DETECTING WEB APPLICATION VULNERABILITIES

Organization Name

SAP SE

Inventor(s)

Lucas Compagna of La Roquette Sur Siagne (FR)

Alessandro Pezze of Calliano (IT)

DETECTING WEB APPLICATION VULNERABILITIES - A simplified explanation of the abstract

This abstract first appeared for US patent application 18609977 titled 'DETECTING WEB APPLICATION VULNERABILITIES

The abstract describes systems and methods for detecting vulnerabilities in a web application by sending test messages and analyzing responses.

• Simplified Explanation: The patent application discusses a method for identifying weaknesses in a web application by sending test messages and analyzing the responses.

• Key Features and Innovation:

- Testing utility sends multiple request messages to a web application. - Identifies state-changing requests and generates tampered requests. - Detects vulnerabilities based on responses to tampered requests.

• Potential Applications:

- Cybersecurity companies can use this technology to assess the security of web applications. - Web developers can utilize this method to identify and fix vulnerabilities in their applications.

• Problems Solved:

- Helps in proactively identifying and addressing security vulnerabilities in web applications. - Enhances the overall security posture of web-based systems.

• Benefits:

- Improves the resilience of web applications against potential cyber threats. - Enables developers to create more secure and robust web applications.

• Commercial Applications:

- Title: "Web Application Security Assessment Tool" - This technology can be marketed to cybersecurity firms, web development companies, and organizations looking to enhance their online security.

• Prior Art:

- Researchers in the field of cybersecurity and web application testing may have explored similar methods for vulnerability detection.

• Frequently Updated Research:

- Stay updated on the latest advancements in web application security testing and vulnerability detection techniques to ensure the effectiveness of this technology.

Questions about Web Application Vulnerability Detection: 1. How does this method compare to traditional vulnerability scanning tools? - This method goes beyond scanning for known vulnerabilities by actively testing for potential weaknesses through tampered requests. 2. What are the key considerations for implementing this technology in a production environment? - Factors such as scalability, performance impact, and integration with existing security measures need to be carefully evaluated before deploying this technology.

Original Abstract Submitted

Various examples are directed to systems and methods for detecting vulnerabilities in a web application. A testing utility may direct a plurality of request messages to a web application. The testing utility may be executed at a first computing device and the web application may be executed at a second computing device. The testing utility may determine that a first request message of the plurality of test messages describes a state changing request. The determining may be based at least in part on the first request message and a first response message generated by the web application in response to the first request message. The testing utility may generate a first tampered request message based at least in part on the first request message and direct the first tampered request message to the web application. The testing utility may determine that the first request message indicates a vulnerability of the web application, the determining based at least in part on the first tampered request message and a first traffic-tampered response message generated by the web application in response to the first tampered request message.