Patent · US Active

Application security testing based on live traffic

US12294603B2 · kind B2 · utility

0Cited by

2References

20Claims

0Family size

Assignee

Traceable Inc · US

Inventors

Inon Shkedy · Fort Myers, US
Roshan Piyush · Bengaluru, IN
Sanjay Nagaraj · Dublin, US
Satish Kumar Mittal · Bengaluru, IN
Juan Pablo Tosso Alvarez · Santiago, CL

Key dates

Filing date	Jan 8, 2022
Grant date	May 6, 2025
Priority date	—
Expiry date	Sep 20, 2042

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1425
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Live and legitimate user traffic is used with in depth knowledge of the business logic for an API specification to perform security testing on a set of APIs. The present system intercepts and analyzes application program interface (API) traffic, identifies user session data, and identifies traffic suitable to duplicate. The identified traffic is duplicated and modified by addition of malicious code. The modified code is then sent to its intended API destination, where it is processed as normal. The resulting response and other traffic as well as the API system and optionally other systems, such as datastore systems, are analyzed to determine if the malicious code resulted in a valid attack. Results from the modified code attack attempts are reported to a user.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.