BR112013030816A2 - sistema para teste de segurança automatizado, método para teste de segurança automatizado e mídia não transitória lida por computador - Google Patents

sistema para teste de segurança automatizado, método para teste de segurança automatizado e mídia não transitória lida por computador

Info

Publication number
BR112013030816A2
BR112013030816A2 BR112013030816A BR112013030816A BR112013030816A2 BR 112013030816 A2 BR112013030816 A2 BR 112013030816A2 BR 112013030816 A BR112013030816 A BR 112013030816A BR 112013030816 A BR112013030816 A BR 112013030816A BR 112013030816 A2 BR112013030816 A2 BR 112013030816A2
Authority
BR
Brazil
Prior art keywords
security testing
automated security
computer readable
readable non
transient media
Prior art date
Application number
BR112013030816A
Other languages
English (en)
Inventor
Philip Edward Hamer
Shawn Morgan Simpson
Original Assignee
Hewlett Packard Delopment Company L P
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hewlett Packard Delopment Company L P filed Critical Hewlett Packard Delopment Company L P
Publication of BR112013030816A2 publication Critical patent/BR112013030816A2/pt

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B17/00Monitoring; Testing
    • H04B17/10Monitoring; Testing of transmitters
    • H04B17/15Performance testing
    • H04B17/17Detection of non-compliance or faulty performance, e.g. response deviations
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/16Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B17/00Monitoring; Testing
    • H04B17/10Monitoring; Testing of transmitters
    • H04B17/101Monitoring; Testing of transmitters for measurement of specific parameters of the transmitter or components thereof
    • H04B17/102Power radiated at antenna
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B17/00Monitoring; Testing
    • H04B17/30Monitoring; Testing of propagation channels
    • H04B17/309Measuring or estimating channel quality parameters
    • H04B17/318Received signal strength
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • H04W24/04Arrangements for maintaining operational condition
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/08Access point devices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Quality & Reliability (AREA)
  • Computer And Data Communications (AREA)
  • Information Transfer Between Computers (AREA)
  • Debugging And Monitoring (AREA)
BR112013030816A 2011-05-31 2011-05-31 sistema para teste de segurança automatizado, método para teste de segurança automatizado e mídia não transitória lida por computador BR112013030816A2 (pt)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2011/038550 WO2012166113A1 (en) 2011-05-31 2011-05-31 Automated security testing

Publications (1)

Publication Number Publication Date
BR112013030816A2 true BR112013030816A2 (pt) 2016-12-06

Family

ID=47259659

Family Applications (1)

Application Number Title Priority Date Filing Date
BR112013030816A BR112013030816A2 (pt) 2011-05-31 2011-05-31 sistema para teste de segurança automatizado, método para teste de segurança automatizado e mídia não transitória lida por computador

Country Status (7)

Country Link
US (3) US9276952B2 (pt)
EP (1) EP2715600B1 (pt)
JP (1) JP2014519119A (pt)
KR (2) KR101827232B1 (pt)
CN (1) CN103562927B (pt)
BR (1) BR112013030816A2 (pt)
WO (1) WO2012166113A1 (pt)

