公开(公告)号：US20130174260A1

公开(公告)日：2013-07-04

申请号：US13341426

申请日：2011-12-30

申请人： Yair Amit ,  Lotem Guy ,  Daniel Kalman ,  Ori Segal ,  Omri Weisman

发明人： Yair Amit ,  Lotem Guy ,  Daniel Kalman ,  Ori Segal ,  Omri Weisman

IPC分类号： G06F21/00 ,  G06F17/00

CPC分类号： G06F21/577 ,  G06F2221/033

摘要： Source code of a plurality of web pages including script code is statically analyzed. A page including a potential vulnerability is identified based on the static analysis. A page not including a potential vulnerability is identified based on the static analysis. The web page including the potential vulnerability is dynamically analyzed using a set of test payloads. The page not including the potential vulnerability is dynamically analyzed using a subset of the set of test payloads, the subset including fewer test payloads than the set of test payloads.

摘要翻译： 静态分析包含脚本代码的多个网页的源代码。 基于静态分析识别包含潜在漏洞的页面。 基于静态分析，确定不包含潜在漏洞的页面。 使用一组测试有效载荷动态分析包含潜在漏洞的网页。 不包括潜在漏洞的页面使用测试有效负载集合的子集进行动态分析，该子集包含比测试有效负载集更少的测试有效负载。

公开(公告)号：US09264443B2

公开(公告)日：2016-02-16

申请号：US12197461

申请日：2008-08-25

申请人： Omri Weisman

发明人： Omri Weisman

IPC分类号： G06F21/00 ,  H04L29/06 ,  G06F21/57

CPC分类号： H04L63/1433 ,  G06F21/577

摘要： A novel and useful mechanism and method for assessing the vulnerability of web applications while browsing the application. As a user interacts with the web application, HTTP requests are sent from the browser to the web server. Each HTTP request is analyzed to determine if its associated elements need testing. Vulnerability assessment tests are sent to the server. Test results are then returned to the browser, where they are analyzed, displayed and/or stored in a log file.

摘要翻译： 一种新颖有用的机制和方法，用于在浏览应用程序时评估Web应用程序的漏洞。 当用户与Web应用程序交互时，HTTP请求将从浏览器发送到Web服务器。 分析每个HTTP请求以确定其相关元素是否需要测试。 漏洞评估测试发送到服务器。 然后将测试结果返回到浏览器，将其分析，显示和/或存储在日志文件中。

公开(公告)号：US09971897B2

公开(公告)日：2018-05-15

申请号：US13431808

申请日：2012-03-27

申请人： Yair Amit ,  Lotem Guy ,  Daniel Kalman ,  Ori Segal ,  Omri Weisman

发明人： Yair Amit ,  Lotem Guy ,  Daniel Kalman ,  Ori Segal ,  Omri Weisman

IPC分类号： G06F21/00 ,  G06F21/57

CPC分类号： G06F21/577 ,  G06F2221/033

摘要： Source code of a plurality of web pages including script code is statically analyzed. A page including a potential vulnerability is identified based on the static analysis. A page not including a potential vulnerability is identified based on the static analysis. The web page including the potential vulnerability is dynamically analyzed using a set of test payloads. The page not including the potential vulnerability is dynamically analyzed using a subset of the set of test payloads, the subset including fewer test payloads than the set of test payloads.