logo

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 9239745 B1

PDFFull Text
Date of Patent:
Jan. 19, 2016

Filed:

Sep. 28, 2007

Method and apparatus for managing security vulnerability lifecycles

Applicants:

William Pennington, San Jose, CA (US);

Jeremiah Grossman, San Jose, CA (US);

Robert Stone, Mountain View, CA (US);

Siamak Pazirandeh, San Diego, CA (US);

Inventors:

William Pennington, San Jose, CA (US);

Jeremiah Grossman, San Jose, CA (US);

Robert Stone, Mountain View, CA (US);

Siamak Pazirandeh, San Diego, CA (US);

Assignee:

Whitehat Security, Inc., Santa Clara, CA (US);

Attorneys:

Davis Wright Tremaine LLP

Philip H. Albert

Primary Examiner:

Jeffery Williams

Assistant Examiner:

Suman Debnath

Int. Cl.
CPC ...
G06F 11/00 (2006.01);
U.S. Cl.
CPC ...
G06F 11/00 (2013.01);
Abstract

Vulnerability testing of a web application can be done using external testing, wherein an external test system runs with permissions of a user of the web application and interacts with the web application over a network, the external test system might obtain a schedule for a vulnerability test, execute the schedule using the external test system, log at least portions of responses of the web application to interactions of the external test system with the web application, compare portions of the responses to expected possible responses associated with particular possible vulnerabilities of the web application, thereby detecting possible vulnerabilities of the web application and, for at least one detected possible vulnerability, generating a retest script that comprises at least instructions to place the web application in a state at least similar to the state at which the at least one detected possible vulnerability was detected during execution of the schedule and that comprises at least instructions to interact with the web application in an attempt to recreate the detection without requiring reexecution of the schedule.

Find Patent Forward Citations

Loading…