The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Apr. 30, 2024
Filed:
Mar. 13, 2019
Sap SE, Walldorf, DE;
Luca Compagna, La Roquette sur Siagne, FR;
Alessandro Pezze, Calliano, IT;
SAP SE, Walldorf, DE;
Abstract
Various examples are directed to systems and methods for detecting vulnerabilities in a web application. A testing utility may direct a plurality of request messages to a web application. The testing utility may be executed at a first computing device and the web application may be executed at a second computing device. The testing utility may determine that a first request message of the plurality of test messages describes a state changing request. The determining may be based at least in part on the first request message and a first response message generated by the web application in response to the first request message. The testing utility may generate a first tampered request message based at least in part on the first request message and direct the first tampered request message to the web application. The testing utility may determine that the first request message indicates a vulnerability of the web application, the determining based at least in part on the first tampered request message and a first traffic-tampered response message generated by the web application in response to the first tampered request message.