Invention Grant
- Patent Title: Testing web applications for file upload vulnerabilities
-
Application No.: US13150735Application Date: 2011-06-01
-
Publication No.: US08931102B2Publication Date: 2015-01-06
- Inventor: Yair Amit , Roee Hay , Roi Saltzman
- Applicant: Yair Amit , Roee Hay , Roi Saltzman
- Applicant Address: US NY Armonk
- Assignee: International Business Machines Corporation
- Current Assignee: International Business Machines Corporation
- Current Assignee Address: US NY Armonk
- Agency: Holland & Knight LLP
- Agent Brian J. Colandreo, Esq.; Jeffrey T. Placker, Esq.
- Main IPC: G06F21/00
- IPC: G06F21/00 ; H04L29/06 ; G06F21/57 ; H04L17/00 ; G06F7/04 ; G06F11/00 ; H04L9/32
Abstract:
A system for detecting file upload vulnerabilities in web applications is provided. The system may include a black-box tester configured to upload, via a file upload interface exposed by a web application, a file together with a signature associated with the file. An execution monitor may be configured to receive information provided by instrumentation instructions within the web application during the execution of the web application. The execution monitor may be configured to recognize the signature of the uploaded file as indicating that the uploaded file was uploaded by the black-box tester. The execution monitor may also be configured to use any of the information to make at least one predefined determination assessing the vulnerability of the web application to a file upload exploit.
Public/Granted literature
- US20120311712A1 TESTING WEB APPLICATIONS FOR FILE UPLOAD VULNERABILITIES Public/Granted day:2012-12-06
Information query
