Detection of second order vulnerabilities in web services

Invention Grant

US10579802B2 Detection of second order vulnerabilities in web services 有权

Please log in to see more content

Patent Title: Detection of second order vulnerabilities in web services
Application No.: US13430002

Application Date: 2012-03-26
Publication No.: US10579802B2

Publication Date: 2020-03-03
Inventor: Yair Amit , Evgeny Beskrovny , Omer Tripp
Applicant: Yair Amit , Evgeny Beskrovny , Omer Tripp
Applicant Address: US NY Armonk
Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
Current Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
Current Assignee Address: US NY Armonk
Agency: Cuenot, Forsythe & Kim, LLC
Main IPC: H04L29/06
IPC: H04L29/06 ; G06F21/57 ; H04L29/08 ; G06F9/30 ; G07B17/00 ; H04W12/00

Detection of second order vulnerabilities in web services

Abstract:

A method of detecting a vulnerability in a Web service can include determining, using a processor, whether a Web service uses identity of a requester to select one of a plurality of different paths of a branch in program code of the Web service. The method further can include, responsive to determining that the Web service does select one of a plurality of different paths of a branch according to identity of the requester, indicating that the Web service has a potential vulnerability.

Public/Granted literature

US20130167239A1 DETECTION OF SECOND ORDER VULNERABILITIES IN WEB SERVICES Public/Granted day:2013-06-27

Information query

Espacenet