Security scan based on dynamic taint

摘要

Example embodiments disclosed herein relate to generating a scanning strategy based on a dynamic taint module. A dynamic taint module associated with an application is caused to be initiated for a crawling phase of a security test. A report is received from the dynamic taint module. The dynamic taint module is restricted. The scanning strategy is based on the report.

主权项

1. A computing system comprising:
an application security scanner including at least one hardware processor and a machine-readable storage medium storing instructions that, when executed by the at least one hardware processor, cause the at least one hardware processor to: cause a dynamic taint module associated with the application security scanner to initiate a crawl phase of a security test for an application under test to execute at a server separate from the scanner, wherein the dynamic taint module is executed at the server, wherein the dynamic taint module is to: intercept program execution of the application under test during the crawl phase to determine a plurality of security vulnerability candidates, wherein the dynamic taint module is to mark a plurality of untrusted user inputs as taint sources and trace the respective untrusted user inputs to determine whether the respective untrusted user input lead to a function call associated with vulnerability; wherein the security test includes the crawl phase and an attack; perform a dynamic taint analysis by the dynamic taint module as part of the crawl phase of the security test; receive a report including the security vulnerability candidates from the dynamic taint module; cause restriction of the dynamic taint module; and generate a scanning strategy based on the security vulnerability candidates from the report received from the dynamic taint module to use in the attack.