Identifying webpages accessible by unauthorized users via URL guessing or network sniffing

Assignee

• International Business Machines Corporation · US

Inventors

• Michael Bender · Rye Brook, US
• David E. Nachman · Morristown, US
• Michael P. Shute · Niantic, US
• Keith R. Walker · Austin, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/168
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A computer-implemented method includes: generating a first list of uniform resource locators (URLs) available on a page when accessed using privileged credentials; storing one or more first URL outputs associated with the first list of URLs including the content of webpages accessed using the privileged credentials; generating a second list of URLs when accessed using non-privileged credentials; generating a third list of URLs, wherein the third list of URLs includes URLs included in the first list of URLs and not included in the second list of URLs; storing a second URL output including content of a webpage mapped to a particular URL in the third list of URLs when the particular URL is accessed using the non-privileged credentials; determining that the second URL output matches a particular first URL output associated with the particular URL; and outputting an alert identifying that the webpage is accessible by an unauthorized user.