News Column

"Application Testing System and Method" in Patent Application Approval Process

June 24, 2014



By a News Reporter-Staff News Editor at Information Technology Newsweekly -- A patent application by the inventors Amit, Yair (Tel-Aviv, IL); Cohen, Adi (Tel-Aviv, IL); Guy, Lotem (Hod Hasharon, IL); Landau, Alexander (Karmiel, IL); Tripp, Omer (Har-Adar, IL); Vana, Avishai (Netanya, IL); Weisman, Omri (Tel-Aviv, IL), filed on October 8, 2013, was made available online on June 12, 2014, according to news reporting originating from Washington, D.C., by VerticalNews correspondents.

This patent application is assigned to International Business Machines Corporation.

The following quote was obtained by the news editors from the background information supplied by the inventors: "Some applications, such as web applications, may be subjected to attacks by, e.g., hackers. For instance, injection attacks may be used to attack web applications. An example of an injection attack may include cross-site scripting (XSS)--a vulnerability that may allow attackers to bypass a client-side security mechanism and gain elevated access-privileges to sensitive information.

"Security scanners, such as a dynamic, automated web application security scanner, may be used to identify XSS vulnerabilities, as well as other injection vulnerabilities (e.g., command injection). However, the scale of some web applications is increasing, both in number of pages and in functionality. For instance, some web applications may consist of numerous pages (e.g., thousands), each defining numerous parameters (e.g., tens or hundreds). Each test payload sent by the security scanner targeting an individual parameter may translate into, e.g., Hypertext Transfer Protocol (HTTP) traffic, which may be expensive compared to other, in-memory computations.

"Moreover, the number of possible ways to exploit XSS alone may be large, and commercial black-box scanners may be equipped with a specification of merely several dozen injection attacks. Thus, the coverage of existing security scanners is typically poor, as only a small, fixed number of tests are generally sent for each parameter to guarantee reasonable overall scanning time. For example, the attempted payloads are typically those that are deemed by a security expert to be the most prevalent attack payloads. As such, some scanners may, e.g., leave open many security holes, provide a false sense of security, and encourage attackers to attempt less obvious payloads than those likely selected by the security expert."

In addition to the background information obtained for this patent application, VerticalNews journalists also obtained the inventors' summary information for this patent application: "In one implementation, a method, performed by one or more computing devices, comprises sending, by a first computing device, a payload from a plurality of payloads to a second computing device. A response from the second computing device responding to the payload is received at the first computing device. The payload is determined to have successfully attacked an application executing at the second computing device based upon, at least in part, the response. At least a portion of the plurality of payloads that shares a structural overlap with the first payload is identified. At least a second payload of the portion is prevented from being sent to the second computing device in response to identifying that the second payload shares the structural overlap with the first payload.

"One or more of the following features may be included. The structural overlap may include a token. Preventing at least the second payload of the portion from being sent to the second computing device may include adjusting a priority of at least the second payload. A grammar for generating the plurality of payloads may be selected. A data structure may be generated to model the structural overlap of at least the second payload with the first payload. The data structure may include a weighted edge label associated with the structural overlap of at least the second payload with the first payload. The successful attack may include a cross-site scripting attack.

"In another implementation, a computing system includes a processor and a memory configured to perform operations comprising sending, by a first computing device, a payload from a plurality of payloads to a second computing device. A response from the second computing device responding to the payload is received at the first computing device. The payload is determined to have successfully attacked an application executing at the second computing device based upon, at least in part, the response. At least a portion of the plurality of payloads that shares a structural overlap with the first payload is identified. At least a second payload of the portion is prevented from being sent to the second computing device in response to identifying that the second payload shares the structural overlap with the first payload.

"One or more of the following features may be included. The structural overlap may include a token. Preventing at least the second payload of the portion from being sent to the second computing device may include adjusting a priority of at least the second payload. A grammar for generating the plurality of payloads may be selected. A data structure may be generated to model the structural overlap of at least the second payload with the first payload. The data structure may include a weighted edge label associated with the structural overlap of at least the second payload with the first payload. The successful attack may include a cross-site scripting attack.

"In another implementation, a computer program product resides on a computer readable storage medium that has a plurality of instructions stored on it. When executed by a processor, the instructions cause the processor to perform operations comprising sending, by a first computing device, a payload from a plurality of payloads to a second computing device. A response from the second computing device responding to the payload is received at the first computing device. The payload is determined to have successfully attacked an application executing at the second computing device based upon, at least in part, the response. At least a portion of the plurality of payloads that shares a structural overlap with the first payload is identified. At least a second payload of the portion is prevented from being sent to the second computing device in response to identifying that the second payload shares the structural overlap with the first payload.

"One or more of the following features may be included. The structural overlap may include a token. Preventing at least the second payload of the portion from being sent to the second computing device may include adjusting a priority of at least the second payload. A grammar for generating the plurality of payloads may be selected. A data structure may be generated to model the structural overlap of at least the second payload with the first payload. The data structure may include a weighted edge label associated with the structural overlap of at least the second payload with the first payload. The successful attack may include a cross-site scripting attack.

"The details of one or more implementations are set forth in the accompanying drawings and the description below. Other features and advantages will become apparent from the description, the drawings, and the claims.

BRIEF DESCRIPTION OF THE DRAWINGS

"FIG. 1 is an illustrative diagrammatic view of a test process coupled to a distributed computing network according to one or more implementations of the present disclosure;

"FIG. 2 is a diagrammatic view of the computer of FIG. 1 according to one or more implementations of the present disclosure;

"FIG. 3 is an illustrative flowchart of the test process of FIG. 1 according to one or more implementations of the present disclosure;

"FIG. 4 is an illustrative diagrammatic view of a screen image displayed by the test process of FIG. 1 according to one or more implementations of the present disclosure; and

"FIG. 5 is an illustrative graph according to one or more implementations of the present disclosure.

"Like reference symbols in the various drawings indicate like elements."

URL and more information on this patent application, see: Amit, Yair; Cohen, Adi; Guy, Lotem; Landau, Alexander; Tripp, Omer; Vana, Avishai; Weisman, Omri. Application Testing System and Method. Filed October 8, 2013 and posted June 12, 2014. Patent URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&u=%2Fnetahtml%2FPTO%2Fsearch-adv.html&r=59&p=2&f=G&l=50&d=PG01&S1=20140605.PD.&OS=PD/20140605&RS=PD/20140605

Keywords for this news article include: Information Technology, Information and Data Architecture, International Business Machines Corporation.

Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC


For more stories covering the world of technology, please see HispanicBusiness' Tech Channel



Source: Information Technology Newsweekly


Story Tools






HispanicBusiness.com Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters