发明申请
US20090100518A1 SYSTEM AND METHOD FOR DETECTING SECURITY DEFECTS IN APPLICATIONS
审中-公开
用于检测应用中安全缺陷的系统和方法
- 专利标题: SYSTEM AND METHOD FOR DETECTING SECURITY DEFECTS IN APPLICATIONS
- 专利标题(中): 用于检测应用中安全缺陷的系统和方法
-
申请号: US12234303申请日: 2008-09-19
-
公开(公告)号: US20090100518A1公开(公告)日: 2009-04-16
- 发明人: Kevin Overcash
- 申请人: Kevin Overcash
- 主分类号: G06F11/30
- IPC分类号: G06F11/30 ; G08B25/00
摘要:
A system and method for detecting vulnerabilities in a deployed web application includes developing a profile of acceptable behavior for inbound communication and outbound communication of a web application. The method also includes receiving a current inbound communication and a current outbound communication from the web application. The current inbound communication includes an inbound user request and the current outbound communication is in response to the current inbound communication. The current inbound communication and the current outbound communication are validated with the profile of acceptable behavior to identify an anomaly. The identified anomaly includes an occurrence of an acceptable behavior for the current inbound communication in combination with an occurrence of an unacceptable behavior for the current outbound communication.