利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

5 条记录 (耗时 0.02 秒)

    BLACK-BOX TESTING OF WEB APPLICATIONS WITH CLIENT-SIDE CODE EVALUATION
    2.
    发明申请
    BLACK-BOX TESTING OF WEB APPLICATIONS WITH CLIENT-SIDE CODE EVALUATION 有权
    使用客户端代码评估的WEB应用程序的黑盒测试

    公开(公告)号:US20130007885A1

    公开(公告)日:2013-01-03

    申请号:US13170839

    申请日:2011-06-28

    申请人: YINNON A. HAVIV DANIEL KALMAN DMITRI PIKUS OMER TRIPP OMRI WEISMAN

    发明人: YINNON A. HAVIV DANIEL KALMAN DMITRI PIKUS OMER TRIPP OMRI WEISMAN

    IPC分类号: G06F21/00

    CPC分类号: G06F21/577 H04L63/1433 H04L63/1441

    摘要: Detecting security vulnerabilities in web applications by interacting with a web application at a computer server during its execution at the computer server, identifying client-side instructions provided by the web application responsive to an interaction with the web application, where the client-side instructions are configured to be implemented by a client computer that receives the client-side instructions from the computer server, evaluating the identified client-side instructions, and identifying a security vulnerability associated with the client-side instructions.

    摘要翻译: 通过在计算机服务器执行期间与计算机服务器上的Web应用程序交互来检测Web应用程序中的安全漏洞,识别由Web应用程序提供的客户端指令,响应于与Web应用程序的交互,其中客户端指令是 被配置为由从计算机服务器接收客户端指令的客户端计算机实现,评估所识别的客户端指令,以及识别与客户端指令相关联的安全漏洞。

    DETECTION OF DOM-BASED CROSS-SITE SCRIPTING VULNERABILITIES
    4.
    发明申请
    DETECTION OF DOM-BASED CROSS-SITE SCRIPTING VULNERABILITIES 审中-公开
    检测基于DOM的跨站脚本的漏洞

    公开(公告)号:US20130111595A1

    公开(公告)日:2013-05-02

    申请号:US13447904

    申请日:2012-04-16

    申请人: YAIR AMIT YINNON A. HAVIV DANIEL KALMAN OMER TRIPP OMRI WEISMAN

    发明人: YAIR AMIT YINNON A. HAVIV DANIEL KALMAN OMER TRIPP OMRI WEISMAN

    IPC分类号: G06F21/00

    CPC分类号: G06F21/566 G06F21/52 G06F21/577

    摘要: Testing a Web-based application for security vulnerabilities. At least one client request including a payload having a unique identifier can be communicated to the Web-based application. Response HTML and an associated Document Object Model (DOM) object can be received from the Web-based application. Content corresponding to the payload can be identified in the DOM object via the unique identifier. A section of the DOM object including the payload can be identified as un-trusted.

    摘要翻译: 测试基于Web的应用程序的安全漏洞。 包括具有唯一标识符的有效载荷的至少一个客户端请求可以被传送到基于Web的应用。 可以从基于Web的应用程序接收响应HTML和关联的文档对象模型(DOM)对象。 可以通过唯一标识符在DOM对象中识别与有效载荷相对应的内容。 包括有效载荷的DOM对象的一部分可以被识别为不可信。

    INJECTION CONTEXT BASED STATIC ANALYSIS OF COMPUTER SOFTWARE APPLICATIONS
    5.
    发明申请
    INJECTION CONTEXT BASED STATIC ANALYSIS OF COMPUTER SOFTWARE APPLICATIONS 有权
    基于注入上下文的计算机软件应用的静态分析

    公开(公告)号:US20110321016A1

    公开(公告)日:2011-12-29

    申请号:US12825293

    申请日:2010-06-28

    申请人: YINNON A. HAVIV ROEE HAY MARCO PISTOIA ORY SEGAL ADI SHARABANI TAKAAKI TATEISHI OMER TRIPP OMRI WEISMAN

    发明人: YINNON A. HAVIV ROEE HAY MARCO PISTOIA ORY SEGAL ADI SHARABANI TAKAAKI TATEISHI OMER TRIPP OMRI WEISMAN

    IPC分类号: G06F11/36 G06F9/44

    CPC分类号: G06F11/3604 G06F8/75 G06F21/577

    摘要: Embodiments of the invention generally relate to injection context based static analysis of computer software applications. Embodiments of the invention may include selecting a sink within a computer software application, tracing a character output stream leading to the sink within the computer software application, determining an injection context of the character output stream at the sink, where the injection context is predefined in association with a state of the character output stream at the sink, identifying any actions that have been predefined in association with the identified injection context, and providing a report of the actions.

    摘要翻译: 本发明的实施例一般涉及计算机软件应用的基于注入上下文的静态分析。 本发明的实施例可以包括选择计算机软件应用程序内的汇点,跟踪通向计算机软件应用程序内的汇点的字符输出流,确定汇点处的字符输出流的注入上下文,其中注入上下文在 与汇点处的字符输出流的状态相关联,识别已经与所识别的注入上下文相关联地预定义的任何动作,以及提供动作的报告。