Invention Grant
- Patent Title: Detecting persistent vulnerabilities in web applications
- Patent Title (中): 检测Web应用程序中的持久漏洞
-
Application No.: US13149158Application Date: 2011-05-31
-
Publication No.: US08949992B2Publication Date: 2015-02-03
- Inventor: Yair Amit , Omer Tripp
- Applicant: Yair Amit , Omer Tripp
- Applicant Address: US NY Armonk
- Assignee: International Business Machines Corporation
- Current Assignee: International Business Machines Corporation
- Current Assignee Address: US NY Armonk
- Agency: Schmeiser, Olsen + Watts LLP
- Main IPC: G06F21/00
- IPC: G06F21/00 ; G06F21/56 ; H04L29/06 ; G06F21/51 ; G06F21/57
Abstract:
A method, including storing a test payload to a persistent state of an application and performing a static analysis to identify a first code location in the application that retrieves the test payload, to identify a first path from an entry point to the first code location, and to identify a second path from the first code location to a second code location that executes a security sensitive operation using the retrieved data. A dynamic analysis is then performed to retrieve the test payload via the first path, and to convey the test payload to the second code location via the second path.
Public/Granted literature
- US20120311711A1 DETECTING PERSISTENT VULNERABILITIES IN WEB APPLICATIONS Public/Granted day:2012-12-06
Information query
