发明名称 |
DETECTING SECURITY VULNERABILITIES IN WEB APPLICATIONS |
摘要 |
Method to detect security vulnerabilities includes: interacting with a web application during its execution to identify a web page exposed by the web application; statically analyzing the web page to identify a parameter within the web page that is constrained by a client-side validation measure and that is to be sent to the web application; determining a server-side validation measure to be applied to the parameter in view of the constraint placed upon the parameter by the client-side validation measure; statically analyzing the web application to identify a location within the web application where the parameter is input into the web application; determining whether the parameter is constrained by the server-side validation measure prior to the parameter being used in a security-sensitive operation; and identifying the parameter as a security vulnerability.
|
申请公布号 |
US2013179979(A1) |
申请公布日期 |
2013.07.11 |
申请号 |
US201313785254 |
申请日期 |
2013.03.05 |
申请人 |
INTERNATIONAL BUSINESS MACHINES CORPORATION;INTERNATIONAL BUSINESS MACHINES CORPORATION |
发明人 |
PISTOIA MARCO;SEGAL ORI;TRIPP OMER |
分类号 |
G06F21/57 |
主分类号 |
G06F21/57 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|