| 发明名称 | Pattern tracking and capturing human insight in a web application security scanner | ||
| 摘要 | An apparatus and method of managing vulnerability testing of a web application is provided for running a set of one or more scripted tests against a web application, recording results of the one or more scripted tests, providing an interface for a human evaluator to review the recorded results, and accepting from the human evaluator custom test parameters based on observations of the recorded results, wherein custom test parameters include at least one context usable by a future tester in deciding whether to run the custom test, and also includes at least one instruction for automatically running custom test steps of the custom test. | ||
| 申请公布号 | US8789187(B1) | 申请公布日期 | 2014.07.22 |
| 申请号 | US200711864787 | 申请日期 | 2007.09.28 |
| 申请人 | Whitehat Security, Inc. | 发明人 | Pennington William;Grossman Jeremiah;Stone Robert;Pazirandeh Siamak |
| 分类号 | H04L29/06;G06F11/36;G06F11/263;G06F21/57 | 主分类号 | H04L29/06 |
| 代理机构 | Davis Wright Tremaine LLP | 代理人 | Davis Wright Tremaine LLP |
| 主权项 | 1. A method of managing vulnerability testing of a web application, the method comprising: running a set of one or more scripted tests against a web application using a computer processor; recording results of the one or more scripted tests; providing an interface for a human evaluator to review the recorded results; and accepting from the human evaluator custom test parameters for a custom test record, wherein the custom test record includes indications of the custom test parameters for a custom test associated with the custom test record, and wherein at least some of the custom test parameters are based on observations of the recorded results, the custom test record including at least one context related to the recorded results and usable by a future tester in deciding whether to run the custom test, and also including a pattern in the web application recognized by the human evaluator and based on observations of the recorded results; automatically running a second scripted test against the web application or another web application using a computer processor, the second scripted test including a plurality of requests for service from the web application or the other web application, wherein running the second scripted test includes communicating at least one of the requests for service to the web application or the other web application; and comparing the at least one of request for service communicated to the web application or other web application to one or more of the custom test records previously created, wherein comparing comprises at least comparing the pattern included in the custom test parameters to determine whether or not the at least one request communicated to the web application or other web application matches the pattern of one or more of the custom tests. | ||
| 地址 | Santa Clara CA US | ||