Patch validation via replay and remediation verification

US 9,727,738 B1
Filed: 06/08/2016
Issued: 08/08/2017
Est. Priority Date: 06/08/2016
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, from a researcher computer, a report of a potential vulnerability that the researcher computer identified in a computer program application that the researcher computer accessed via a first web browser, the report comprising a screen recording including digital image screens depicting actions performed by the researcher computer that led to the identification of the potential vulnerability, a first outcome of actions, and Document Object Model (DOM) events that the application outputted when the record of actions was generated;

automatically generating, based on the screen recording including the digital image screens, an executable script from the record of actions, wherein the executable script, when executed, causes a second web browser to perform the actions that are recorded in the record of actions;

verifying the report of the potential vulnerability by executing the executable script in the second web browser and determining that a second outcome of the actions matches the first outcome that was recorded in the record of actions by evaluating an assertion included in the executable script that specifies the outcome of actions, the result of the evaluation of the assertion being that the second outcome of the actions is the same as the first outcome of the actions;

determining that the first outcome of the actions is associated with a security vulnerability;

receiving a message indicating that the security vulnerability was patched;

executing the executable script in the second web browser, causing a third outcome;

determining that the third outcome of actions is different from the first outcome of the actions recorded in the record of actions; and

validating that the security vulnerability was patched.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for patch validation via replay and remediation verification is provided. A method comprises: receiving, from a researcher computer, a report of a potential vulnerability that the researcher computer identified in a computer program application that the researcher computer accessed via a first web browser, the report comprising a record of actions performed by the researcher computer, a first outcome of the actions, and Document Object Model (DOM) events that the application outputted when the record of actions was generated; automatically generating an executable script from the record of actions, wherein the executable script, when executed, causes the web browser to perform the actions that are recorded in the record of actions; verifying the report of the potential vulnerability by executing the executable script in a second web browser and determining that a second outcome of the actions matches the first outcome that was recorded in the record of actions; determining that the first outcome of the actions is associated with a security vulnerability.

13 Citations

View as Search Results

14 Claims

1. A method comprising:
- receiving, from a researcher computer, a report of a potential vulnerability that the researcher computer identified in a computer program application that the researcher computer accessed via a first web browser, the report comprising a screen recording including digital image screens depicting actions performed by the researcher computer that led to the identification of the potential vulnerability, a first outcome of actions, and Document Object Model (DOM) events that the application outputted when the record of actions was generated;
  
  automatically generating, based on the screen recording including the digital image screens, an executable script from the record of actions, wherein the executable script, when executed, causes a second web browser to perform the actions that are recorded in the record of actions;
  
  verifying the report of the potential vulnerability by executing the executable script in the second web browser and determining that a second outcome of the actions matches the first outcome that was recorded in the record of actions by evaluating an assertion included in the executable script that specifies the outcome of actions, the result of the evaluation of the assertion being that the second outcome of the actions is the same as the first outcome of the actions;
  
  determining that the first outcome of the actions is associated with a security vulnerability;
  
  receiving a message indicating that the security vulnerability was patched;
  
  executing the executable script in the second web browser, causing a third outcome;
  
  determining that the third outcome of actions is different from the first outcome of the actions recorded in the record of actions; and
  
  validating that the security vulnerability was patched.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the third outcome of actions comprises an absence of an alert.
  - 3. The method of claim 1, wherein the record of actions comprises digital data for the actions of key presses and x-y coordinates of mouse clicks.
  - 4. The method of claim 1, wherein each of the actions in the record of actions is associated with a different timestamp value.
  - 5. The method of claim 1, wherein generating the executable script from the record of actions comprises generating a CasperJS test file from a JavaScript Object Notation (JSON) file.
  - 6. The method of claim 1, wherein the assertion comprises a uniform resource locator (URL) associated with the computer program application.
  - 7. The method of claim 1, wherein the assertion comprises a screenshot of a user interface associated with the computer program application.
  - 8. The method of claim 1, wherein the assertion comprises an alert associated with the computer program application.
  - 9. The method of claim 1, wherein the security vulnerability comprises a cross-site scripting attack.
  - 10. The method of claim 1, wherein the first outcome recorded in the record of actions comprises an alert.
  - 11. The method of claim 1, wherein the computer program application that is accessed via the first web browser is a JavaScript application.
  - 12. The method of claim 1, wherein the record further comprises one or more uniform resource locators (URLs) associated with the computer program application.
  - 13. The method of claim 1, wherein verifying the report of the potential vulnerability by executing the executable script in a second web browser comprises performing a fuzzing technique on one or more inputs to the computer program application.

14. A system comprising:
- one or more processors;
  
  computer memory coupled to the one or more processors and storing one or more sequences of instructions which when executed by the one or more processors cause;
  
  receiving, from a researcher computer, a report of a potential vulnerability that the researcher computer identified in a computer program application that the researcher computer accessed via a first web browser, the report comprising a screen recording including digital image screens depicting actions performed by the researcher computer that led to the identification of the potential vulnerability, a first outcome of actions, and Document Object Model (DOM) events that the application outputted when the record of actions was generated;
  
  automatically generating, based on the screen recording including the digital image screens, an executable script from the record of actions, wherein the executable script, when executed, causes a second web browser to perform the actions that are recorded in the record of actions;
  
  verifying the report of the potential vulnerability by executing the executable script in the second web browser and determining that a second outcome of the actions matches the first outcome that was recorded in the record of actions by evaluating an assertion included in the executable script that specifies the outcome of actions, the result of the evaluation of the assertion being that the second outcome of the actions is the same as the first outcome of the actions;
  
  determining that the first outcome of the actions is associated with a security vulnerability;
  
  receiving a message indicating that the security vulnerability was patched;
  
  executing the executable script in the second web browser, causing a third outcome;
  
  determining that the third outcome of actions is different from the first outcome of the actions recorded in the record of actions; and
  
  validating that the security vulnerability was patched.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Synack, Inc.
Original Assignee
Synack, Inc.
Inventors
Kuhr, Mark G., Wardle, Patrick
Primary Examiner(s)
Potratz, Daniel

Application Number

US15/177,202
Time in Patent Office

426 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/577   Assessing vulnerabilities a...

G06F 8/658   Incremental updates; Differ...

H04L 63/1433   Vulnerability analysis

H04L 63/1466   Active attacks involving in...

H04L 67/02   based on web technology, e....

H04L 67/10   in which an application is ...

H04L 67/56   Provisioning of proxy servi...

Patch validation via replay and remediation verification

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

13 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Patch validation via replay and remediation verification

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links