Patent · US Active

Systems and methods for analysis of cross-site scripting vulnerabilities

US10223533B2 · kind B2 · utility

226Cited by

3References

20Claims

0Family size

Assignee

Veracode, Inc. · US

Inventor

Isaac Dawson · Yokohama, JP

Key dates

Filing date	Oct 21, 2014
Grant date	Mar 5, 2019
Priority date	—
Expiry date	Aug 6, 2035

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1433
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A system for detecting XSS vulnerabilities includes determining the context in which a probe supplied as an input to a webpage or an application exists in a script associated with the webpage or application. A payload is generated based on, at least in part, the context such that during execution of the script, an executable code fragment in the payload can escape out of the context in which the probe exists and into a the global context of the script. The payload may include additional characters that prevent the payload from causing errors in the execution of the script.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.