JP5982575B2 - 動的テイントに基づくセキュリティ・スキャン - Google Patents
動的テイントに基づくセキュリティ・スキャン Download PDFInfo
- Publication number
- JP5982575B2 JP5982575B2 JP2015529767A JP2015529767A JP5982575B2 JP 5982575 B2 JP5982575 B2 JP 5982575B2 JP 2015529767 A JP2015529767 A JP 2015529767A JP 2015529767 A JP2015529767 A JP 2015529767A JP 5982575 B2 JP5982575 B2 JP 5982575B2
- Authority
- JP
- Japan
- Prior art keywords
- module
- application
- attack
- dynamic
- vulnerability
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Debugging And Monitoring (AREA)
- For Increasing The Reliability Of Semiconductor Memories (AREA)
- Computer And Data Communications (AREA)
Description
Claims (15)
- 計算システムであって
アプリケーションに関連する動的テイントモジュールに、通信モジュールを介してセキュリティ・テストのクローリング・フェイズを開始させ、
前記動的テイントモジュールからレポートを受信し、
前記動的テイントモジュールの制限を生成し、
前記レポートに基づいてスキャン戦略を生成するためのアプリケーション・セキュリティ・スキャナー
を含む計算システム。 - 前記アプリケーション・セキュリティ・スキャナーから前記動的テイントモジュールを開始するための第1のメッセージを受信し、
前記第1のメッセージに応答して、前記動的テイントモジュールを開始し、
前記クローリング・フェイズ中に前記レポートを生成し、
前記レポートの前記アプリケーション・セキュリティ・スキャナーへの送信を行い、
前記動的テイントモジュールを無効化するための第2のメッセージを受信し、
前記第2のメッセージに基づいて前記動的テイントモジュールの少なくとも一部を無効化するための前記動的テイントモジュール
をさらに含む、請求項1に記載の計算システム。 - 前記動的テイントモジュールは、前記クローリング・フェイズ中に前記アプリケーションのプログラム実行をインターセプトし、信用できない1以上のユーザ入力をテイント発生源としてマーキングし、前記ユーザ入力をトレースし、個々のユーザ入力が危険なファンクション・コールの原因であるか否かを判定することにより、セキュリティ脆弱性候補を決定する、請求項2に記載の計算システム。
- 前記危険なファンクション・コールは、直接的データベース・クエリ、ファイル・オープン、ファイル削除、及び、ハイパーテキスト・マークアップ・ランゲージ応答ストリームへの書き込み関数のうちの少なくとも1つを含む、請求項3に記載の計算システム。
- 前記開始は、前記アプリケーション・セキュリティ・スキャナーを補助するために、前記動的テイントモジュールの機能を有効化することを意味し、前記動的テイントモジュールの制限を生成することは、前記機能を無効化することを意味する、請求項1〜4の何れか一項に記載の計算システム。
- 前記クローリング・フェイズ中に前記アプリケーションの攻撃エントリポイントを取得するためのクローラーをさらに含み、
前記レポートは、前記クローリング・フェイズ中に前記動的テイントモジュールにより決定された前記アプリケーションの1以上の脆弱性候補の脆弱性候補リストを含む、請求項1〜5の何れか一項に記載の計算システム。 - 攻撃モジュールと、
前記攻撃モジュールにより前記アプリケーションに対して実施される攻撃の際に、前記脆弱性候補リストを優先順位付けすることにより、前記スキャン戦略を決定するための調節モジュールと
をさらに含む、請求項6に記載の計算システム。 - 攻撃モジュールと、
前記脆弱性候補リストに重点を置いて攻撃を決定することにより、前記スキャン戦略を決定するための調節モジュールと
をさらに含み、前記攻撃モジュールは、前記スキャン戦略に基づいて前記アプリケーションを攻撃する、請求項6に記載の計算システム。 - 種々の命令が記憶された持続性機械読取可能な記憶媒体であって、前記種々の命令は、計算装置の少なくとも1つのプロセッサによって実行されたときに、前記計算装置に、
アプリケーションに関連する動的テイントモジュールに、セキュリティ・テストのクローリング・フェイズを開始させ、
前記動的テイントモジュールから脆弱性候補リストを含むレポートを受信させ、
前記動的テイントモジュールの制限を生成させ、
前記脆弱性候補リストに基づいてスキャン戦略を生成させるように構成される、持続性機械読取可能な記憶媒体。 - 前記脆弱性候補リストは、信用できない1以上のユーザ入力をテイント発生源としてマーキングし、前記ユーザ入力をトレースし、個々のユーザ入力が、危険なファンクション・コールの原因であるか否かを判定することにより決定された脆弱性候補を含む、請求項9に記載の持続性機械読取可能な記憶媒体。
- 前記少なくとも1つのプロセッサによって実行されたときに、前記計算装置に、
前記クローリング・フェイズ中に前記アプリケーションの攻撃エントリポイントを取得させ、
前記アプリケーションへの攻撃に備えて前記脆弱性候補リストを優先順位付けすることにより、前記スキャン戦略を決定させ、
前記スキャン戦略に基づいて前記アプリケーションを攻撃させるように構成された命令をさらに含む、請求項9または請求項10に記載の持続性機械読取可能な記憶媒体。 - 前記少なくとも1つのプロセッサによって実行されたときに、前記計算装置に、
前記クローリング・フェイズ中に前記アプリケーションの攻撃エントリポイントを取得させ、
前記脆弱性候補リストに重点を置いて攻撃を決定することにより、前記スキャン戦略を決定させ、
前記スキャン戦略に基づいて前記アプリケーションを攻撃させるように構成された命令をさらに含む、請求項9または請求項10に記載の持続性機械読取可能な記憶媒体。 - プロセッサを有する計算装置を使用して実施される方法であって、
前記プロセッサにより、アプリケーションに関連する動的テイントモジュールに、通信モジュールを介してセキュリティ・テストのクローリング・フェイズを開始させ、
前記プロセッサにより、前記動的テイントモジュールから脆弱性候補リストを含むレポートを受信し、
前記プロセッサにより、前記動的テイントモジュールの制限を生成し、
前記プロセッサにより、前記脆弱性候補リストに基づいてスキャン戦略を生成し、
前記プロセッサにより、前記スキャン戦略に基づいて前記アプリケーションを攻撃すること
を含む方法。 - 前記攻撃は、前記脆弱性候補リストに基づいて優先順位付けされる、請求項13に記載の方法。
