公开(公告)号：US09923916B1

公开(公告)日：2018-03-20

申请号：US14741536

申请日：2015-06-17

Applicant: Amazon Technologies, Inc.

Inventor： Jon McClintock ,  Alun Jones

IPC: G06F11/00 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L63/1433 ,  G06F21/00 ,  H04L67/02

Abstract: Adaptive methods and systems are provided to scan websites/Web applications for vulnerabilities. The methods and systems identify a reference string in a first response web page and an authorized context in which the reference string appears. The first response web page is generated at least in part based on the reference string. An escape attempt input is determined based on the reference string and authorized context, and the escape attempt input is present to the website. The methods and systems identify an escape attempt input in a second response web page and a candidate context in which the escape attempt input appears, wherein the second response web page is generated at least in part based on the escape attempt input. The methods and systems determine when the escape attempt input appears in an un-authorized context in the second response web page. The adaptive methods and systems herein, efficiently identify website vulnerabilities, and thus may be run frequently, thereby resulting in improved security without excessively drawing upon website resources.