DETECTING WEB APPLICATION VULNERABILITIES
    1.
    发明公开

    公开(公告)号:US20240236140A1

    公开(公告)日:2024-07-11

    申请号:US18609977

    申请日:2024-03-19

    Applicant: SAP SE

    CPC classification number: H04L63/1433 G06F11/3684 G06F11/3688 G06F11/3692

    Abstract: Various examples are directed to systems and methods for detecting vulnerabilities in a web application. A testing utility may direct a plurality of request messages to a web application. The testing utility may be executed at a first computing device and the web application may be executed at a second computing device. The testing utility may determine that a first request message of the plurality of test messages describes a state changing request. The determining may be based at least in part on the first request message and a first response message generated by the web application in response to the first request message. The testing utility may generate a first tampered request message based at least in part on the first request message and direct the first tampered request message to the web application. The testing utility may determine that the first request message indicates a vulnerability of the web application, the determining based at least in part on the first tampered request message and a first traffic-tampered response message generated by the web application in response to the first tampered request message.

    Detecting web application vulnerabilities

    公开(公告)号:US11973787B2

    公开(公告)日:2024-04-30

    申请号:US16351955

    申请日:2019-03-13

    Applicant: SAP SE

    CPC classification number: H04L63/1433 G06F11/3684 G06F11/3688 G06F11/3692

    Abstract: Various examples are directed to systems and methods for detecting vulnerabilities in a web application. A testing utility may direct a plurality of request messages to a web application. The testing utility may be executed at a first computing device and the web application may be executed at a second computing device. The testing utility may determine that a first request message of the plurality of test messages describes a state changing request. The determining may be based at least in part on the first request message and a first response message generated by the web application in response to the first request message. The testing utility may generate a first tampered request message based at least in part on the first request message and direct the first tampered request message to the web application. The testing utility may determine that the first request message indicates a vulnerability of the web application, the determining based at least in part on the first tampered request message and a first traffic-tampered response message generated by the web application in response to the first tampered request message.

    DETECTING WEB APPLICATION VULNERABILITIES
    3.
    发明申请

    公开(公告)号:US20200296126A1

    公开(公告)日:2020-09-17

    申请号:US16351955

    申请日:2019-03-13

    Applicant: SAP SE

    Abstract: Various examples are directed to systems and methods for detecting vulnerabilities in a web application. A testing utility may direct a plurality of request messages to a web application. The testing utility may be executed at a first computing device and the web application may be executed at a second computing device. The testing utility may determine that a first request message of the plurality of test messages describes a state changing request. The determining may be based at least in part on the first request message and a first response message generated by the web application in response to the first request message. The testing utility may generate a first tampered request message based at least in part on the first request message and direct the first tampered request message to the web application. The testing utility may determine that the first request message indicates a vulnerability of the web application, the determining based at least in part on the first tampered request message and a first traffic-tampered response message generated by the web application in response to the first tampered request message.

Patent Agency Ranking