Invention Grant
US08281401B2 System for detecting vulnerabilities in web applications using client-side application interfaces
有权
使用客户端应用程序接口检测Web应用程序中的漏洞的系统
- Patent Title: System for detecting vulnerabilities in web applications using client-side application interfaces
- Patent Title (中): 使用客户端应用程序接口检测Web应用程序中的漏洞的系统
-
Application No.: US11339373Application Date: 2006-01-24
-
Publication No.: US08281401B2Publication Date: 2012-10-02
- Inventor: Bill Pennington , Jeremiah Grossman , Robert Stone , Siamak Pazirandeh
- Applicant: Bill Pennington , Jeremiah Grossman , Robert Stone , Siamak Pazirandeh
- Applicant Address: US CA Santa Clara
- Assignee: Whitehat Security, Inc.
- Current Assignee: Whitehat Security, Inc.
- Current Assignee Address: US CA Santa Clara
- Agency: Kilpatrick Townsend & Stockton, LLP
- Agent Philip H. Albert
- Main IPC: G06F12/14
- IPC: G06F12/14
Abstract:
An improved method and apparatus for client-side web application analysis is provided. Client-side web application analysis involves determining and testing, using client-side application interfaces and the like, data input points and analyzing client requests and server responses. A security vulnerability analyzer can analyze web page content for client-side application files, such as Flash files and Java applets, extract web addresses and data parameters embedded in the client-side application file, and modify the data parameters according to user-defined test criteria. The modified data parameters are transmitted as part of a request to a respective web server used to service the client-side application files. The security vulnerability analyzer analyzes the response from the server to ascertain if there are any security vulnerabilities associated with the interface between the client-side application file and the web server.
Public/Granted literature
- US20060195588A1 System for detecting vulnerabilities in web applications using client-side application interfaces Public/Granted day:2006-08-31
Information query
