwarded in the network toward the second researcher computer;
  
  sending the detection script to the intermediary computer.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein the detection script further comprises instructions which when executed cause the intermediary computer to intercept communications between the application and the second researcher computer and to determine that an outcome of the actions recorded in the record of actions has been sent from the application to the second researcher computer, and to block the second researcher computer from receiving the outcome.
  - 11. The method of claim 10, wherein the outcome comprises an alert.
  - 12. The method of claim 10, wherein the second researcher computer does not detect the security vulnerability.
  - 13. The method of claim 9, wherein generating the detection script comprises:
    - isolating application program interface (API) calls from the record of actions;
      
      sequencing the API calls;
      
      identifying a uniform resource locator (URL) associated with the security vulnerability.
  - 14. The method of claim 9, wherein the security vulnerability is a cross-site scripting attack;
    - wherein the detection script further comprises instructions which when executed cause the intermediary computer to drop at least some of the network traffic to the second researcher computer by blocking an alert generated by the first web browser in response to receiving a uniform resource locator (URL) associated with the security vulnerability.
  - 15. The method of claim 9, wherein the computer program application is coded in JavaScript, Python, Go, or C++.
  - 16. The method of claim 9, wherein the detection script further comprises instructions which when executed cause the intermediary computer to identify two or more of the actions recorded in the record of actions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Synack, Inc.
Original Assignee
Synack, Inc.
Inventors
Wardle, Patrick, Kuhr, Mark G.
Primary Examiner(s)
Christensen, Scott B

Application Number

US15/177,209
Time in Patent Office

349 Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/368   for test version control, e...

G06F 21/577   Assessing vulnerabilities a...

G06F 8/65   Updates security arrangemen...

G06F 9/45512   Command shells

H04L 63/1433   Vulnerability analysis

Systems and methods of soft patching security vulnerabilities

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods of soft patching security vulnerabilities

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links