Patent · US Active

Web application assessment based on intelligent generation of attack strings

US8656495B2 · kind B2 · utility

7Cited by

1References

10Claims

0Family size

Assignee

HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P. · US

Inventors

Caleb Sima · Woodstock, US
Raymond Kelly · Santa Cruz, US
William M. Hoffman · Montgomery, US

Key dates

Filing date	Nov 17, 2006
Grant date	Feb 18, 2014
Priority date	—
Expiry date	Dec 20, 2032

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/168
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A web application is more efficiently analyzed by intelligently generating attack sequences to be used in the assessment. Rather than simply sending a canned list of static strings at a web application, the operation of the web application is analyzed to determine the filtering and acceptance characteristics of the web site. As this information is ascertained, a vocabulary of allowed symbols is created. This vocabulary is used in the building of attack strings and as such, the number of attack strings fired at the web application is greatly reduced, as well as the number of false positives.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.