发明名称 |
Detection of DOM-based cross-site scripting vulnerabilities |
摘要 |
Testing a Web-based application for security vulnerabilities. At least one client request including a payload having a unique identifier can be communicated to the Web-based application. Response HTML and an associated Document Object Model (DOM) object can be received from the Web-based application. Content corresponding to the payload can be identified in the DOM object via the unique identifier. A section of the DOM object including the payload can be identified as un-trusted. |
申请公布号 |
US8683596(B2) |
申请公布日期 |
2014.03.25 |
申请号 |
US201113283989 |
申请日期 |
2011.10.28 |
申请人 |
AMIT YAIR;HAVIV YINNON A.;KALMAN DANIEL;TRIPP OMER;WEISMAN OMRI;INTERNATIONAL BUSINESS MACHINES CORPORATION |
发明人 |
AMIT YAIR;HAVIV YINNON A.;KALMAN DANIEL;TRIPP OMER;WEISMAN OMRI |
分类号 |
G06F21/00 |
主分类号 |
G06F21/00 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|