Families Citing this family (59)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101827232B1 (ko) * 2011-05-31 2018-02-07 휴렛 팩커드 엔터프라이즈 디벨롭먼트 엘피 자동화된 보안 테스팅
US8683596B2 (en) * 2011-10-28 2014-03-25 International Business Machines Corporation Detection of DOM-based cross-site scripting vulnerabilities
GB201205117D0 (en) * 2012-03-23 2012-05-09 Saasid Ltd Dynamic rendering of a document object model
US10152552B2 (en) * 2013-01-29 2018-12-11 Entit Software Llc Analyzing a structure of a web application to produce actionable tokens
CN104956375B (zh) * 2013-02-25 2018-04-03 慧与发展有限责任合伙企业 基于规则呈现用户界面元素
US9979726B2 (en) * 2013-07-04 2018-05-22 Jscrambler S.A. System and method for web application security
GB2516050A (en) * 2013-07-09 2015-01-14 Ibm A Network Security System
JP6167033B2 (ja) * 2013-12-13 2017-07-19 Kddi株式会社 アプリケーション解析装置、アプリケーション解析方法、プログラム
US9699142B1 (en) * 2014-05-07 2017-07-04 Amazon Technologies, Inc. Cross-site scripting defense using document object model template
CN105579976B (zh) * 2014-09-03 2018-07-20 华为技术有限公司 网页自动化测试方法及装置
US9571465B1 (en) 2014-09-18 2017-02-14 Amazon Technologies, Inc. Security verification by message interception and modification
US9407656B1 (en) 2015-01-09 2016-08-02 International Business Machines Corporation Determining a risk level for server health check processing
US9665697B2 (en) 2015-03-17 2017-05-30 International Business Machines Corporation Selectively blocking content on electronic displays
CN106154959A (zh) * 2015-04-02 2016-11-23 工业和信息化部计算机与微电子发展研究中心(中国软件评测中心) 一种用于检测炸药生产系统中plc信息安全性的方法
US10135862B1 (en) * 2015-12-04 2018-11-20 Amazon Technologies, Inc. Testing security incident response through automated injection of known indicators of compromise
US9727738B1 (en) * 2016-06-08 2017-08-08 Synack, Inc. Patch validation via replay and remediation verification
CN106126417A (zh) * 2016-06-17 2016-11-16 深圳开源互联网安全技术有限公司 交互式应用程序安全测试方法及其系统
US10970465B2 (en) 2016-08-24 2021-04-06 Micro Focus Llc Web page manipulation
CN107784229A (zh) * 2016-08-26 2018-03-09 安提特软件有限责任公司 Javascript 安全测试
CN107798051A (zh) 2016-08-31 2018-03-13 安提特软件有限责任公司 文件对象模型事务爬行器
US10614221B2 (en) 2016-11-16 2020-04-07 International Business Machines Corporation Method and apparatus for security testing of application flows that cannot be automated through HTTP replay
CN106789938B (zh) * 2016-11-30 2020-04-21 四川秘无痕科技有限责任公司 一种实时监控手机端浏览器搜索痕迹的方法
US10257220B2 (en) 2017-01-30 2019-04-09 Xm Cyber Ltd. Verifying success of compromising a network node during penetration testing of a networked system
US10637882B2 (en) * 2017-01-30 2020-04-28 Xm Cyber Ltd. Penetration testing of a networked system
US10999308B2 (en) 2017-01-30 2021-05-04 Xm Cyber Ltd. Setting-up penetration testing campaigns
US10367846B2 (en) 2017-11-15 2019-07-30 Xm Cyber Ltd. Selectively choosing between actual-attack and simulation/evaluation for validating a vulnerability of a network node during execution of a penetration testing campaign
US10686822B2 (en) 2017-01-30 2020-06-16 Xm Cyber Ltd. Systems and methods for selecting a lateral movement strategy for a penetration testing campaign
US10068095B1 (en) 2017-05-15 2018-09-04 XM Cyber Ltd Systems and methods for selecting a termination rule for a penetration testing campaign
CN107016282B (zh) * 2017-02-06 2020-01-31 阿里巴巴集团控股有限公司 一种信息处理方法及装置
US10581802B2 (en) 2017-03-16 2020-03-03 Keysight Technologies Singapore (Sales) Pte. Ltd. Methods, systems, and computer readable media for advertising network security capabilities
