| 发明名称 |
Detection of DOM-based cross-site scripting vulnerabilities |
| 摘要 |
Testing a Web-based application for security vulnerabilities. At least one client request including a payload having a unique identifier can be communicated to the Web-based application. Response HTML and an associated Document Object Model (DOM) object can be received from the Web-based application. Content corresponding to the payload can be identified in the DOM object via the unique identifier. A section of the DOM object including the payload can be identified as un-trusted. |
| 申请公布号 |
US8683596(B2) |
申请公布日期 |
2014.03.25 |
| 申请号 |
US201113283989 |
申请日期 |
2011.10.28 |
| 申请人 |
AMIT YAIR;HAVIV YINNON A.;KALMAN DANIEL;TRIPP OMER;WEISMAN OMRI;INTERNATIONAL BUSINESS MACHINES CORPORATION |
发明人 |
AMIT YAIR;HAVIV YINNON A.;KALMAN DANIEL;TRIPP OMER;WEISMAN OMRI |
| 分类号 |
G06F21/00 |
主分类号 |
G06F21/00 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
|
| 地址 |
|
