Automated login framework for application security testing
US12107848B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | May 19, 2022 |
| Grant date | Oct 1, 2024 |
| Priority date | — |
| Expiry date | Apr 13, 2043 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1433
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
An automated login framework for dynamic application security testing is disclosed. A web application executing on a computing device is accessed and an automated login framework (ALF) is injected into an onload event of a web browser associated with the web application. The ALF is then accessed with a credential associated with the web application. A login page associated with application is identified by matching links or buttons with a user-defined regular expression and a user-defined wordlist. Then, a login form in the login page is detected by executing a signature technique, a dictionary technique, and a multistep signature technique. The login form is populated using the credential and submitted for authentication, and a status with a confidence score is received indicating whether the authentication was successful or failed.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.