首页>
外国专利>
Security testing of web applications with specialised payloads
Security testing of web applications with specialised payloads
展开▼
机译:具有专用负载的Web应用程序的安全性测试
展开▼
页面导航
摘要
著录项
相似文献
摘要
Method and system for security testing of web applications comprises; submitting 304 a test to a web application, wherein the test has a payload with a (possibly empty) set of constraints or variables. It further comprises receiving 305 a response from the web application, deriving 308 at least one constraint from the response, and using these to update the previous set of constraints and synthesize 310 a new payload. The test is then repeated 304 by submitting the new payload, and iterating this method until a security vulnerability is discovered 307 or a new payload cannot be constructed under all determined constraints and which possibly respects the grammar of a computer language used. This method may be used to check for input or script that is not sanitised by the web application and thus may be used as a cross-site scripting (XSS) attack. The constraints may be regarded as tokens, and tokens may be replaced with new tokens when generating the new payload.
展开▼