Patch validation via replay and remediation verification
First Claim
1. A method comprising:
- receiving, from a researcher computer, a report of a potential vulnerability that the researcher computer identified in a computer program application that the researcher computer accessed via a first web browser, the report comprising a screen recording including digital image screens depicting actions performed by the researcher computer that led to the identification of the potential vulnerability, a first outcome of actions, and Document Object Model (DOM) events that the application outputted when the record of actions was generated;
automatically generating, based on the screen recording including the digital image screens, an executable script from the record of actions, wherein the executable script, when executed, causes a second web browser to perform the actions that are recorded in the record of actions;
verifying the report of the potential vulnerability by executing the executable script in the second web browser and determining that a second outcome of the actions matches the first outcome that was recorded in the record of actions by evaluating an assertion included in the executable script that specifies the outcome of actions, the result of the evaluation of the assertion being that the second outcome of the actions is the same as the first outcome of the actions;
determining that the first outcome of the actions is associated with a security vulnerability;
receiving a message indicating that the security vulnerability was patched;
executing the executable script in the second web browser, causing a third outcome;
determining that the third outcome of actions is different from the first outcome of the actions recorded in the record of actions; and
validating that the security vulnerability was patched.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for patch validation via replay and remediation verification is provided. A method comprises: receiving, from a researcher computer, a report of a potential vulnerability that the researcher computer identified in a computer program application that the researcher computer accessed via a first web browser, the report comprising a record of actions performed by the researcher computer, a first outcome of the actions, and Document Object Model (DOM) events that the application outputted when the record of actions was generated; automatically generating an executable script from the record of actions, wherein the executable script, when executed, causes the web browser to perform the actions that are recorded in the record of actions; verifying the report of the potential vulnerability by executing the executable script in a second web browser and determining that a second outcome of the actions matches the first outcome that was recorded in the record of actions; determining that the first outcome of the actions is associated with a security vulnerability.
13 Citations
14 Claims
-
1. A method comprising:
-
receiving, from a researcher computer, a report of a potential vulnerability that the researcher computer identified in a computer program application that the researcher computer accessed via a first web browser, the report comprising a screen recording including digital image screens depicting actions performed by the researcher computer that led to the identification of the potential vulnerability, a first outcome of actions, and Document Object Model (DOM) events that the application outputted when the record of actions was generated; automatically generating, based on the screen recording including the digital image screens, an executable script from the record of actions, wherein the executable script, when executed, causes a second web browser to perform the actions that are recorded in the record of actions; verifying the report of the potential vulnerability by executing the executable script in the second web browser and determining that a second outcome of the actions matches the first outcome that was recorded in the record of actions by evaluating an assertion included in the executable script that specifies the outcome of actions, the result of the evaluation of the assertion being that the second outcome of the actions is the same as the first outcome of the actions; determining that the first outcome of the actions is associated with a security vulnerability; receiving a message indicating that the security vulnerability was patched; executing the executable script in the second web browser, causing a third outcome; determining that the third outcome of actions is different from the first outcome of the actions recorded in the record of actions; and validating that the security vulnerability was patched. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system comprising:
-
one or more processors; computer memory coupled to the one or more processors and storing one or more sequences of instructions which when executed by the one or more processors cause; receiving, from a researcher computer, a report of a potential vulnerability that the researcher computer identified in a computer program application that the researcher computer accessed via a first web browser, the report comprising a screen recording including digital image screens depicting actions performed by the researcher computer that led to the identification of the potential vulnerability, a first outcome of actions, and Document Object Model (DOM) events that the application outputted when the record of actions was generated; automatically generating, based on the screen recording including the digital image screens, an executable script from the record of actions, wherein the executable script, when executed, causes a second web browser to perform the actions that are recorded in the record of actions; verifying the report of the potential vulnerability by executing the executable script in the second web browser and determining that a second outcome of the actions matches the first outcome that was recorded in the record of actions by evaluating an assertion included in the executable script that specifies the outcome of actions, the result of the evaluation of the assertion being that the second outcome of the actions is the same as the first outcome of the actions; determining that the first outcome of the actions is associated with a security vulnerability; receiving a message indicating that the security vulnerability was patched; executing the executable script in the second web browser, causing a third outcome; determining that the third outcome of actions is different from the first outcome of the actions recorded in the record of actions; and validating that the security vulnerability was patched.
-
Specification