-
公开(公告)号:US11449638B2
公开(公告)日:2022-09-20
申请号:US16084081
申请日:2016-03-18
申请人: ENTIT SOFTWARE LLC
摘要: Examples herein disclose via use of a physical processor, detecting a specific application programming interface (API) call to interact with an application running on a production server. Based on the detection of the specific API call, die examples assist, using the physical processor, a scanning session based on the specific API call Using the physical processor, the examples identify a modification to the application based on the scanning session.
-
公开(公告)号:US11695793B2
公开(公告)日:2023-07-04
申请号:US15799575
申请日:2017-10-31
申请人: EntIT Software LLC
发明人: Ming Sum Sam Ng , Sasi Siddharth Muthurajan , Nidhi Govindram Kejriwal , Gerald E. Sullivan, II , Alexander Hoole
CPC分类号: H04L63/1433 , G06F21/53 , G06F21/552 , H04L9/3239 , H04L9/3242 , G06F2221/033 , G06F2221/2149 , H04L2209/26
摘要: A method includes: identifying, by a runtime instrumentation agent of a web server, a plurality of attack surfaces of a web application executed on the web server; generating, by the runtime instrumentation agent, a plurality of hash values, where each hash value is generated based on one of the plurality of attack surfaces; and transmitting, by the runtime instrumentation agent, the plurality of hash values to an attack server external to the web server, where the attack server is to determine whether to scan each attack surface based on the plurality of hash values.
-
公开(公告)号:US20180349613A1
公开(公告)日:2018-12-06
申请号:US15775324
申请日:2015-11-13
申请人: ENTIT SOFTWARE LLC
CPC分类号: G06F21/577
摘要: Examples relate to automated multi-credential assessment in a system. One example enables auditing an application by sending a first request for an action to be performed in the application, the first request based on a first privilege level, where the first privilege level corresponds with a first level of access to the application, and sending a second request for the action to be performed in the application, where the second request based on a second privilege level different from the first privilege level. The second privilege level may corresponds with a second level of access to the application different from the first level of access. The first request and second request may be performed, and the results of the performed first request and second request may be combined. The combined results may be made available.
-
公开(公告)号:US11044266B2
公开(公告)日:2021-06-22
申请号:US16078777
申请日:2016-02-26
申请人: ENTIT SOFTWARE LLC
摘要: In some examples, a system includes a scan execution engine and a scan adaptation engine. The scan execution engine may execute a scan of a web application hosted on a web host. During scan execution, the scan adaptation engine may adapt a subsequent scan portion for later execution based on a scan metric received from a monitoring agent that monitors the web application, the web host, or both.
-
公开(公告)号:US20200293673A1
公开(公告)日:2020-09-17
申请号:US16084081
申请日:2016-03-18
申请人: Entit Software LLC
摘要: Examples herein disclose via use of a physical processor, detecting a specific application programming interface (API) call to interact with an application running on a production server. Based on the detection of the specific API call, die examples assist, using the physical processor, a scanning session based on the specific API call Using the physical processor, the examples identify a modification to the application based on the scanning session.
-
公开(公告)号:US20190132348A1
公开(公告)日:2019-05-02
申请号:US15799575
申请日:2017-10-31
申请人: EntIT Software LLC
发明人: Ming Sum Sam Ng , Sasi Siddharth Muthurajan , Nidhi Govindram Kejriwal , Gerald E. Sullivan, II , Alexander Hoole
摘要: A method includes: identifying, by a runtime instrumentation agent of a web server, a plurality of attack surfaces of a web application executed on the web server; generating, by the runtime instrumentation agent, a plurality of hash values, where each hash value is generated based on one of the plurality of attack surfaces; and transmitting, by the runtime instrumentation agent, the plurality of hash values to an attack server external to the web server, where the attack server is to determine whether to scan each attack surface based on the plurality of hash values.
-
公开(公告)号:US20180330099A1
公开(公告)日:2018-11-15
申请号:US15775198
申请日:2015-11-13
申请人: ENTIT SOFTWARE LLC
CPC分类号: G06F21/577 , G06F17/30598 , G06F21/12 , G06F21/552 , G06F2221/033
摘要: Examples relate to detecting vulnerabilities in a web application. One example enables identifying a set of inputs in a web application input form. The set of inputs may be categorized based on a set of predetermined conditions. The set of inputs may be scored based on the categorization. A subset of the set of inputs may be determined to be a set of parameters of interest for the web application based on the scored set of inputs.
-
公开(公告)号:US10891381B2
公开(公告)日:2021-01-12
申请号:US15775198
申请日:2015-11-13
申请人: ENTIT SOFTWARE LLC
摘要: Examples relate to detecting vulnerabilities in a web application. One example enables identifying a set of inputs in a web application input form. The set of inputs may be categorized based on a set of predetermined conditions. The set of inputs may be scored based on the categorization. A subset of the set of inputs may be determined to be a set of parameters of interest for the web application based on the scored set of inputs.
-
公开(公告)号:US20190052666A1
公开(公告)日:2019-02-14
申请号:US16078777
申请日:2016-02-26
申请人: ENTIT SOFTWARE LLC
IPC分类号: H04L29/06
摘要: In some examples, a system includes a scan execution engine and a scan adaptation engine. The scan execution engine may execute a scan of a web application hosted on a web host. During scan execution, the scan adaptation engine may adapt a subsequent scan portion for later execution based on a scan metric received from a monitoring agent that monitors the web application, the web host, or both.
-
-
-
-
-
-
-
-
搜索结果
9 条记录 (耗时 0.011 秒)
