Abstract: A system and method are presented for authorizing execution of requested actions transmitted between clients and servers of a data processing system. The method includes receiving a message including a set of actions and simulating execution of the set of actions. A list representing allowable actions and user-definable inputs to the simulated actions is defined. The list of allowable actions and user-definable inputs to the allowable action is then compared to user-requested actions and inputs. When elements within the user-requested actions and inputs are included in the allowable actions and input list, the user-requested actions and inputs are authorized for execution.
Type:
Application
Filed:
October 17, 2007
Publication date:
March 13, 2008
Applicant:
WATCHFIRE CORPORATION
Inventors:
Tal MORAN, Yuval EL-HANANI, Gil RAANAN, Eran RESHEF
Abstract: A system and method are presented for authorizing execution of requested actions transmitted between clients and servers of a data processing system. The method includes receiving a message including a set of actions and simulating execution of the set of actions. A list representing allowable actions and user-definable inputs to the simulated actions is defined. The list of allowable actions and user-definable inputs to the allowable action is then compared to user-requested actions and inputs. When elements within the user-requested actions and inputs are included in the allowable actions and input list, the user-requested actions and inputs are authorized for execution.
Type:
Grant
Filed:
October 25, 2000
Date of Patent:
November 6, 2007
Assignee:
Watchfire Corporation
Inventors:
Tal Moran, Yuval El-Hanani, Gil Raanan, Eran Reshef
Abstract: A method for detecting security vulnerabilities in a web application includes analyzing the client requests and server responses resulting therefrom in order to discover pre-defined elements of the application's interface with external clients and the attributes of these elements. The client requests are then mutated based on a pre-defined set of mutation rules to thereby generate exploits unique to the application. The web application is attacked using the exploits and the results of the attack are evaluated for anomalous application activity.
Type:
Grant
Filed:
March 20, 2003
Date of Patent:
June 26, 2007
Assignee:
Watchfire Corporation
Inventors:
Eran Reshef, Yuval El-Hanany, Gil Raanan, Tom Tsarfati
Abstract: A web crawler system has an automatic website crawler and a virtual browser that provides script related information to the website crawler. The virtual browser transforms an HTML document included in a web page of the website into an XML document, and builds a document object model containing document objects in a tree structure based on the XML document. The virtual browser extracts from the DOM scripts that are potentially executable, and executes the extracted scripts using a browser object model provided for the virtual browser containing objects and methods and properties that are used for script execution so as to capture script related information generated by execution of the scripts.
Type:
Application
Filed:
March 3, 2006
Publication date:
August 24, 2006
Applicant:
Watchfire Corporation
Inventors:
Craig Conboy, Darcy Chorneyko, Derek McDougall, Constantine Grancharov, Andrew Rolleston, Duncan Smith
Abstract: The invention relates generally to computers and communications, and more specifically, to a method and system for analyzing Web sites and similar data structures. Tools exist for analyzing Web sites and locating problems, or simply collecting data, but the existing tools are very limited in what they can do, generally restricting the User to a selection of predetermined “tick-box” options. The invention provides an environment in which flexible and sophisticated search parameters may be defined by the User via regular expressions and a standard language specification. This allows the User to tailor his searches to match his specific Web site policy. The “extensible scan rules” of the invention also allow logic tests and analysis to be implemented, so that the search results are far more useful and relevant to the User.
Type:
Application
Filed:
April 26, 2005
Publication date:
November 24, 2005
Applicant:
Watchfire Corporation
Inventors:
Craig Conboy, Andrew Rolleston, Derek McDougall