Enhanced crawling of unexposed web applications
US11201892B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 9, 2019 |
| Grant date | Dec 14, 2021 |
| Priority date | — |
| Expiry date | Apr 17, 2040 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/20
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Techniques are disclosed for enhanced crawling of unexposed web applications for vulnerability scanning purposes. A response to a request to a web application is received and a web application framework detection routine is executed on the response. A determination is made that a web application framework is part of the response and the response is loaded in a web browser associated with the web application. A custom web application framework hook for the web application framework is injected into a web page of a web browser and a list of Document Object Model (DOM) elements and corresponding event handlers is received. A determination is made, based on the list, to execute DOM events to discover functionality of the web application. The DOM events are executed, and network activity of the web browser during execution of the DOM events is recorded.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.