-
公开(公告)号:US20240236140A1
公开(公告)日:2024-07-11
申请号:US18609977
申请日:2024-03-19
Applicant: SAP SE
Inventor: Lucas Compagna , Alessandro Pezze
CPC classification number: H04L63/1433 , G06F11/3684 , G06F11/3688 , G06F11/3692
Abstract: Various examples are directed to systems and methods for detecting vulnerabilities in a web application. A testing utility may direct a plurality of request messages to a web application. The testing utility may be executed at a first computing device and the web application may be executed at a second computing device. The testing utility may determine that a first request message of the plurality of test messages describes a state changing request. The determining may be based at least in part on the first request message and a first response message generated by the web application in response to the first request message. The testing utility may generate a first tampered request message based at least in part on the first request message and direct the first tampered request message to the web application. The testing utility may determine that the first request message indicates a vulnerability of the web application, the determining based at least in part on the first tampered request message and a first traffic-tampered response message generated by the web application in response to the first tampered request message.
-
公开(公告)号:US11973787B2
公开(公告)日:2024-04-30
申请号:US16351955
申请日:2019-03-13
Applicant: SAP SE
Inventor: Luca Compagna , Alessandro Pezze
CPC classification number: H04L63/1433 , G06F11/3684 , G06F11/3688 , G06F11/3692
Abstract: Various examples are directed to systems and methods for detecting vulnerabilities in a web application. A testing utility may direct a plurality of request messages to a web application. The testing utility may be executed at a first computing device and the web application may be executed at a second computing device. The testing utility may determine that a first request message of the plurality of test messages describes a state changing request. The determining may be based at least in part on the first request message and a first response message generated by the web application in response to the first request message. The testing utility may generate a first tampered request message based at least in part on the first request message and direct the first tampered request message to the web application. The testing utility may determine that the first request message indicates a vulnerability of the web application, the determining based at least in part on the first tampered request message and a first traffic-tampered response message generated by the web application in response to the first tampered request message.
-
公开(公告)号:US20200296126A1
公开(公告)日:2020-09-17
申请号:US16351955
申请日:2019-03-13
Applicant: SAP SE
Inventor: Luca Compagna , Alessandro Pezze
Abstract: Various examples are directed to systems and methods for detecting vulnerabilities in a web application. A testing utility may direct a plurality of request messages to a web application. The testing utility may be executed at a first computing device and the web application may be executed at a second computing device. The testing utility may determine that a first request message of the plurality of test messages describes a state changing request. The determining may be based at least in part on the first request message and a first response message generated by the web application in response to the first request message. The testing utility may generate a first tampered request message based at least in part on the first request message and direct the first tampered request message to the web application. The testing utility may determine that the first request message indicates a vulnerability of the web application, the determining based at least in part on the first tampered request message and a first traffic-tampered response message generated by the web application in response to the first tampered request message.
-
-