Show metadata Hide metadata

(19)

(11)

2 543 960

(13)

(51)

IPC

G06F17/27(2006-01-01)

G06F11/00(2006-01-01)

(21) (22)

Application

2013140101/08, 2013-08-29

(24)

Start date

2013-08-29

(22)

Actual filing date

2013-08-29

(45)

Published

2015-03-10

(72)

Inventor

Borodakij Jurij VladimirovichNashchekin Pavel AleksandrovichBukarov Jan Nikolaevich

(73)

Holder

Otkrytoe Aktsionernoe Obshchestvo

METHOD OF DETERMINING VULNERABLE FUNCTIONS IN AUTOMATED WEB APPLICATION VULNERABILITY SCANNING Russian patent published in 2015 - IPC G06F17/27 G06F11/00

Abstract RU 2543960 C1

FIELD: information technology.

SUBSTANCE: method of determining vulnerable functions in automated scanning of web applications for presence of vulnerabilities and non-declared capabilities comprises compiling a list of source texts of web applications intended for generating testing parameters, and setting source text parameters for testing; parsing the source texts using the given parameters and adding distinctive labels to the source text with indication of label-function pairs; performing automatic scanning and search for program errors in web applications and, in case of error, obtaining debugging data in the form of machine code, describing the currently executed module and containing the name of the corresponding label; determining, from said label, the corresponding label-function pair and obtaining the name of the vulnerable function, as well as the full name of the module containing the vulnerable function.

EFFECT: high number of potentially detected vulnerabilities of web applications, shorter time needed for manual analysis of program errors in order to determine criticality thereof.

3 cl

Similar patents RU2543960C1

Title	Year	Author	Number
METHOD AND SYSTEM FOR ELIMINATING VULNERABILITIES IN PROGRAM CODE	2023	Vyshegorodtsev Kirill Evgenevich Kuzmin Aleksandr Mikhajlovich	RU2821220C1
METHOD AND SYSTEM FOR IDENTIFYING EXPLOITED VULNERABILITIES IN THE PROGRAM CODE	2022	Maksimova Anna Andreevna Goncharenko Lejla Khalidovna Bachevskij Artem Evgenevich Gurtova Kristina Sergeevna Umerenko Grigorij Sergeevich Anistratenko Mikhail Arturovich	RU2790005C1
IDENTIFICATION OF SECURITY VULNERABILITIES IN APPLICATION PROGRAM INTERFACES	2017	Uilton, Shejn Sedat, Benzhamin, D. Irizarri, Endzhel Borokhovskij, Majkl Braun, Ejnsli, K.	RU2755675C2
SYSTEM AND METHOD FOR STATIC ANALYSIS OF EXECUTABLE BINARY CODE AND SOURCE CODE USING FUZZY LOGIC	2021	Chernov Daniil Vladimirovich	RU2783152C1
AUTOMATED SAFETY ASSESSMENT OF BUSINESS-CRITICAL COMPUTER SYSTEMS AND RESOURCES	2011	Nunez Di Srose Mariano	RU2657170C2
DEBUGGING NATIVE CODE BY TRANSITIONING FROM EXECUTION IN NATIVE MODE TO EXECUTION IN INTERPRETED MODE	2014	Koltachev, Mikhail Khandelval, Nikkhil Gandi, Akrosh	RU2668973C2
SYSTEM AND METHOD OF DETECTING VULNERABILITIES USING INTERCEPTION OF FUNCTION CALLS	2018	Kalinin Aleksandr Valentinovich Rumyantsev Sergej Aleksandrovich Kumagin Igor Yurevich	RU2697948C1
METHOD AND SYSTEM FOR AUTOMATED DOCUMENTATION OF SECURITY THREATS AND VULNERABILITIES RELATED TO AN INFORMATION RESOURCE	2022	Lebedev Sergej Vyacheslavovich Savin Mikhail Valerevich	RU2789990C1
METHOD OF DETERMINING POTENTIAL THREATS TO INFORMATION SECURITY BASED ON INFORMATION ON VULNERABILITIES OF SOFTWARE	2019	Mamuta Vladimir Vladimirovich Solovev Sergej Veniaminovich	RU2705460C1
AUTOMATIC DETECTION AND RESPONSE TO VULNERABILITIES	2007	Rodzhers Dzhastin Lorens Ehrik M. Bridzh Genri F.	RU2462754C2

RU 2 543 960 C1

Authors

Borodakij Jurij Vladimirovich

Nashchekin Pavel Aleksandrovich

Bukarov Jan Nikolaevich

Dates

2015-03-10—Published

2013-08-29—Filed