- 前記攻撃は、前記脆弱性候補リスト上の脆弱性に関連する攻撃からなる、請求項13に記載の方法。
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/US2012/052772 WO2014035386A1 (en) | 2012-08-29 | 2012-08-29 | Security scan based on dynamic taint |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| JP2015534155A JP2015534155A (ja) | 2015-11-26 |
| JP5982575B2 true JP5982575B2 (ja) | 2016-08-31 |
Family
ID=50184025
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| JP2015529767A Active JP5982575B2 (ja) | 2012-08-29 | 2012-08-29 | 動的テイントに基づくセキュリティ・スキャン |
Country Status (7)
| Country | Link |
|---|---|
| US (1) | US9558355B2 (ja) |
| EP (1) | EP2891100B1 (ja) |
| JP (1) | JP5982575B2 (ja) |
| KR (1) | KR20150048778A (ja) |
| CN (1) | CN104995630B (ja) |
| BR (1) | BR112015004035A2 (ja) |
| WO (1) | WO2014035386A1 (ja) |
Families Citing this family (66)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9317693B2 (en) * | 2012-10-22 | 2016-04-19 | Rapid7, Llc | Systems and methods for advanced dynamic analysis scanning |
| EP3100192B1 (en) * | 2014-01-27 | 2018-10-31 | Cronus Cyber Technologies Ltd. | Automated penetration testing device, method and system |
| EP3170115A4 (en) * | 2014-07-18 | 2018-02-28 | EntIT Software LLC | Determining terms for security test |
| US9781145B2 (en) * | 2014-11-25 | 2017-10-03 | International Business Machines Corporation | Persistent cross-site scripting vulnerability detection |
| US10110622B2 (en) | 2015-02-13 | 2018-10-23 | Microsoft Technology Licensing, Llc | Security scanner |
| US9998482B2 (en) * | 2015-09-18 | 2018-06-12 | International Business Machines Corporation | Automated network interface attack response |
| US9940479B2 (en) * | 2015-10-20 | 2018-04-10 | International Business Machines Corporation | Identifying and tracking sensitive data |
| CN105808981B (zh) * | 2016-03-10 | 2018-06-19 | 西北大学 | 反污点分析软件保护方法 |
| WO2017160309A1 (en) * | 2016-03-18 | 2017-09-21 | Entit Software Llc | Assisting a scanning session |
| US10417441B2 (en) * | 2016-04-29 | 2019-09-17 | International Business Machines Corporation | Effectively validating dynamic database queries through database activity monitoring |
| CN105827644A (zh) * | 2016-05-17 | 2016-08-03 | 努比亚技术有限公司 | 一种实现密码信息处理的方法及终端 |
| US10068095B1 (en) * | 2017-05-15 | 2018-09-04 | XM Cyber Ltd | Systems and methods for selecting a termination rule for a penetration testing campaign |
| US10637882B2 (en) * | 2017-01-30 | 2020-04-28 | Xm Cyber Ltd. | Penetration testing of a networked system |
| US10686822B2 (en) | 2017-01-30 | 2020-06-16 | Xm Cyber Ltd. | Systems and methods for selecting a lateral movement strategy for a penetration testing campaign |
| US10257220B2 (en) | 2017-01-30 | 2019-04-09 | Xm Cyber Ltd. | Verifying success of compromising a network node during penetration testing of a networked system |
| US10122750B2 (en) | 2017-01-30 | 2018-11-06 | XM Cyber Ltd | Setting-up penetration testing campaigns |
| US10581802B2 (en) | 2017-03-16 | 2020-03-03 | Keysight Technologies Singapore (Sales) Pte. Ltd. | Methods, systems, and computer readable media for advertising network security capabilities |
