Method of determining vulnerable functions in automated web application vulnerability scanning

FIELD: information technology.

SUBSTANCE: method of determining vulnerable functions in automated scanning of web applications for presence of vulnerabilities and non-declared capabilities comprises compiling a list of source texts of web applications intended for generating testing parameters, and setting source text parameters for testing; parsing the source texts using the given parameters and adding distinctive labels to the source text with indication of label-function pairs; performing automatic scanning and search for program errors in web applications and, in case of error, obtaining debugging data in the form of machine code, describing the currently executed module and containing the name of the corresponding label; determining, from said label, the corresponding label-function pair and obtaining the name of the vulnerable function, as well as the full name of the module containing the vulnerable function.

EFFECT: high number of potentially detected vulnerabilities of web applications, shorter time needed for manual analysis of program errors in order to determine criticality thereof.

3 cl

 

The application field to which the invention relates, is to identify software bugs and not the declared capabilities in web applications in an interpreted language.

At present particularly acute problem is to test applications for vulnerabilities and not declared. Errors in application code can lead to different consequences, from a system failure, in which there is an application to execute malicious code that compromises a target system. The best way to limit the number of such errors is testing at the early stages of the life cycle of the system.

There is a method of definition of vulnerable functions to test executables method fuzzing [1], in which the input of the system is served beforehand incorrect data. If system error occurs, for example, "race conditions" - a programming error in a multitasking system in which the operation of the system depends on the order in which received for processing different processes concurrently running on the system [2], testing is conducted successfully.

There is a method of definition of vulnerable functions allows to detect software errors in executable files with compiled code.

However, the known SPO is about the definition of vulnerable functions does not allow us to identify the name of the affected functions and to define a module, in which it is located. In addition, the known method cannot be used for not compiled and interpreted code, for example, web applications or JAVA applications.

The technical result consists in identifying the affected functions interpreted code (to identify the name of the executable module, which belongs to the vulnerable function and the definition of the function name in the source code of the web application in an interpreted language).

To achieve the technical result in the way of definition of vulnerable functions in automated testing of web applications for vulnerabilities and not the declared capabilities introduced consistently following operations: make a list of the source code of the web application, designed to create test settings, set the parameters of the source web applications for testing, parse source web applications written in interpreted languages, using the specified options, add identification tags in the source code of the web application by specifying pairs of label-function, conduct automated testing and finding bugs in web applications, get with the emergence of software errors debugging information in object code form, describing what Ikusi executable module that contains the name of the corresponding identification tags, determine the name of the corresponding identification tags located in the debug information corresponding to a pair of label-function and get the name of the vulnerable function, as well as the full name of the module that contains the vulnerable function.

In a preferred variant of embodiment of the proposed method of determining the vulnerable functions in automated testing of web applications for vulnerabilities and not the declared capabilities advanced form and issue a warning for the user that contains the name of the vulnerable function and the full name of the module, which is vulnerable function. But such a warning to the user issued through HTTP Protocol. In addition, after receiving the full name of the module that contains the vulnerable function, form validation report that includes, at least, the scan time and the full name of the module that contains the vulnerable function.

The proposed method for the determination of vulnerable functions in automated testing of web applications for vulnerabilities and not the declared capabilities provides reception using the technique of fuzzing information about the vulnerable function, which failed the test web application, and the module in which it is located, due to the insertion of the control tags in the source code of the application under test with subsequent automatic the political analysis of the location of the failure. This provides a positive technical result - the exact definition of affected functions interpreted code. The result prevented the possibility of obtaining unauthorized access to the resources of the information system by exploiting vulnerabilities in web applications. While the test object can be a local server, a remote server or a Java applet.

The process of automated vulnerability scanning is complicated, however, in General it can be divided into the following phases: preparation of the source code of web applications, testing executables method of fuzzing, the analysis of the results.

The proposed method for the determination of vulnerable functions in automated testing of web applications for vulnerabilities and not the declared capabilities includes the following sequentially performed operations:

make a list of the source code of the web application, designed to create test settings (for example, different blocks of network protocols that allow connection and communication between two or more included in the network devices [3] obviously incorrect data);

set source web applications for testing (for example, the depth h is create exceptions when selecting functions, extended fields of file formats, and so on);

parse - process mapping of the linear sequence of tokens natural or formal language with its grammar - source web applications written in interpreted languages, using the specified parameters.

add identification tags in the source code of the web application by specifying pairs of label-function (by mapping the functions of the source code with identification labels to help identify the location of the error stating the name of the vulnerable function, for example, if a web application written in the JAVA language, to understand the JAVA interpreter, you must compile the source code in a specially generated bytecode using a JAVA compiler, 4);

conduct automated testing and finding bugs in web applications (testing carried out on a local web server and/or on a remote web server, which executes the program in accordance with specified parameters);

get with the emergence of software errors debugging information in object code form, describing the current executable module that contains the name of the corresponding identification tags;

determine the name of the corresponding identification tags located in the debug information that is relevant to the respective pair of label-function

and get the name of the vulnerable function, as well as the full name of the module that contains the vulnerable function.

