Patent · US Active

Detecting security vulnerabilities in web applications

US8984642B2 · kind B2 · utility

10Cited by

2References

2Claims

0Family size

Assignee

International Business Machines Corporation · US

Inventors

Marco Pistoia · Amawalk, US
Ori Segal · Nes Ziona, IL
Omer Tripp · Herzliya, IL

Key dates

Filing date	Mar 5, 2013
Grant date	Mar 17, 2015
Priority date	—
Expiry date	Mar 5, 2033

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1433
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Method to detect security vulnerabilities includes: interacting with a web application during its execution to identify a web page exposed by the web application; statically analyzing the web page to identify a parameter within the web page that is constrained by a client-side validation measure and that is to be sent to the web application; determining a server-side validation measure to be applied to the parameter in view of the constraint placed upon the parameter by the client-side validation measure; statically analyzing the web application to identify a location within the web application where the parameter is input into the web application; determining whether the parameter is constrained by the server-side validation measure prior to the parameter being used in a security-sensitive operation; and identifying the parameter as a security vulnerability.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.