| CN107133180B (zh) * | 2017-06-07 | 2021-03-23 | 腾讯科技(深圳)有限公司 | 动态页面的测试方法、测试装置及存储介质 |
| US10534917B2 (en) | 2017-06-20 | 2020-01-14 | Xm Cyber Ltd. | Testing for risk of macro vulnerability |
| US10574684B2 (en) | 2017-07-09 | 2020-02-25 | Xm Cyber Ltd. | Locally detecting phishing weakness |
| US10783239B2 (en) * | 2017-08-01 | 2020-09-22 | Pc Matic, Inc. | System, method, and apparatus for computer security |
| US10412112B2 (en) | 2017-08-31 | 2019-09-10 | Xm Cyber Ltd. | Time-tagged pre-defined scenarios for penetration testing |
| US10447721B2 (en) | 2017-09-13 | 2019-10-15 | Xm Cyber Ltd. | Systems and methods for using multiple lateral movement strategies in penetration testing |
| EP3711279A1 (en) | 2017-11-15 | 2020-09-23 | XM Cyber Ltd. | Selectively choosing between actual-attack and simulation/evaluation for validating a vulnerability of a network node during execution of a penetration testing campaign |
| US12130878B1 (en) | 2017-11-27 | 2024-10-29 | Fortinet, Inc. | Deduplication of monitored communications data in a cloud environment |
| US12363148B1 (en) | 2017-11-27 | 2025-07-15 | Fortinet, Inc. | Operational adjustment for an agent collecting data from a cloud compute environment monitored by a data platform |
| US12513221B1 (en) | 2017-11-27 | 2025-12-30 | Fortinet, Inc. | Anomaly-based on-demand collection of data by an agent for a data platform |
| US12470578B1 (en) | 2017-11-27 | 2025-11-11 | Fortinet, Inc. | Containerized agent for monitoring container activity in a compute environment |
| US12355787B1 (en) | 2017-11-27 | 2025-07-08 | Fortinet, Inc. | Interdependence of agentless and agent-based operations by way of a data platform |
| US12537837B2 (en) | 2017-11-27 | 2026-01-27 | Fortinet, Inc. | Cloud resource risk scenario assessment and remediation |
| US12500911B1 (en) | 2017-11-27 | 2025-12-16 | Fortinet, Inc. | Expanding data collection from a monitored cloud environment |
| US12470577B1 (en) | 2017-11-27 | 2025-11-11 | Fortinet, Inc. | Kernel-based monitoring of container activity in a compute environment |
| US12375573B1 (en) | 2017-11-27 | 2025-07-29 | Fortinet, Inc. | Container event monitoring using kernel space communication |
| US12489770B1 (en) | 2017-11-27 | 2025-12-02 | Fortinet, Inc. | Agent-based monitoring of a registry space of a compute asset within a compute environment |
| US12464003B1 (en) | 2017-11-27 | 2025-11-04 | Fortinet, Inc. | Capturing and using application-level data to monitor a compute environment |
| US12587553B1 (en) | 2017-11-27 | 2026-03-24 | Fortinet, Inc. | Notification-based file integrity monitoring of a compute environment |
| US12368746B1 (en) | 2017-11-27 | 2025-07-22 | Fortinet, Inc. | Modular agentless scanning of cloud workloads |
| US12537839B1 (en) | 2017-11-27 | 2026-01-27 | Fortinet, Inc. | Identification by a data platform of secrets misuse by cloud workloads |
| US12556548B1 (en) | 2017-11-27 | 2026-02-17 | Fortinet, Inc. | Determining directions of connections in monitoring a cloud environment |
| US12483576B1 (en) | 2017-11-27 | 2025-11-25 | Fortinet, Inc. | Compute resource risk mitigation by a data platform |
