主权项 |
1. A security auditing computer system operative to analyze and identify security exposures reflected in Web pages provided from a target Web site, said security auditing computer system comprising:
a) an analysis computer subsystem coupleable to a network for communicating with a Web server system hosting a target Web site, said analysis computer subsystem including a data store, said analysis computer subsystem being operative to
i) selectively retrieve a first Web page from said target Web site;ii) construct a document object model representation of said first Web page, wherein said document object model includes a plurality of nodes related in a tree-shaped data structure;iii) compute, for a selected set of said plurality of nodes, structural reference identifiers having a defined uniqueness relative to the corresponding ones of said selected set;iv) compare said structural reference identifiers with a collection of prior computed structural reference identifiers stored in said data store, wherein a comparison match between a first structural reference identifier computed with respect to a first portion of said first Web page and a second structural reference identifier prior computed with respect to a second portion of a second Web page is determined by the scope of said defined uniqueness;v) record, in said data store, a correspondence of audit identified security exposures between said first portion of said first Web page and said second portion of said second Web page; andvi) skip further audit analysis of said first portion of said first Web page; and b) a reporting computer subsystem, coupled to said data store, and operative to provide reports of security exposures identified with respect to said target Web site including with respect to said first portion of said first Web page.
|