Using the proposed method for determining the vulnerable functions in automated testing of web applications for vulnerabilities and not the declared capabilities with the emergence of software errors may decide to conduct further testing and/or alert the user.

In the latter case, the form and issue a warning for the user that contains the name of the vulnerable function and the full name of the module, which is vulnerable function.

In one embodiment, implementation of the proposed method of determining the vulnerable functions in automated testing of web applications for vulnerabilities and not the declared capabilities to alert the user issued through HTTP Protocol.

In addition, in a preferred variant of embodiment of the proposed method of determining the vulnerable functions in automated testing of web applications for vulnerabilities and not the declared capabilities after receiving the full name of the module that contains the vulnerable function, form validation report that includes, at least, the scan time and the full name of the module that contains the vulnerable function.

Using the proposed detection method uasv the number of functions in automated testing of web applications for vulnerabilities and not the declared capabilities is automatic, precise determination of the affected functions interpreted code the moment of committing software errors during testing web application that allows you to increase the number of potentially detectable vulnerabilities of web applications and reduce the time required for manual analysis software errors, to determine their criticality by reducing the time spent on learning all the source code in order to identify the vulnerable function.

Literature

1. Sutton, M., green, A., Amini, P. Attack: a study of vulnerabilities by brute force. - Lane. from English. - SPb.: Symbol-Plus, 2009.

2. The Internet University of Information Technology [Electronic resource] Lecture: Algorithms synchronization: Mode of access: http://www.intuit.ru/department/os/osintro/5/osintro_5.html free. - (date of access: 11.03.2013).

3. Alfred C. Aho, Monica S. Lam, Ravi Network, Jeffrey D. Ullman. Compilers: principles, techniques, and tools = Compilers: Principles, Techniques, and Tools. - 2nd ed. - M.: Williams, 2008.

1. The method of definition of vulnerable functions in automated testing of web applications for vulnerabilities and not the declared capabilities, namely, that make a list of the source code of the web application, designed to create test settings, set the parameters of the source web applications for testing, parse the source code of web applications, on sannich interpreted languages using set parameters, add identification tags in the source code of the web application by specifying pairs of label-function, conduct automated testing and finding bugs in web applications, get with the emergence of software errors debugging information in object code form, describing the current executable module that contains the name of the corresponding identification tags, to determine the name of the corresponding identification tags located in the debug information corresponding to a pair of label-function and get the name of the vulnerable function, as well as the full name of the module that contains the vulnerable function.

2. The method of definition of vulnerable functions in automated testing of web applications for vulnerabilities and undeclared capabilities under item 1, characterized in that the warning to the user issued through HTTP Protocol.

3. The method of definition of vulnerable functions in automated testing of web applications for vulnerabilities and undeclared capabilities under item 1, characterized in that after receiving the full name of the module that contains the vulnerable function, form validation report that includes, at least, during the test, the full name of the module that contains the vulnerable function.



 

Same patents:

FIELD: information technology.

SUBSTANCE: method for automatic semantic classification of natural language texts comprises presenting each text to be classified in digital form for subsequent processing; indexing the text to obtain elementary units of the first through fifth levels; detecting the frequency of occurrence of units of the fourth level, each being a semantically significant object or attribute, and the frequency of occurrence of semantically significant relationships linking semantically significant objects, as well as objects and attributes; forming a semantic network from a triad which is units of the fifth level; renormalising the frequencies of occurrence into the semantic weight of the units of the fourth level; ranking the units of the fourth level according to the semantic weight by comparison thereof with a threshold value and those having a weight below the threshold value; detecting the degree of crossing semantic networks of the text and text samples; selecting as a class for text object regions, the degree of crossing the semantic network with the semantic network of text is greater than the threshold.

EFFECT: faster process of comparing texts.

