Greybox fuzzing for web applications
US11250139B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Apr 27, 2020 |
| Grant date | Feb 15, 2022 |
| Priority date | — |
| Expiry date | Aug 27, 2040 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/033
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method may include sending, to an entry point of an instrumented web application, a first request including a first value of a parameter. The first value may correspond to a first vulnerability category. The method may further include receiving, from the instrumented web application, first taint analysis results, determining that the first taint analysis results include a sink function corresponding to a second vulnerability category, and sending, to the entry point, a second request including a second value of the parameter. The second value may correspond to the second vulnerability category. The method may further include receiving, from the instrumented web application and in response to sending the second request, second taint analysis results including the sink function, and detecting, in the instrumented web application and using the second taint analysis results, a vulnerability corresponding to the sink function and the second vulnerability category.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.