| 发明名称 |
TESTING WEB APPLICATIONS FOR FILE UPLOAD VULNERABILITIES |
| 摘要 |
A system for detecting file upload vulnerabilities in web applications is provided. The system may include a black-box tester configured to upload, via a file upload interface exposed by a web application, a file together with a signature associated with the file. An execution monitor may be configured to receive information provided by instrumentation instructions within the web application during the execution of the web application. The execution monitor may be configured to recognize the signature of the uploaded file as indicating that the uploaded file was uploaded by the black-box tester. The execution monitor may also be configured to use any of the information to make at least one predefined determination assessing the vulnerability of the web application to a file upload exploit. |
| 申请公布号 |
US2012311714(A1) |
申请公布日期 |
2012.12.06 |
| 申请号 |
US201213435361 |
申请日期 |
2012.03.30 |
| 申请人 |
INTERNATIONAL BUSINESS MACHINES CORPORATION |
发明人 |
AMIT YAIR;HAY ROEE;SALTZMAN ROI |
| 分类号 |
G06F21/00 |
主分类号 |
G06F21/00 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
|
| 地址 |
|
