Detecting stored cross-site scripting vulnerabilities in web applications
First Claim
1. A method for detecting security vulnerability in a web application, comprising:
- providing, to the web application and during a first interaction with the web application on a computer server, a payload including payload instruction and an identifier distinct from the payload instruction;
detecting, within the payload received during an interaction with the web application subsequent to the first interaction, the identifier; and
determining, responsive to detecting the identifier within the payload, whether the payload instruction underwent a security check prior to execution of the payload instruction.
2 Assignments
0 Petitions
Accused Products
Abstract
A system for detecting security vulnerabilities in web applications, the system including, a black-box tester configured to provide a payload to a web application during a first interaction with the web application at a computer server, where the payload includes a payload instruction and an identifier, and an execution engine configured to detect the identifier within the payload received during an interaction with the web application subsequent to the first interaction, and determine, responsive to detecting the identifier within the payload, whether the payload instruction underwent a security check prior to execution of the payload instruction.
-
Citations
10 Claims
-
1. A method for detecting security vulnerability in a web application, comprising:
-
providing, to the web application and during a first interaction with the web application on a computer server, a payload including payload instruction and an identifier distinct from the payload instruction; detecting, within the payload received during an interaction with the web application subsequent to the first interaction, the identifier; and determining, responsive to detecting the identifier within the payload, whether the payload instruction underwent a security check prior to execution of the payload instruction. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
Specification