发明名称 |
Black-box testing of web applications with client-side code evaluation |
摘要 |
Detecting security vulnerabilities in web applications by interacting with a web application at a computer server during its execution at the computer server, identifying client-side instructions provided by the web application responsive to an interaction with the web application, where the client-side instructions are configured to be implemented by a client computer that receives the client-side instructions from the computer server, evaluating the identified client-side instructions, and identifying a security vulnerability associated with the client-side instructions. |
申请公布号 |
US9032528(B2) |
申请公布日期 |
2015.05.12 |
申请号 |
US201113170839 |
申请日期 |
2011.06.28 |
申请人 |
International Business Machines Corporation |
发明人 |
Haviv Yinnon A.;Kalman Daniel;Pikus Dmitri;Tripp Omer;Weisman Omri |
分类号 |
H04L29/06;G06F21/57 |
主分类号 |
H04L29/06 |
代理机构 |
Cuenot, Forsythe & Kim, LLC |
代理人 |
Cuenot, Forsythe & Kim, LLC |
主权项 |
1. A system for detecting security vulnerabilities in web applications, the system comprising:
at least one hardware processor, wherein the at least one hardware processor includes a block-box tester, and a client-side evaluator, the black-box tester is configured to
interact with a web application at a computer server during its execution at the computer server, andidentify client-side instructions provided by the web application responsive to an interaction with the web application, the client-side instructions are configured to be implemented by a client computer that receives the client-side instructions from the computer server; and the client-side evaluator is configured to
evaluate the client-side instructions identified by the black-box tester, andidentify a security vulnerability associated with the client-side instructions. |
地址 |
Armonk NY US |