| 发明名称 |
METHODS FOR DETERMINING CROSS-SITE SCRIPTING AND RELATED VULNERABILITIES IN APPLICATIONS |
| 摘要 |
The invention provides computer-implemented methods and computer systems for testing applications such as web-based (HTTP) applications for cross-site scripting (XSS) and related security vulnerabilities and permits the discovery of previously unknown XSS and related vulnerabilities in applications without relying on known or previously generated static XSS signatures. The invention may be applied to any type of XSS or related vulnerability for any variation of application code. |
| 申请公布号 |
US2015264082(A1) |
申请公布日期 |
2015.09.17 |
| 申请号 |
US201514658393 |
申请日期 |
2015.03.16 |
| 申请人 |
Belva Kenneth F. |
发明人 |
Belva Kenneth F. |
| 分类号 |
H04L29/06;G06F21/57;H04L29/08 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A computer-implemented method for testing an application for cross-site scripting vulnerabilities, comprising the steps of:
under control of at least one processor,
(a) for at least one field, parameter or URL of the application, submitting a request in which the field, parameter or URL contains a test slug consisting of an encoded or non-encoded test character or a string of test characters between two default slugs;(b) determining if the application returns the test slug with the test character or string of test characters and whether any of the test characters in the test slug are transformed or not transformed in the returned test slug;(c) storing in tangible computer memory the result of the determinations made in step (b); and(d) repeating steps (a)-(c) for a plurality of different test characters or strings of test characters. |
| 地址 |
New York NY US |
