Application security testing

摘要

The present disclosure provides a system that includes a server hosting an application under test (AUT), an observer configured to monitor instructions executed by the AUT, and a computing device communicatively coupled to the AUT and the observer through a common communication channel. The computing device may be configured to send an application request to the AUT, wherein the application request is configured to expose a potential vulnerability of the AUT. The computing device may receive an application response from the AUT in accordance with the AUT's programming. The computing device may send a service request to the observer, and receive a service response from the observer that contains information corresponding to the instructions executed by the AUT due to the application request, information about the AUT, or information about a server hosting the AUT.

主权项

1. A system, comprising:
a server hosting an application under test (AUT); an observer to i) monitor instructions executed by the AUT, and ii) communicate with a computing device, at least in part, by adding a custom header to an application response; and the computing device communicatively coupled to the AUT and the observer through a common communication channel, the computing device comprising a processor and a memory device for storing computer-readable instructions configured to direct the processor to:
send an application request to the AUT, wherein the application request is configured to expose a potential vulnerability of the AUT;receive the application response from the AUT in accordance with the AUT's programming;send a service request to the observer; andreceive a service response from the observer, the service response containing information corresponding to the instructions executed by the AUT due to the application request, information about the AUT, or information about a server hosting the AUT.