| JP6928265B2 (ja) * | 2018-04-04 | 2021-09-01 | 日本電信電話株式会社 | 情報処理装置及び情報処理方法 |
| US10440044B1 (en) | 2018-04-08 | 2019-10-08 | Xm Cyber Ltd. | Identifying communicating network nodes in the same local network |
| US10382473B1 (en) | 2018-09-12 | 2019-08-13 | Xm Cyber Ltd. | Systems and methods for determining optimal remediation recommendations in penetration testing |
| WO2020089698A1 (en) | 2018-11-04 | 2020-05-07 | Xm Cyber Ltd. | Using information about exportable data in penetration testing |
| WO2020121078A1 (en) | 2018-12-13 | 2020-06-18 | Xm Cyber Ltd. | Systems and methods for dynamic removal of agents from nodes of penetration testing systems |
| US10462177B1 (en) | 2019-02-06 | 2019-10-29 | Xm Cyber Ltd. | Taking privilege escalation into account in penetration testing campaigns |
| US11283827B2 (en) | 2019-02-28 | 2022-03-22 | Xm Cyber Ltd. | Lateral movement strategy during penetration testing of a networked system |
| US11206281B2 (en) | 2019-05-08 | 2021-12-21 | Xm Cyber Ltd. | Validating the use of user credentials in a penetration testing campaign |
| JP6847460B2 (ja) * | 2019-05-27 | 2021-03-24 | 可立可資安股▲分▼有限公司 | 情報セキュリティ攻撃および防御計画を管理するシステム |
| US11640469B2 (en) | 2019-06-21 | 2023-05-02 | Ventech Solutions, Inc. | Method and system for cloud-based software security vulnerability diagnostic assessment |
| US10637883B1 (en) | 2019-07-04 | 2020-04-28 | Xm Cyber Ltd. | Systems and methods for determining optimal remediation recommendations in penetration testing |
| US11544385B2 (en) * | 2019-07-29 | 2023-01-03 | Ventech Solutions, Inc. | Method and system for dynamic testing with diagnostic assessment of software security vulnerability |
| US10880326B1 (en) | 2019-08-01 | 2020-12-29 | Xm Cyber Ltd. | Systems and methods for determining an opportunity for node poisoning in a penetration testing campaign, based on actual network traffic |
| US11533329B2 (en) | 2019-09-27 | 2022-12-20 | Keysight Technologies, Inc. | Methods, systems and computer readable media for threat simulation and threat mitigation recommendations |
| US11005878B1 (en) | 2019-11-07 | 2021-05-11 | Xm Cyber Ltd. | Cooperation between reconnaissance agents in penetration testing campaigns |
| US11575700B2 (en) | 2020-01-27 | 2023-02-07 | Xm Cyber Ltd. | Systems and methods for displaying an attack vector available to an attacker of a networked system |
| US11221855B2 (en) * | 2020-03-06 | 2022-01-11 | International Business Machines Corporation | Transformation of an enterprise application into a cloud native application |
| US11582256B2 (en) | 2020-04-06 | 2023-02-14 | Xm Cyber Ltd. | Determining multiple ways for compromising a network node in a penetration testing campaign |
| CN111859375B (zh) * | 2020-07-20 | 2023-08-29 | 百度在线网络技术(北京)有限公司 | 漏洞检测方法、装置、电子设备及存储介质 |
| CN112199274B (zh) * | 2020-09-18 | 2022-05-03 | 北京大学 | 基于V8引擎的JavaScript动态污点跟踪方法及电子装置 |
| CN112256580B (zh) * | 2020-10-23 | 2024-02-13 | 济南浪潮数据技术有限公司 | 一种代码扫描方法、装置、设备及存储介质 |
| CN112580060B (zh) * | 2021-01-21 | 2024-06-21 | 国网新疆电力有限公司信息通信公司 | 应用系统数据接口漏洞隐患排查系统 |
