Invention Grant
- Patent Title: Detection of DOM-based cross-site scripting vulnerabilities
- Patent Title (中): 检测基于DOM的跨站点脚本漏洞
-
Application No.: US13283989Application Date: 2011-10-28
-
Publication No.: US08683596B2Publication Date: 2014-03-25
- Inventor: Yair Amit , Yinnon A. Haviv , Daniel Kalman , Omer Tripp , Omri Weisman
- Applicant: Yair Amit , Yinnon A. Haviv , Daniel Kalman , Omer Tripp , Omri Weisman
- Applicant Address: US NY Armonk
- Assignee: International Business Machines Corporation
- Current Assignee: International Business Machines Corporation
- Current Assignee Address: US NY Armonk
- Agency: Cuenot, Forsythe & Kim, LLC
- Main IPC: G06F21/00
- IPC: G06F21/00
Abstract:
Testing a Web-based application for security vulnerabilities. At least one client request including a payload having a unique identifier can be communicated to the Web-based application. Response HTML and an associated Document Object Model (DOM) object can be received from the Web-based application. Content corresponding to the payload can be identified in the DOM object via the unique identifier. A section of the DOM object including the payload can be identified as un-trusted.
Public/Granted literature
- US20130111594A1 DETECTION OF DOM-BASED CROSS-SITE SCRIPTING VULNERABILITIES Public/Granted day:2013-05-02
Information query
