Abstract: Examples disclosed herein relate to detecting object creation when instrumenting an application for security purposes. The examples enable determining, by an instrumenter implemented by a physical processor that implements machine readable instructions, whether to instrument a function; responsive to determining that the function should be instrumented, determining, by the instrumenter, that a base class constructor is to be called by the function; before the base class constructor is called, pushing, by the instrumenter, object related information onto a local storage registry; analyzing, by the instrumenter, the local storage registry to determine whether an object associated with the function was created based on information in the local storage registry; and responsive to determining that the object was created, applying, by the instrumenter, a security rule to the function.

Abstract: A functional fragment of a document object model (DOM) tree is identified based on detecting at least one handler associated with at least one corresponding element of the DOM tree. In response to determining that the identified functional fragment matches a previously processed functional fragment, the identified functional fragment is excluded from further processing.

Abstract: In some examples, a system receives a response from a web server, the response being responsive to a web request sent to the web server. The system executes a script in the response with a web browser, links a document object model (DOM) method to application code executed during the executing of the script, and determines a vulnerability based on the DOM method linked during the executing of the script.

Abstract: Disclosed herein are techniques for determining vulnerabilities in applications under testing. It is determined whether a first database instruction of an application enters information into a database and whether a second database instruction thereof obtains said information from the database. If the first database instruction enters the information in the database and the second database instruction obtains the information therefrom, it is determined whether the application is vulnerable to entry of malicious code via the database.

Abstract: Examples disclosed herein relate to detecting object creation when instrumenting an application for security purposes. The examples enable determining, by an instrumenter implemented by a physical processor that implements machine readable instructions, whether to instrument a function; responsive to determining that the function should be instrumented, determining, by the instrumenter, that a base class constructor is to be called by the function; before the base class constructor is called, pushing, by the instrumenter, object related information onto a local storage registry; analyzing, by the instrumenter, the local storage registry to determine whether an object associated with the function was created based on information in the local storage registry; and responsive to determining that the object was created, applying, by the instrumenter, a security rule to the function.

Abstract: Example embodiments disclosed herein relate to present part of a web application with one or more user interface elements of the part highlighted based on updated rules. A web application is loaded in a browser layout engine. User actions are simulated on user interface elements of the web application to update the rules. The part of the web application is presented with one or more user interface elements highlighted.

Abstract: In some examples, a system receives a response from a web server, the response being responsive to a web request sent to the web server. The system executes a script in the response with a web browser, links a document object model (DOM) method to application code executed during the executing of the script, and determines a vulnerability based on the DOM method linked during the executing of the script.

Abstract: A method of automated security testing includes recording a macro. The recorded macro is played and a web request is intercepted while playing the macro. The web request may be attacked and sent to a web server. A response from the web server based on the web request is received, and the response of the web server is processed to determine any vulnerabilities.

Abstract: A functional fragment of a document object model (DOM) tree is identified based on detecting at least one handler associated with at least one corresponding element of the DOM tree. In response to determining that the identified functional fragment matches a previously processed functional fragment, the identified functional fragment is excluded from further processing.

Abstract: The present disclosure provides a system that includes a server hosting an application under test (AUT), an observer configured to monitor instructions executed by the AUT, and a computing device communicatively coupled to the AUT and the observer through a common communication channel. The computing device may be configured to send an application request to the AUT, wherein the application request is configured to expose a potential vulnerability of the AUT. The computing device may receive an application response from the AUT in accordance with the AUT's programming. The computing device may send a service request to the observer, and receive a service response from the observer that contains information corresponding to the instructions executed by the AUT due to the application request, information about the AUT, or information about a server hosting the AUT.

Abstract: A method of automated security testing includes recording a macro. The recorded macro is played and a web request is intercepted while playing the macro. The web request may be attacked and sent to a web server. A response from the web server based on the web request is received, and the response of the web server is processed to determine any vulnerabilities.

Abstract: A method of automated security testing includes recording a macro. The recorded macro is played and a web request is intercepted while playing the macro. The web request may be attacked and sent to a web server. A response from the web server based on the web request is received, and the response of the web server is processed to determine any vulnerabilities.

Abstract: The present disclosure provides a system that includes a server hosting an application under test (AUT), an observer configured to monitor instructions executed by the AUT, and a computing device communicatively coupled to the AUT and the observer through a common communication channel. The computing device may be configured to send an application request to the AUT, wherein the application request is configured to expose a potential vulnerability of the AUT. The computing device may receive an application response from the AUT in accordance with the AUT's programming. The computing device may send a service request to the observer, and receive a service response from the observer that contains information corresponding to the instructions executed by the AUT due to the application request, information about the AUT, or information about a server hosting the AUT.

Abstract: The present disclosure provides a system that includes a server hosting an application under test (AUT), an observer configured to monitor instructions executed by the AUT, and a computing device communicatively coupled to the AUT and the observer through a common communication channel. The computing device may be configured to send an application request to the AUT, wherein the application request is configured to expose a potential vulnerability of the AUT. The computing device may receive an application response from the AUT in accordance with the AUT's programming. The computing device may send a service request to the observer, and receive a service response from the observer that contains information corresponding to the instructions executed by the AUT due to the application request, information about the AUT, or information about a server hosting the AUT.

Abstract: Example embodiments disclosed herein relate to present part of a web application with one or more user interface elements of the part highlighted based on updated rules. A web application is loaded in a browser layout engine. User actions are simulated on user interface elements of the web application to update the rules. The part of the web application is presented with one or more user interface elements highlighted.

Abstract: Disclosed herein are techniques for determining vulnerabilities in applications under testing. It is determined whether a first database instruction of an application enters information into a database and whether a second database instruction thereof obtains said information from the database. If the first database instruction enters the information in the database and the second database instruction obtains the information therefrom, it is determined whether the application is vulnerable to entry of malicious code via the database.

Abstract: The present disclosure provides a system that includes a server hosting an application under test (AUT), an observer configured to monitor instructions executed by the AUT, and a computing device communicatively coupled to the AUT and the observer through a common communication channel. The computing device may be configured to send an application request to the AUT, wherein the application request is configured to expose a potential vulnerability of the AUT. The computing device may receive an application response from the AUT in accordance with the AUT's programming. The computing device may send a service request to the observer, and receive a service response from the observer that contains information corresponding to the instructions executed by the AUT due to the application request, information about the AUT, or information about a server hosting the AUT.

Abstract: A method of automated security testing includes recording a macro. The recorded macro is played and a web request is intercepted while playing the macro. The web request may be attacked and sent to a web server. A response from the web server based on the web request is received, and the response of the web server is processed to determine any vulnerabilities.