Patent · US Active

Detecting persistent vulnerabilities in web applications

US8949994B2 · kind B2 · utility

25Cited by

13References

6Claims

0Family size

Assignee

International Business Machines Corporation · US

Inventors

Yair Amit · Nes Ziona, IL
Omer Tripp · Herzliya, IL

Key dates

Filing date	Mar 15, 2012
Grant date	Feb 3, 2015
Priority date	—
Expiry date	Mar 15, 2032

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1466
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A method, including storing a test payload to a persistent state of an application and performing a static analysis to identify a first code location in the application that retrieves the test payload, to identify a first path from an entry point to the first code location, and to identify a second path from the first code location to a second code location that executes a security sensitive operation using the retrieved data. A dynamic analysis is then performed to retrieve the test payload via the first path, and to convey the test payload to the second code location via the second path.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.