Invention Grant
- Patent Title: Detection of second order vulnerabilities in web services
-
Application No.: US16676880Application Date: 2019-11-07
-
Publication No.: US10936727B2Publication Date: 2021-03-02
- Inventor: Yair Amit , Evgeny Beskrovny , Omer Tripp
- Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
- Applicant Address: US NY Armonk
- Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
- Current Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
- Current Assignee Address: US NY Armonk
- Agency: Cuenot, Forsythe & Kim, LLC
- Main IPC: G06F21/57
- IPC: G06F21/57 ; H04L29/06 ; G06F9/30 ; G07B17/00 ; H04W12/00 ; H04L29/08
Abstract:
A method detecting a vulnerability in a Web service can include determining, using a processor, whether a Web service uses identity of a requester to select one of a plurality of different paths of a branch in program code of the Web service. The method further can include, responsive to determining that the Web service does select one of a plurality of different paths of a branch according to identity of the requester, indicating that the Web service has a potential vulnerability.
Public/Granted literature
- US20200074087A1 DETECTION OF SECOND ORDER VULNERABILITIES IN WEB SERVICES Public/Granted day:2020-03-05
Information query