| CN113220525A (zh) * | 2021-04-28 | 2021-08-06 | 杭州孝道科技有限公司 | 一种跨应用的动态污点跟踪方法 |
| US11874932B2 (en) | 2021-06-30 | 2024-01-16 | International Business Machines Corporation | Managing application security vulnerabilities |
| CN113886842B (zh) * | 2021-12-02 | 2022-03-08 | 北京华云安信息技术有限公司 | 基于测试的动态智能调度方法及装置 |
| CN119323028B (zh) * | 2024-08-28 | 2026-04-28 | 清华大学 | 基于策略的漏洞动态屏蔽方法、装置及电子设备 |
Family Cites Families (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7624422B2 (en) * | 2003-02-14 | 2009-11-24 | Preventsys, Inc. | System and method for security information normalization |
| US20040193918A1 (en) | 2003-03-28 | 2004-09-30 | Kenneth Green | Apparatus and method for network vulnerability detection and compliance assessment |
| US20050273859A1 (en) * | 2004-06-04 | 2005-12-08 | Brian Chess | Apparatus and method for testing secure software |
| US20070240225A1 (en) | 2006-04-10 | 2007-10-11 | Shrader Theodore J L | Architecture for automatic HTTPS boundary identification |
| US8656495B2 (en) | 2006-11-17 | 2014-02-18 | Hewlett-Packard Development Company, L.P. | Web application assessment based on intelligent generation of attack strings |
| US20080184208A1 (en) * | 2007-01-30 | 2008-07-31 | Sreedhar Vugranam C | Method and apparatus for detecting vulnerabilities and bugs in software applications |
| US9069967B2 (en) | 2007-02-16 | 2015-06-30 | Veracode, Inc. | Assessment and analysis of software security flaws |
| US8613080B2 (en) | 2007-02-16 | 2013-12-17 | Veracode, Inc. | Assessment and analysis of software security flaws in virtual machines |
| US8321840B2 (en) * | 2007-12-27 | 2012-11-27 | Intel Corporation | Software flow tracking using multiple threads |
| US8650651B2 (en) * | 2008-02-08 | 2014-02-11 | International Business Machines Corporation | Method and apparatus for security assessment of a computing platform |
| US20090282480A1 (en) | 2008-05-08 | 2009-11-12 | Edward Lee | Apparatus and Method for Monitoring Program Invariants to Identify Security Anomalies |
| US8713687B2 (en) | 2008-12-17 | 2014-04-29 | Symantec Corporation | Methods and systems for enabling community-tested security features for legacy applications |
| US8141158B2 (en) * | 2008-12-31 | 2012-03-20 | International Business Machines Corporation | Measuring coverage of application inputs for advanced web application security testing |
| US8365290B2 (en) * | 2009-05-15 | 2013-01-29 | Frederick Young | Web application vulnerability scanner |
| CN101616151B (zh) * | 2009-07-31 | 2012-11-07 | 中国科学院软件研究所 | 一种自动化的网络攻击特征生成方法 |
| US8584246B2 (en) * | 2009-10-13 | 2013-11-12 | International Business Machines Corporation | Eliminating false reports of security vulnerabilities when testing computer software |
| CN102081719B (zh) | 2009-12-01 | 2015-05-20 | 南京翰海源信息技术有限公司 | 基于动态污染传播的软件安全测试系统及方法 |
| US8615804B2 (en) * | 2010-02-18 | 2013-12-24 | Polytechnic Institute Of New York University | Complementary character encoding for preventing input injection in web applications |
| US9747187B2 (en) | 2010-10-27 | 2017-08-29 | International Business Machines Corporation | Simulating black box test results using information from white box testing |