6 cl, 2 dwg, 24 tbl

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to information technology. The disclosed method includes presenting two texts to be compared in digital form for subsequent processing; indexing the texts to obtain elementary units of first to fifth levels; detecting the frequency of occurrence of elementary units of the fourth level, each being a semantically significant object or attribute, and the frequency of occurrence of semantically significant relationships linking semantically significant objects, as well as the semantically significant objects and attributes; storing the formed elementary units of the second to fifth levels, and the obtained indices together with links to specific sentences of said text; forming from a triad, which are elementary units of the fifth level, a semantic network; ranking the elementary units of the fourth level according to semantic weight by comparing the semantic weight of each of them with a predetermined threshold and removing elementary units of the fourth level having a semantic weight below the threshold; detecting for two compared texts the degree of crossing of their semantic networks.

EFFECT: faster process of comparing texts.

4 cl, 2 dwg, 26 tbl

FIELD: information technology.

SUBSTANCE: method of generating syntactically and semantically correct commands includes converting a text Backus-Naur form (BNF), containing a command meta-description, into a relational BNF containing recognisable SUBD command meta-description. A text semantic rule containing a command usage restriction is converted to a relational semantic rule containing a recognisable SUBD command usage restriction. A command is identified and a basic rule is assigned for the identified command, wherein the basic semantic rule consists of a plurality of relational semantic rules. A resultant dynamic structure is formed for the identified command. Elements of the basic semantic rule are identified for the identified command and all elements of all relational semantic rules are applied to the identified command. A syntactically and semantically correct command is then generated.

EFFECT: automation and high accuracy of generating SUBD commands and less amount of computations required to generate SUBD commands.

38 cl, 18 dwg

FIELD: information technology.

SUBSTANCE: method for automatic semantic indexing of natural language text comprises segmenting the text into elementary first level units (words) and sentences; forming second level units (standardised word forms); calculating the frequency of occurrence of each first level unit for adjacent first level units and merging the sequence of words into third level units (stable word combinations); identifying in each sentence a semantically significant entity and an attribute thereof (fourth level units); identifying in each sentence semantically significant relationships between semantically significant entities and between semantically significant entities and attributes; determining the frequency of occurrence of second level and third level units; forming, for each semantically significant relationship, a plurality of triads (fifth level units); on the plurality of the formed triads, separately indexing all semantically significant entities linked by semantically significant relationships with their frequency of occurrence, all attributes with their frequency of occurrence and all formed triads.

EFFECT: high accuracy of indexing natural language texts.

6 cl, 2 dwg, 23 tbl

FIELD: information technology.

SUBSTANCE: programming language parsing method is based on table LR parsing. Canonical LR tables of a parser are dynamically rearranged during compilation using grammar extension directives given separately for each hierarchy level of nesting grammatical rules of the programming language, said directives being intended for inputting new grammatical structures. The compiler continues parsing of the program using the rearranged LR tables.

EFFECT: enabling dynamic modification of compilation tables which form the basis for a parser by extending the grammar of the programming language.

5 cl

FIELD: information technology.

SUBSTANCE: method includes a step for syntax analysis of text. A step for extracting text components and relationships thereof in the text is then executed. A graph or graphic representation of the text is generated or used as representation of the meaning of the text independent of the language. That graph or graphic representation is used to perform modelling, knowledge presentation and processing in a language processing system. A judgment of the representation in the model of the semantic realm is made during the processing step, thereby checking consistency of the extracted text semantics.

EFFECT: improvement and further advancement of the method of processing natural language which enables to properly process text semantics or other data.

29 cl, 15 dwg

FIELD: information technology.

SUBSTANCE: method of classifying documents by categories includes constructing ontology in form of a set of categories. For each category, terms, i.e. sequences of words typical for texts in said category, are identified and the weight of each of the identified terms is determined when reading electronic versions of the documents from a training collection of documents. A profile is formed for each of the categories in form of a list of all terms in all ontology categories with indication of the weight of each term in said category. A list of possible combinations word forms of said term is compiled for each term. Identified terms are selected in each document to be classified when reading an electronic version thereof, considering only word forms from the compiled list. For each document to be classified, a profile is formed for each category based on the selected terms. Relevance of said document to each category is determined by comparing profiles of said document with profiles of categories in the ontology. A classification spectrum of the document is constructed in form of a set of categories with relevance found for each of them.

EFFECT: high rate of classification and reduced size of consumed memory.

7 cl

FIELD: information technologies.

