公开(公告)号：US20160314302A1

公开(公告)日：2016-10-27

申请号：US14692203

申请日：2015-04-21

Applicant: SAP SE

Inventor： Antonino Sabetta ,  Luca Compagna ,  Serena Ponta ,  Stanislav Dashevskyi ,  Daniel Dos Santos ,  Fabio Massacci

IPC: G06F21/57 ,  G06F21/53 ,  G06F21/54

CPC classification number: G06F21/577 ,  G06F21/53 ,  G06F21/54 ,  G06F21/566 ,  G06F2221/033

Abstract: An input handler receives an exploit test request specifying at least one exploit to be tested against at least one application in at least one execution environment. A deployment engine deploys the at least one execution environment including instantiating a container providing a virtual machine image and configured based on the exploit test request, the instantiated container including the at least one application. A scheduler schedules execution of the at least one execution environment within at least one execution engine, including scheduling an injection of the at least one exploit as specified in the exploit test request. A report generator generates an exploit test report characterizing a result of the at least one exploit being injected into the at least one execution environment of the at least one execution engine.

Abstract translation: 输入处理程序接收在至少一个执行环境中针对至少一个应用程序指定要测试的至少一个漏洞利用的漏洞利用测试请求。 所述部署引擎部署所述至少一个执行环境，所述至少一个执行环境包括实例化提供虚拟机映像并且基于所述漏洞利用测试请求来配置的容器，所述实例化容器包括所述至少一个应用。 调度器调度至少一个执行引擎中的至少一个执行环境的执行，包括调度在漏洞利用测试请求中指定的至少一个利用的注入。 报告生成器生成攻击测试报告，其表征被注入至少一个执行引擎的至少一个执行环境中的至少一个利用的结果。

公开(公告)号：US09811668B2

公开(公告)日：2017-11-07

申请号：US14692203

申请日：2015-04-21

Applicant: SAP SE

Inventor： Antonino Sabetta ,  Luca Compagna ,  Serena Ponta ,  Stanislav Dashevskyi ,  Daniel Dos Santos ,  Fabio Massacci

IPC: G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00 ,  G06F21/57 ,  G06F21/54 ,  G06F21/53 ,  G06F21/56

CPC classification number: G06F21/577 ,  G06F21/53 ,  G06F21/54 ,  G06F21/566 ,  G06F2221/033

Abstract: An input handler receives an exploit test request specifying at least one exploit to be tested against at least one application in at least one execution environment. A deployment engine deploys the at least one execution environment including instantiating a container providing a virtual machine image and configured based on the exploit test request, the instantiated container including the at least one application. A scheduler schedules execution of the at least one execution environment within at least one execution engine, including scheduling an injection of the at least one exploit as specified in the exploit test request. A report generator generates an exploit test report characterizing a result of the at least one exploit being injected into the at least one execution environment of the at least one execution engine.