CN108809890B (zh) * 2017-04-26 2021-05-25 腾讯科技(深圳)有限公司 漏洞检测方法、测试服务器及客户端
US10534917B2 (en) 2017-06-20 2020-01-14 Xm Cyber Ltd. Testing for risk of macro vulnerability
US10574684B2 (en) 2017-07-09 2020-02-25 Xm Cyber Ltd. Locally detecting phishing weakness
US10412112B2 (en) 2017-08-31 2019-09-10 Xm Cyber Ltd. Time-tagged pre-defined scenarios for penetration testing
US10447721B2 (en) 2017-09-13 2019-10-15 Xm Cyber Ltd. Systems and methods for using multiple lateral movement strategies in penetration testing
US10440044B1 (en) 2018-04-08 2019-10-08 Xm Cyber Ltd. Identifying communicating network nodes in the same local network
US10965708B2 (en) * 2018-06-06 2021-03-30 Whitehat Security, Inc. Systems and methods for machine learning based application security testing
US10382473B1 (en) 2018-09-12 2019-08-13 Xm Cyber Ltd. Systems and methods for determining optimal remediation recommendations in penetration testing
WO2020089698A1 (en) 2018-11-04 2020-05-07 Xm Cyber Ltd. Using information about exportable data in penetration testing
WO2020121078A1 (en) 2018-12-13 2020-06-18 Xm Cyber Ltd. Systems and methods for dynamic removal of agents from nodes of penetration testing systems
US10853218B1 (en) * 2018-12-17 2020-12-01 Shutterstock, Inc. Recording and playback of a web browser session
WO2020161532A1 (en) 2019-02-06 2020-08-13 Xm Cyber Ltd. Taking privilege escalation into account in penetration testing campaigns
US11283827B2 (en) 2019-02-28 2022-03-22 Xm Cyber Ltd. Lateral movement strategy during penetration testing of a networked system
US11206281B2 (en) 2019-05-08 2021-12-21 Xm Cyber Ltd. Validating the use of user credentials in a penetration testing campaign
US11568054B2 (en) 2019-06-11 2023-01-31 Micro Focus Llc Web application login macro generation and verification
US10637883B1 (en) 2019-07-04 2020-04-28 Xm Cyber Ltd. Systems and methods for determining optimal remediation recommendations in penetration testing
US11663339B2 (en) * 2019-07-31 2023-05-30 International Business Machines Corporation Security testing based on user request
US10880326B1 (en) 2019-08-01 2020-12-29 Xm Cyber Ltd. Systems and methods for determining an opportunity for node poisoning in a penetration testing campaign, based on actual network traffic
US11533329B2 (en) 2019-09-27 2022-12-20 Keysight Technologies, Inc. Methods, systems and computer readable media for threat simulation and threat mitigation recommendations
CN110928772B (zh) * 2019-11-05 2022-03-08 深圳前海微众银行股份有限公司 一种测试方法及装置
US11005878B1 (en) 2019-11-07 2021-05-11 Xm Cyber Ltd. Cooperation between reconnaissance agents in penetration testing campaigns
CN110881043B (zh) * 2019-11-29 2022-07-01 杭州迪普科技股份有限公司 一种web服务器漏洞的检测方法及装置
US11575700B2 (en) 2020-01-27 2023-02-07 Xm Cyber Ltd. Systems and methods for displaying an attack vector available to an attacker of a networked system
US11582256B2 (en) 2020-04-06 2023-02-14 Xm Cyber Ltd. Determining multiple ways for compromising a network node in a penetration testing campaign
US12074896B2 (en) * 2020-04-17 2024-08-27 Cerner Innovation, Inc. Systems, methods, and storage media for conducting security penetration testing
CN111935149B (zh) * 2020-08-11 2023-04-07 北京天融信网络安全技术有限公司 一种漏洞检测方法及系统
CN113704760B (zh) * 2021-08-31 2024-05-24 深信服科技股份有限公司 一种页面检测方法及相关装置
CN114143047A (zh) * 2021-11-17 2022-03-04 湖北天融信网络安全技术有限公司 漏洞检测方法、装置、终端设备、Web服务器及存储介质
CN114579433A (zh) * 2022-02-15 2022-06-03 北京达佳互联信息技术有限公司 页面参数校验方法、装置、电子设备、介质及程序产品