| CN102104601B (zh) * | 2011-01-14 | 2013-06-12 | 无锡市同威科技有限公司 | 一种基于渗透技术的web漏洞扫描方法和漏洞扫描器 |
| CA2777434C (en) * | 2012-05-18 | 2019-09-10 | Ibm Canada Limited - Ibm Canada Limitee | Verifying application security vulnerabilities |
-
2012
- 2012-08-29 EP EP12883502.2A patent/EP2891100B1/en active Active
- 2012-08-29 KR KR1020157006785A patent/KR20150048778A/ko not_active Ceased
- 2012-08-29 BR BR112015004035A patent/BR112015004035A2/pt not_active IP Right Cessation
- 2012-08-29 CN CN201280076097.3A patent/CN104995630B/zh active Active
- 2012-08-29 US US14/424,401 patent/US9558355B2/en active Active
- 2012-08-29 JP JP2015529767A patent/JP5982575B2/ja active Active
- 2012-08-29 WO PCT/US2012/052772 patent/WO2014035386A1/en not_active Ceased
Also Published As
| Publication number | Publication date |
|---|---|
| US9558355B2 (en) | 2017-01-31 |
| BR112015004035A2 (pt) | 2017-07-04 |
| US20150248559A1 (en) | 2015-09-03 |
| CN104995630B (zh) | 2018-10-12 |
| EP2891100A4 (en) | 2016-03-16 |
| CN104995630A (zh) | 2015-10-21 |
| KR20150048778A (ko) | 2015-05-07 |
| EP2891100B1 (en) | 2017-05-24 |
| JP2015534155A (ja) | 2015-11-26 |
| EP2891100A1 (en) | 2015-07-08 |
| WO2014035386A1 (en) | 2014-03-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP5982575B2 (ja) | 動的テイントに基づくセキュリティ・スキャン | |
| KR101745052B1 (ko) | 자동화된 보안 테스팅 | |
| Dahse et al. | Simulation of Built-in PHP Features for Precise Static Code Analysis. | |
| US9152795B2 (en) | Security vulnerability correction | |
| US9268945B2 (en) | Detection of vulnerabilities in computer systems | |
| WO2018006241A1 (en) | Method and apparatus to detect security vulnerabilities in web application | |
| CN104685477A (zh) | 应用程序安全测试 | |
| Li et al. | The application of fuzzing in web software security vulnerabilities test | |
| Wang et al. | A new cross-site scripting detection mechanism integrated with HTML5 and CORS properties by using browser extensions | |
| Kim et al. | {FuzzOrigin}: Detecting {UXSS} vulnerabilities in browsers through origin fuzzing | |
| US20140245460A1 (en) | Modify execution of application under test so user is power user | |
| CN107451470A (zh) | 页面安全检测方法、装置及设备 | |
| CN106250761B (zh) | 一种识别web自动化工具的设备、装置及方法 | |
| US10650148B2 (en) | Determine protective measure for data that meets criteria | |
| US10515219B2 (en) | Determining terms for security test | |
| Goßen et al. | Design and implementation of a stealthy OpenWPM web scraper | |
| CN118551370A (zh) | 具有语法攻击检测模板的注入攻击传感器 | |
| CN112861125A (zh) | 基于开放平台的安全检测方法、装置、设备和存储介质 | |
| CN115567502B (zh) | web安全扫描方法、相关设备及存储介质 | |
| Sulthana | Controlling vulnerabilities in open-source libraries through different tools and techniques | |
| Aulakh | Intrusion detection and prevention system: Cgi attacks | |
| CN118627068A (zh) | 一种windows内存木马的检测方法 | |
| Namratha et al. | Identifying Distributed Dos Attacks in Multitier Web Applications | |
| Goel et al. | THREAT MODELING IN GRAPHQL APIS: A MODERN APPROACH TO MINIMIZING ATTACK SURFACE | |
| Weissbacher | Hardening Web Applications against CSV Attacks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| A621 | Written request for application examination |
