| 发明名称 | Black-box testing of web applications with client-side code evaluation | ||
| 摘要 | Detecting security vulnerabilities in web applications by interacting with a web application at a computer server during its execution at the computer server, identifying client-side instructions provided by the web application responsive to an interaction with the web application, where the client-side instructions are configured to be implemented by a client computer that receives the client-side instructions from the computer server, evaluating the identified client-side instructions, and identifying a security vulnerability associated with the client-side instructions. | ||
| 申请公布号 | US9032528(B2) | 申请公布日期 | 2015.05.12 |
| 申请号 | US201113170839 | 申请日期 | 2011.06.28 |
| 申请人 | International Business Machines Corporation | 发明人 | Haviv Yinnon A.;Kalman Daniel;Pikus Dmitri;Tripp Omer;Weisman Omri |
| 分类号 | H04L29/06;G06F21/57 | 主分类号 | H04L29/06 |
| 代理机构 | Cuenot, Forsythe & Kim, LLC | 代理人 | Cuenot, Forsythe & Kim, LLC |
| 主权项 | 1. A system for detecting security vulnerabilities in web applications, the system comprising: at least one hardware processor, wherein the at least one hardware processor includes a block-box tester, and a client-side evaluator, the black-box tester is configured to interact with a web application at a computer server during its execution at the computer server, andidentify client-side instructions provided by the web application responsive to an interaction with the web application, the client-side instructions are configured to be implemented by a client computer that receives the client-side instructions from the computer server; and the client-side evaluator is configured to evaluate the client-side instructions identified by the black-box tester, andidentify a security vulnerability associated with the client-side instructions. | ||
| 地址 | Armonk NY US | ||