Family Cites Families (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7073198B1 (en) 1999-08-26 2006-07-04 Ncircle Network Security, Inc. Method and system for detecting a vulnerability in a network
US7181769B1 (en) * 2000-08-25 2007-02-20 Ncircle Network Security, Inc. Network security system having a device profiler communicatively coupled to a traffic monitor
US6996845B1 (en) * 2000-11-28 2006-02-07 S.P.I. Dynamics Incorporated Internet security analysis system and process
US20030120719A1 (en) * 2001-08-28 2003-06-26 Yepishin Dmitriy V. System, method and computer program product for a user agent for pattern replay
US7243148B2 (en) 2002-01-15 2007-07-10 Mcafee, Inc. System and method for network vulnerability detection and reporting
US7152105B2 (en) * 2002-01-15 2006-12-19 Mcafee, Inc. System and method for network vulnerability detection and reporting
JP2005266954A (ja) * 2004-03-16 2005-09-29 Hitachi Software Eng Co Ltd 操作情報記録・再生装置
US20060070075A1 (en) * 2004-09-03 2006-03-30 Sergei Rodionov Server-recorded macros and web application automation
US7831995B2 (en) 2004-10-29 2010-11-09 CORE, SDI, Inc. Establishing and enforcing security and privacy policies in web-based applications
EP1917617A2 (en) * 2005-08-12 2008-05-07 Nxp B.V. Software application security method and system
US7467333B2 (en) 2005-09-01 2008-12-16 Hewlett-Packard Development Company, L.P. System and method for interposition-based selective simulation of faults for access requests to a data storage system
US8499353B2 (en) 2007-02-16 2013-07-30 Veracode, Inc. Assessment and analysis of software security flaws
CA2679967C (en) 2007-03-06 2017-07-25 Core Sdi Incorporated System and method for providing application penetration testing
US8181246B2 (en) 2007-06-20 2012-05-15 Imperva, Inc. System and method for preventing web frauds committed using client-scripting attacks
US8099787B2 (en) * 2007-08-15 2012-01-17 Bank Of America Corporation Knowledge-based and collaborative system for security assessment of web applications
US8601586B1 (en) * 2008-03-24 2013-12-03 Google Inc. Method and system for detecting web application vulnerabilities
JP5463717B2 (ja) * 2009-04-16 2014-04-09 富士通株式会社 アプリケーションテスト生成プログラム、アプリケーションテスト生成方法及びアプリケーションテスト装置
CN101964025B (zh) * 2009-07-23 2016-02-03 北京神州绿盟信息安全科技股份有限公司 Xss检测方法和设备
CA2773461C (en) 2009-09-08 2016-10-04 Core Sdi Incorporated System and method for probabilistic attack planning
KR101827232B1 (ko) * 2011-05-31 2018-02-07 휴렛 팩커드 엔터프라이즈 디벨롭먼트 엘피 자동화된 보안 테스팅
US8683596B2 (en) * 2011-10-28 2014-03-25 International Business Machines Corporation Detection of DOM-based cross-site scripting vulnerabilities
US8752183B1 (en) * 2012-07-10 2014-06-10 Hoyt Technologies, Inc. Systems and methods for client-side vulnerability scanning and detection

