Machine learned model for generating opinionated threat assessments of security vulnerabilities
US-2024411898-A1 · Dec 12, 2024 · US
Targeted security testing
US9971896B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9971896-B2 |
| Application number | US-201113341426-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 30, 2011 |
| Priority date | Dec 30, 2011 |
| Publication date | May 15, 2018 |
| Grant date | May 15, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Source code of a plurality of web pages including script code is statically analyzed. A page including a potential vulnerability is identified based on the static analysis. A page not including a potential vulnerability is identified based on the static analysis. The web page including the potential vulnerability is dynamically analyzed using a set of test payloads. The page not including the potential vulnerability is dynamically analyzed using a subset of the set of test payloads, the subset including fewer test payloads than the set of test payloads.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer program product comprising a non-transitory computer readable medium having a plurality of instructions stored thereon, which, when executed by a processor, cause the processor to perform operations including: statically analyzing source code of a plurality of web pages including script code; identifying a first web page of the plurality of web pages as including a potential vulnerability based on the static analysis; identifying a second web page of the plurality of web pages as not including a potential vulnerability based on the static analysis; flagging, based on the static analysis, the first web page of the plurality of web pages as including the potential vulnerability; flagging, based on the static analysis, the second web page of the plurality of web pages as not including the potential vulnerability; dynamically analyzing the first web page of the plurality of web pages using a set of test payloads per parameter tested based upon flagging the first web page as including the potential vulnerability to verify whether the potential vulnerability is a false positive; determining how to reproduce the potential vulnerability based on the dynamic analysis; and dynamically analyzing the second web page of the plurality of web pages using a subset of the set of test payloads based upon flagging the second web page as not including the potential vulnerability, the subset including fewer test payloads per parameter tested than the set of test payloads per parameter tested used for the first web page of the plurality of web pages based upon flagging the first web page as including the potential vulnerability, and wherein the subset tests for one or more common sources of vulnerabilities; wherein a ratio of the test payloads per parameter in the subset of the set of test payloads to the test payloads per parameter in the set of test payloads is between 1:10 and 1:200. 2. The computer program product of claim 1 , further comprising instructions for receiving the plurality of web pages from a web server. 3. The computer program product of claim 1 , wherein the plurality of web pages are associated with a web application. 4. The computer program product of claim 1 , wherein the instructions for statically analyzing the source code of the plurality of web pages, include instructions for building a model representing a flow of data through the source code of the plurality of web pages. 5. The computer program product of claim 1 , wherein the potential vulnerability includes a data-flow violation based on a set of security rules. 6. The computer program product of claim 1 , wherein the instructions for statically analyzing the source code of the plurality of web pages include instructions for static taint analysis. 7. The computer program product of claim 1 , wherein the instructions for dynamically analyzing include instructions for executing the script code on a script engine. 8. A system comprising: a processor and a memory coupled with the processor; one or more software modules deployed in the memory and executed on the processor, the one or more software modules, when executed on the processor is configured to perform one or more operations comprising: statically analyzing source code of a plurality of web pages including script code; identifying a first web page of the plurality of web pages as including a potential vulnerability based on the static analysis; identifying a second web page of the plurality of web pages as not including a potential vulnerability based on the static analysis; flagging, based on the static analysis, the first web page of the plurality of web pages as including the potential vulnerability; flagging, based on the static analysis, the second web page of the plurality of web pages as not including the potential vulnerability; dynamically analyzing the first web page of the plurality of web pages using a set of test payloads per parameter tested based upon flagging the first web page as including the potential vulnerability to verify whether the potential vulnerability is a false positive; determining how to reproduce the potential vulnerability based on the dynamic analysis; and dynamically analyzing the second web page of the plurality of web pages using a subset of the set of test payloads based upon flagging the second web page as not including the potential vulnerability, the subset including fewer test payloads per parameter tested than the set of test payloads per parameter tested used for the first web page of the plurality of web pages based upon flagging the first web page as including the potential vulnerability, and wherein the subset tests for one or more common sources of vulnerabilities; wherein a ratio of the test payloads per parameter in the subset of the set of test payloads to the test payloads per parameter in the set of test payloads is between 1:10 and 1:200. 9. The system of claim 8 , wherein the one or more operations further includes receiving the plurality of web pages from a web server. 10. The system of claim 8 , wherein the plurality of web pages are associated with a web application. 11. The system of claim 8 , statically analyzing the source code of the plurality of web pages includes building a model representing a flow of data through the source code of the plurality of web pages. 12. The system of claim 8 , wherein the potential vulnerability includes a data-flow violation based on a set of security rules. 13. The system of claim 8 , wherein statically analyzing the source code of the plurality of web pages; is conducted using static taint analysis. 14. The system of claim 8 , wherein the one or more operations further includes dynamically analyzing by executing the script code on a script engine. 15. The computer program product of claim 1 , wherein the subset of the set of test payloads includes between 1 to 10 test payloads per parameter and the set of test payloads includes between 100 to 200 test payloads per parameter. 16. The system of claim 8 , wherein the subset of the set of test payloads includes between 1 to 10 test payloads per parameter and the set of test payloads includes between 100 to 200 test payloads per parameter.
Assignees
Inventors
Classifications
- G06F21/577Primary
Assessing vulnerabilities and evaluating computer system security · CPC title
Test or assess software · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9971896B2 cover?
- Source code of a plurality of web pages including script code is statically analyzed. A page including a potential vulnerability is identified based on the static analysis. A page not including a potential vulnerability is identified based on the static analysis. The web page including the potential vulnerability is dynamically analyzed using a set of test payloads. The page not including the p…
- Who is the assignee on this patent?
- Amit Yair, Guy Lotem, Kalman Daniel, and 3 more
- What technology area does this patent fall under?
- Primary CPC classification G06F21/577. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue May 15 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).