Patent search ap:("Yair Amit" OR "Alexander Landa" OR "Omer Tripp") AND inv:"Alexander Landa" Page 1

1.

发明授权
Detecting stored cross-site scripting vulnerabilities in web applications 有权
Title translation: 检测Web应用程序中存储的跨站点脚本漏洞

公开(公告)号：US09460291B2

公开(公告)日：2016-10-04

申请号：US13429993

申请日：2012-03-26

Applicant: Yair Amit , Alexander Landa , Omer Tripp

Inventor： Yair Amit , Alexander Landa , Omer Tripp

IPC: G06F21/57 , H04L29/06

CPC classification number: H04L63/1433 , G06F21/577 , G06F2221/033 , H04L63/1441 , H04L63/1483

Abstract: A method for detecting security vulnerabilities in web applications can include providing a payload to a web application during a first interaction with the web application at a computer server, where the payload includes a payload instruction and an identifier, detecting the identifier within the payload received during an interaction with the web application subsequent to the first interaction, and determining, responsive to detecting the identifier within the payload, whether the payload instruction underwent a security check prior to execution of the payload instruction.

Abstract translation: 用于检测web应用程序中的安全漏洞的方法可以包括在计算机服务器与网络应用程序的第一次交互期间向web应用程序提供有效载荷，其中有效载荷包括有效负载指令和标识符，检测在在所述第一交互之后与所述web应用的交互，以及响应于在所述有效载荷内检测到所述标识符，确定所述有效载荷指令是否在执行所述有效载荷指令之前进行了安全检查。

2.

发明授权
Detecting stored cross-site scripting vulnerabilities in web applications 有权
Title translation: 检测Web应用程序中存储的跨站点脚本漏洞

公开(公告)号：US09471787B2

公开(公告)日：2016-10-18

申请号：US13217418

申请日：2011-08-25

Applicant: Yair Amit , Alexander Landa , Omer Tripp

Inventor： Yair Amit , Alexander Landa , Omer Tripp

IPC: G06F21/57 , H04L29/06

CPC classification number: H04L63/1433 , G06F21/577 , G06F2221/033 , H04L63/1441 , H04L63/1483

Abstract: A system for detecting security vulnerabilities in web applications, the system including, a black-box tester configured to provide a payload to a web application during a first interaction with the web application at a computer server, where the payload includes a payload instruction and an identifier, and an execution engine configured to detect the identifier within the payload received during an interaction with the web application subsequent to the first interaction, and determine, responsive to detecting the identifier within the payload, whether the payload instruction underwent a security check prior to execution of the payload instruction.

Abstract translation: 一种用于检测Web应用程序中的安全漏洞的系统，该系统包括：黑盒测试器，被配置为在与计算机服务器处的web应用的第一次交互期间向web应用提供有效载荷，其中所述有效载荷包括有效载荷指令和标识符和执行引擎，被配置为在第一交互之后与网络应用程序交互期间检测在该有效载荷内接收到的有效载荷内的标识符，并且响应于检测到有效载荷内的标识符，确定有效载荷指令是否在执行有效载荷指令。

Search Results

Country/Region

Patent validity

Application date

Publication (announcement) day

applicant

The country/region where the applicant is located

Inventor

IPC

IPC Department

IPC class

IPC subclass

IPC group

IPC team

Appearance classification