Method and apparatus for managing security vulnerability lifecycles

Assignee

• WHITEHAT SECURITY, INC. · US

Inventors

• William Pennington · San Jose, US
• Jeremiah Grossman · San Jose, US
• Robert T. Stone · Sunnyvale, US
• Siamak Pazirandeh · San Diego, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1433
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Vulnerability testing of a web application can be done using external testing, wherein an external test system runs with permissions of a user of the web application and interacts with the web application over a network, the external test system might obtain a schedule for a vulnerability test, execute the schedule using the external test system, log at least portions of responses of the web application to interactions of the external test system with the web application, compare portions of the responses to expected possible responses associated with particular possible vulnerabilities of the web application, thereby detecting possible vulnerabilities of the web application and, for at least one detected possible vulnerability, generating a retest script that comprises at least instructions to place the web application in a state at least similar to the state at which the at least one detected possible vulnerability was detected during execution of the schedule and that comprises at least instructions to interact with the web application in an attempt to recreate the detection without requiring reexecution of the schedule.