Invention Grant
US08656495B2 Web application assessment based on intelligent generation of attack strings
有权
基于智能生成攻击字符串的Web应用程序评估
- Patent Title: Web application assessment based on intelligent generation of attack strings
- Patent Title (中): 基于智能生成攻击字符串的Web应用程序评估
-
Application No.: US11560969Application Date: 2006-11-17
-
Publication No.: US08656495B2Publication Date: 2014-02-18
- Inventor: Caleb Sima , Raymond Kelly , William M. Hoffman
- Applicant: Caleb Sima , Raymond Kelly , William M. Hoffman
- Applicant Address: US TX Houston
- Assignee: Hewlett-Packard Development Company, L.P.
- Current Assignee: Hewlett-Packard Development Company, L.P.
- Current Assignee Address: US TX Houston
- Main IPC: G06F11/00
- IPC: G06F11/00
Abstract:
A web application is more efficiently analyzed by intelligently generating attack sequences to be used in the assessment. Rather than simply sending a canned list of static strings at a web application, the operation of the web application is analyzed to determine the filtering and acceptance characteristics of the web site. As this information is ascertained, a vocabulary of allowed symbols is created. This vocabulary is used in the building of attack strings and as such, the number of attack strings fired at the web application is greatly reduced, as well as the number of false positives.
Public/Granted literature
- US20080120722A1 WEB APPLICATION ASSESSMENT BASED ON INTELLIGENT GENERATION OF ATTACK STRINGS Public/Granted day:2008-05-22
Information query
