Identifying stored security vulnerabilities in computer software applications

摘要

Identifying stored security vulnerabilities in computer software applications by providing via a first interface of a computer software application during execution of the computer software application, test data having a characteristic of a malicious payload, where an interaction performed with the first interface resulted in data being written to a location within a persistent data store, and where an interaction performed with a second interface of the computer software application resulted in data being read from the location within the persistent data store, and identifying a stored security vulnerability associated with the computer software application if the test data are written to the persistent data store at the location.