Also Published As

Publication number Publication date
JP2014519119A (ja) 2014-08-07
EP2715600A4 (en) 2015-01-14
KR101827232B1 (ko) 2018-02-07
KR20140026544A (ko) 2014-03-05
US9736177B2 (en) 2017-08-15
US9276952B2 (en) 2016-03-01
KR101745052B1 (ko) 2017-06-08
US20160142434A1 (en) 2016-05-19
WO2012166113A1 (en) 2012-12-06
US20170264378A1 (en) 2017-09-14
KR20170060615A (ko) 2017-06-01
EP2715600A1 (en) 2014-04-09
US10243679B2 (en) 2019-03-26
CN103562927A (zh) 2014-02-05
CN103562927B (zh) 2016-06-01
EP2715600B1 (en) 2018-08-29
US20140075563A1 (en) 2014-03-13

Similar Documents

Publication Publication Date Title
BR112013030816A2 (pt) sistema para teste de segurança automatizado, método para teste de segurança automatizado e mídia não transitória lida por computador
BR112013022995A8 (pt) método e sistema para análise e detecção de célula
BR112014030585A2 (pt) sistema de processamento de informação, método executado por um sistema de processamento de informação, e, meio legível por computador não transitório
BR112014007447A2 (pt) sistema e método de processamento de informações, e, mídia legível por computador
BR112015004354A2 (pt) método e sistema para estimativa de qualidade de reagente
BR112015011598A2 (pt) aparelho, método, e um ou mais meios de armazenamento não transitórios, legíveis por computador
BR112015011601A2 (pt) aparelho, método, e um ou mais meios de armazenamento, não transitórios, legíveis por computador
BR112014006757A2 (pt) sistema de processamento de informação, método de processamento de informação, e, mídia
BR112014028616A2 (pt) método para a detecção, dispositivo e sistema de teste
BR112014028165A2 (pt) método para identificar e diferenciar tráfego de background.
BR112013015584A2 (pt) sistema de processamento de informação, sistema de processamento de informação, e, mídia legível por computador
BR112013023678A2 (pt) sistema e método para identificar grupos de estiquetas com rfid
BR112013007530A2 (pt) método, dispositivo e sistema para relatar resultados de medição adicionais
BR112015001228A2 (pt) métodos implementado por computador para processar e para reportar resultados de teste de um dispositivo médico, meio de armazenamento legível por computador, e, sistema para reportar resultados de testes médicos.
BR112013023535A2 (pt) método, aparelho e sistema para detecção de vibrações.
CO6840292A1 (es) Sistema y método para la realización de transacciones financieras
BR112014001992A2 (pt) método, sistema, e um ou mais meios de armazenamento legíveis por computador
BR112014006765A2 (pt) método implementado por computador, aparelho e meio de leitura por computador não transitório
BR112014028856A2 (pt) métodos e sistemas para ensaio de pressão em componentes de sistema de poço de hidrocarbonetos.
BR112014016107A8 (pt) método para detecção de contexto, dispositivo de computação e mídia legível por máquina
BR112014016042A8 (pt) método, um ou mais meios de armazenamento legíveis por computador, e sistema
BR112013015357A2 (pt) método e sistema para fornecer recomendações de mídia
BR112013019097A2 (pt) método,sistema de computador e mídia não transitória lida por computador armazenando um programa
BR112015002983A2 (pt) sistema e método para analisar um processo de separação de óleo/gás.
BR112014029104A2 (pt) sistema de processamento de informação, método executado por sistema de processamento de informação, e, meio legível por computador não transitório.

Legal Events

Date Code Title Description
B25L Entry of change of name and/or headquarter and transfer of application, patent and certificate of addition of invention: publication cancelled

Owner name: HEWLETT PACKARD ENTERPRISE DEVELOPMENT, L.P. (US)

B25A Requested transfer of rights approved

Owner name: HEWLETT PACKARD ENTERPRISE DEVELOPMENT, L.P. (US)

B25D Requested change of name of applicant approved

Owner name: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP (US)

B25L Entry of change of name and/or headquarter and transfer of application, patent and certificate of addition of invention: publication cancelled

Owner name: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP (US)

B06F Objections, documents and/or translations needed after an examination request according [chapter 6.6 patent gazette]
B06U Preliminary requirement: requests with searches performed by other patent offices: procedure suspended [chapter 6.21 patent gazette]
B11B Dismissal acc. art. 36, par 1 of ipl - no reply within 90 days to fullfil the necessary requirements