Free format text: JAPANESE INTERMEDIATE CODE: A621 Effective date: 20150305 |
|
| A977 | Report on retrieval |
Free format text: JAPANESE INTERMEDIATE CODE: A971007 Effective date: 20160224 |
|
| A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20160329 |
|
| A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20160629 |
|
| TRDD | Decision of grant or rejection written | ||
| A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 Effective date: 20160726 |
|
| A61 | First payment of annual fees (during grant procedure) |
Free format text: JAPANESE INTERMEDIATE CODE: A61 Effective date: 20160801 |
|
| R150 | Certificate of patent or registration of utility model |
Ref document number: 5982575 Country of ref document: JP Free format text: JAPANESE INTERMEDIATE CODE: R150 |
|
| S111 | Request for change of ownership or part of ownership |
Free format text: JAPANESE INTERMEDIATE CODE: R313113 |
|
| R360 | Written notification for declining of transfer of rights |
Free format text: JAPANESE INTERMEDIATE CODE: R360 |
|
| R360 | Written notification for declining of transfer of rights |
Free format text: JAPANESE INTERMEDIATE CODE: R360 |
|
| R371 | Transfer withdrawn |
Free format text: JAPANESE INTERMEDIATE CODE: R371 |
|
| S111 | Request for change of ownership or part of ownership |
Free format text: JAPANESE INTERMEDIATE CODE: R313113 |
|
| R350 | Written notification of registration of transfer |
Free format text: JAPANESE INTERMEDIATE CODE: R350 |
|
| S111 | Request for change of ownership or part of ownership |
Free format text: JAPANESE INTERMEDIATE CODE: R313113 |
|
| R360 | Written notification for declining of transfer of rights |
Free format text: JAPANESE INTERMEDIATE CODE: R360 |
|
| R360 | Written notification for declining of transfer of rights |
Free format text: JAPANESE INTERMEDIATE CODE: R360 |
|
| R371 | Transfer withdrawn |
Free format text: JAPANESE INTERMEDIATE CODE: R371 |
|
| S111 | Request for change of ownership or part of ownership |
Free format text: JAPANESE INTERMEDIATE CODE: R313113 |
|
| R350 | Written notification of registration of transfer |
Free format text: JAPANESE INTERMEDIATE CODE: R350 |
|
| R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
| R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
| S531 | Written request for registration of change of domicile |
Free format text: JAPANESE INTERMEDIATE CODE: R313531 |
|
| S533 | Written request for registration of change of name |
Free format text: JAPANESE INTERMEDIATE CODE: R313533 |
|
| R350 | Written notification of registration of transfer |
Free format text: JAPANESE INTERMEDIATE CODE: R350 |
|
| RD02 | Notification of acceptance of power of attorney |
Free format text: JAPANESE INTERMEDIATE CODE: R3D02 |
|
| R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
| R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
| R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
| R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
| R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |