| Patent application number | Description | Published |
|---|
| 20090205047 | Method and Apparatus for Security Assessment of a Computing Platform - A system and method for automated security testing are disclosed. The disclosure provides for automated discovery of security vulnerabilities through the monitoring of activities that occur throughout the separate components of a computing platform during a testing session through a communications interface. | 08-13-2009 |
| 20090320043 | APPLICATION STATE DETECTOR AND INDUCER - A method for controlling a computer-implemented application, the method including determining a current state of a computer-implemented application, inducing the application into a predefined state associated with a target action of the application if the current state does not match the predefined state in accordance with predefined match criteria, and causing the target action to be performed. | 12-24-2009 |
| 20100088668 | Crawling of object model using transformation graph - A transformation tree for an object model (OM) is defined. The transformation tree has nodes interconnected by edges, where each node is connected to at most one other tree node. Each node corresponds to a state of the OM; each edge corresponds to an event causing the OM to transition from the state of one node to the state of another node. A transformation graph for the OM is constructed by simulating the transformation tree. The transformation graph has nodes interconnected by edges, and is a directed graph in which each node is connected to one or more other nodes. Each node corresponds to a state of the OM; each edge corresponds to an event causing the OM to transition from the state of one node to the state of another node. Crawling-oriented actions are performed in relation to the OM by being performed in relation to the transformation graph. | 04-08-2010 |
| 20100088761 | CROSS-DOMAIN ACCESS PREVENTION - A method, system, and computer program product for cross-domain access prevention are provided. The method includes detecting a request from a first domain to access a second domain, and applying cross-domain access heuristics to determine whether to allow the request. The cross-domain access heuristics define common ownership characteristics between the first domain and the second domain. The method further includes performing the requested access in response to determining that the request complies with at least one of the cross-domain access heuristics, and blocking the requested access in response to determining that the request fails to comply with the cross-domain access heuristics. | 04-08-2010 |
| 20100169974 | Measuring Coverage of Application Inputs for Advanced Web Application Security Testing - A computer implemented method, a data processing system, and a computer usable recordable-type medium having a computer usable program code monitor a black box web application security scan. A black box scan of a web application is initiated. The black box scan sends a test is sent to a plurality of web application inputs of the web application. A runtime analysis is performed on the black box scan of the web application. Based on the run time analysis of the black box scan, the black box scan is modified. | 07-01-2010 |
| 20110161486 | DETECTING AND MONITORING SERVER SIDE STATES DURING WEB APPLICATION SCANNING - A computer-implemented method, system, and computer program product for detecting and monitoring server side state during the scanning of a web application. The method includes: monitoring executed code of the web application while scanning the web application; retrieving code coverage information from the monitoring of the executed code and retrieving scanning information from the scanning of the web application; correlating the code coverage information with the scanning information; and determining a change in the server side state based on the correlation. The system includes one or more devices that executes the steps of the method. The computer program products includes computer program instructions stored on a computer readable storage medium, where the instructions, when executed, will cause a computer to perform the steps of the methods. | 06-30-2011 |
| 20110225234 | Preventing Cross-Site Request Forgery Attacks on a Server - Preventing Cross-Site Request Forgery (CSRF) security attacks on a server in a client-server environment. In one aspect, this comprises embedding a nonce and a script in all responses from the server to the client wherein, when executed, the script adds the nonce to each request from the client to the server; sending the response with the nonce and the script to the client; and verifying that each request from the client includes the nonce sent by the server from the server to the client. The script preferably modifies all objects, including dynamically generated objects, in a server response that may generate future requests to the server to add the nonce to the requests. The server verifies the nonce value in a request and optionally confirms the request with the client if the value is not the same as the value previously sent by the server. Server-side aspects might be embodied in the server or a proxy between the server and the client. | 09-15-2011 |
| 20110314091 | METHOD AND SYSTEM FOR AUTOMATED ANALYSIS AND TRANSFORMATION OF WEB PAGES - A method and system for modifying web pages, including dynamic web pages, based on automated analysis wherein web pages are transformed based on transformation instructions in nearly real-time, and wherein analysis is performed and transformation instructions based on the analysis are prepared prior to a request for the web page. The system has two primary components, an analyzer which asynchronously and repeatedly analyzes web pages creating and updating transformation instructions relating to the web pages, and a transformer which intercepts traffic to a web server in response to a request for the web page, receives the returned web pages, and transforms them based on stored transformation instructions. | 12-22-2011 |
