Patent · US Active

Scanning unexposed web applications for vulnerabilities

US11228611B1 · kind B1 · utility

1Cited by

1References

20Claims

0Family size

Assignee

Rapid7, Inc. · US

Inventors

Jijo John · London, CA
Dmitriy Kashitsyn · Yorba Linda, US
Andrew Tisdale · Tecate Mission Road, US

Key dates

Filing date	Aug 20, 2019
Grant date	Jan 18, 2022
Priority date	—
Expiry date	Jan 28, 2040

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/20
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Disclosed herein are methods, systems, and processes for scanning unexposed web applications for security vulnerabilities. A web application executing on a client computing device is accessed and a determination is made that elements in a document object model (DOM) associated with the web application are completely loaded. A brute force operation is performed to identify unexposed actionable events associated with the elements in the DOM. The unexposed actionable events identified as part of performing the brute force operation are received from the client computing device, and the web application is scanned for security vulnerabilities based on the unexposed actionable events.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.