-
公开(公告)号:US20080263671A1
公开(公告)日:2008-10-23
申请号:US12043673
申请日:2008-03-06
申请人: Alberto Gustavo Solino Testa , Gerardo Gabriel Richarte , Fernando Federico Russ , Diego Martin Kelyacoubian , Ariel Futoransky , Diego Bartolome Tiscornia , Ariel Waissbein , Hector Adrian Manrique , Javier Ricardo De Acha Campos , Eduardo Arias , Sebastian Pablo Cufre , Axel Elian Brzostowski
发明人: Alberto Gustavo Solino Testa , Gerardo Gabriel Richarte , Fernando Federico Russ , Diego Martin Kelyacoubian , Ariel Futoransky , Diego Bartolome Tiscornia , Ariel Waissbein , Hector Adrian Manrique , Javier Ricardo De Acha Campos , Eduardo Arias , Sebastian Pablo Cufre , Axel Elian Brzostowski
IPC分类号: G06F12/14
CPC分类号: G06F21/577
摘要: A system and method provide application penetration testing. The system contains logic configured to find at least one vulnerability in the application so as to gain access to data associated with the application, logic configured to confirm the vulnerability and determine if the application can be compromised, and logic configured to compromise and analyze the application by extracting or manipulating data from a database associated with the application. In addition, the method provides for penetration testing of a target by: receiving at least one confirmed vulnerability of the target; receiving a method for compromising the confirmed vulnerability of the target; installing a network agent on the target in accordance with the method, wherein the network agent allows a penetration tester to execute arbitrary operating system commands on the target; and executing the arbitrary operating system commands on the target to analyze risk to which the target may be exposed.
摘要翻译: 系统和方法提供应用程序渗透测试。 该系统包含配置为在应用程序中找到至少一个漏洞的逻辑,以便访问与应用程序相关联的数据,配置为确认漏洞并确定应用程序是否可能受到损害的逻辑,以及配置为妥协和分析应用程序的逻辑 通过从与应用程序相关联的数据库中提取或操纵数据。 此外,该方法通过以下方式提供对目标的渗透测试:接收目标的至少一个确认的脆弱性; 接受破坏目标确认脆弱性的方法; 根据该方法在目标上安装网络代理,其中网络代理允许穿透测试器在目标上执行任意操作系统命令; 并执行目标上的任意操作系统命令来分析目标可能被暴露的风险。
-
公开(公告)号:US08484738B2
公开(公告)日:2013-07-09
申请号:US12043673
申请日:2008-03-06
申请人: Alberto Gustavo Soliño Testa , Gerardo Gabriel Richarte , Fernando Federico Russ , Diego Martin Kelyacoubian , Ariel Futoransky , Diego Bartolome Tiscornia , Ariel Waissbein , Hector Adrian Manrique , Javier Ricardo De Acha Campos , Eduardo Arias , Sebastian Pablo Cufre , Axel Elián Brzostowski
发明人: Alberto Gustavo Soliño Testa , Gerardo Gabriel Richarte , Fernando Federico Russ , Diego Martin Kelyacoubian , Ariel Futoransky , Diego Bartolome Tiscornia , Ariel Waissbein , Hector Adrian Manrique , Javier Ricardo De Acha Campos , Eduardo Arias , Sebastian Pablo Cufre , Axel Elián Brzostowski
CPC分类号: G06F21/577
摘要: A system and method provide application penetration testing. The system contains logic configured to find at least one vulnerability in the application so as to gain access to data associated with the application, logic configured to confirm the vulnerability and determine if the application can be compromised, and logic configured to compromise and analyze the application by extracting or manipulating data from a database associated with the application. In addition, the method provides for penetration testing of a target by: receiving at least one confirmed vulnerability of the target; receiving a method for compromising the confirmed vulnerability of the target; installing a network agent on the target in accordance with the method, wherein the network agent allows a penetration tester to execute arbitrary operating system commands on the target; and executing the arbitrary operating system commands on the target to analyze risk to which the target may be exposed.
摘要翻译: 系统和方法提供应用程序渗透测试。 该系统包含配置为在应用程序中找到至少一个漏洞的逻辑,以便访问与应用程序相关联的数据,配置为确认漏洞并确定应用程序是否可能受到损害的逻辑,以及配置为妥协和分析应用程序的逻辑 通过从与应用程序相关联的数据库中提取或操纵数据。 此外,该方法通过以下方式提供对目标的渗透测试:接收目标的至少一个确认的脆弱性; 接受破坏目标确认脆弱性的方法; 根据该方法在目标上安装网络代理,其中网络代理允许穿透测试器在目标上执行任意操作系统命令; 并执行目标上的任意操作系统命令来分析目标可能被暴露的风险。
-
搜索结果
2 条记录 (耗时 0.044 秒)
