Scanning web applications for security vulnerabilities
US11785039B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Nov 9, 2021 |
| Grant date | Oct 10, 2023 |
| Priority date | — |
| Expiry date | Nov 9, 2041 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/20
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Disclosed herein are methods, systems, and processes for the enhanced crawling of unexposed web applications for vulnerability scanning purposes. A response to a request generated to a web application is received and a web application framework detection routine on the response for web application frameworks is executed. A determination is made that a web application framework is part of the response and the response is loaded in a web browser associated with the web application. A custom web application framework hook for the web application framework is injected into a web page of a web browser and a list of Document Object Model (DOM) elements and corresponding event handlers is received. A determination is made, based on the list, to execute DOM events to discover functionality of the web application. The web page is loaded in the web browser, the DOM events are executed, and network activity of the web browser during execution of the DOM events is recorded.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.