发明名称 |
DETECTION OF DOM-BASED CROSS-SITE SCRIPTING VULNERABILITIES |
摘要 |
Testing a Web-based application for security vulnerabilities. At least one client request including a payload having a unique identifier can be communicated to the Web-based application. Response HTML and an associated Document Object Model (DOM) object can be received from the Web-based application. Content corresponding to the payload can be identified in the DOM object via the unique identifier. A section of the DOM object including the payload can be identified as un-trusted.
|
申请公布号 |
US2013111595(A1) |
申请公布日期 |
2013.05.02 |
申请号 |
US201213447904 |
申请日期 |
2012.04.16 |
申请人 |
AMIT YAIR;HAVIV YINNON A.;KALMAN DANIEL;TRIPP OMER;WEISMAN OMRI;INTERNATIONAL BUSINESS MACHINES CORPORATION |
发明人 |
AMIT YAIR;HAVIV YINNON A.;KALMAN DANIEL;TRIPP OMER;WEISMAN OMRI |
分类号 |
G06F21/00 |
主分类号 |
G06F21/00 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|