SUBSTANCE: method is realised for building of semantic relations between elements extracted from document content, in order to generate semantic representation of content. Semantic representations may contain elements identified or analysed in the text part of the content, elements of which may be associated with other elements, which jointly use semantic relations, such as relations of an agent, a location or a topic. Relations may also be built by means of association of one element, which is connected to another element or is near, thus allowing for quick and efficient comparison of associations found in the semantic representation, with associations received from requests. Semantic relations may be defined on the basis of semantic information, such as potential values and grammatical functions of each element within the text part of the content.

EFFECT: provision of quick detection of most relevant results.

21 cl, 11 dwg

FIELD: information technology.

SUBSTANCE: method of constructing a semantic model of a document consists of two basic steps. At the first step, ontology is extracted from external information resources that contain descriptions of separate objects of the object region. At the second step, text information of the document is tied to ontology concepts and a semantic model of the document is constructed. The information sources used are electronic resources, both tied and untied to the structure of hypertext links. First, all terms of the document are separated and tied to ontology concepts such that each term corresponds to a single concept which is its value, and values of terms are then ranked according to significance for the document.

EFFECT: enabling enrichment of document with metadata, which enable to improve and increase the rate of comprehension of basic information, and which enable to determine and highlight key terms in the text, which speeds up reading and improves understanding.

15 cl, 6 dwg

FIELD: information technology.

SUBSTANCE: mechanism converts messages in different formats to a common format, and the common format message is processed by a business logic application. The syntax analyser analyses the message and determines the suitable scheme for the specific format of the received message. The scheme is a data structure in a scheme register which includes a grammatical structure for the received format, as well as handler pointers for converting different message fields to an internal message format using a grammatical structure ("grammar" may include a field priority, field type, length, symbol coding, optional and mandatory fields etc). The handlers are compiled separately. As far as formats change, new formats or changes in old formats may be dynamically added to the syntax analysis/assembly mechanism by loading a new scheme and handlers.

EFFECT: broader functional capabilities, particularly the possibility of receiving and handling electronic messages in different formats, received using an application which is isolated from all external factors which are used through other external formats.

11 cl, 21 dwg

FIELD: radio engineering, communication.

SUBSTANCE: method comprises first performing parallel processing of signals of a code sequence with N PCRU (phase correction and registration unit) devices; transmitting signals from each PCRU to inputs of corresponding N FS (frame synchroniser), which analyse the input sequence; in each FS, decoding PM (phase marker), based on which, in error-free words and words containing errors, the number of BCH code words is decoded and said numbers are recorded in corresponding counters; with each clock signal, increasing by one the numbers recorded in counters, the status of which is analysed at time instances corresponding to boundaries of codewords, determining the number of counters which, at the end of receiving the last message bit, are overfilled, and generating a FSS (frame synchronisation signal) for information units. The output of each PCRU is connected to the corresponding Data input of RAM. The FSS signal, generated in the FS, in which the frequency of clock signals matches the transmission speed of signals in the link, switches the corresponding RAM from Write mode to Read mode, wherein the data output of the RAM and the Information Attribute signal output is switched by a switch to the inputs of the decoder of a telecode communication receiver.

EFFECT: higher reliability of received information in high-noise level links.

3 cl

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to processing errors arising during software operation. The technical result is achieved via automation of software analysis in an emulated runtime environment and generating an expert system of scenarios of processing errors determined during analysis. Use of the invention in practice enables to test software for compatibility with a computer system configuration; determine the full list of errors which may occur during operation of the software in different conditions; determine the cause of system errors and perform modification of the computer system to prevent a particular error.

EFFECT: high efficiency of processing errors occurring when executing a program code in a computer system.

14 cl, 7 dwg

FIELD: information technology.

SUBSTANCE: in the encoding device of the transmitting side of a communication channel, information coming from a source in a binary code is converted to a "1 from 4" code with an active zero; the converted information is generated in form of an array of words which can be presented in the form of a table comprising P1 rows (words), each comprising P2 quaternary bits in a "1 from 4" code, wherein like quaternary bits in rows form P2 vertical columns of the array; a check code, Kr and Kv, is formed for each word and vertical column, respectively, via successive summation of bits of the word and the vertical column without carry over; in the control device, the received information is checked for conformity with the "1 from 4" code and check codes Kr and Kv; upon detecting a fault, the information is corrected and transmitted to the end device.

EFFECT: high reliability of transmitted information and low power consumption.

3 dwg

FIELD: radio engineering, communication.

SUBSTANCE: invention relates to error correction at the receiving side in communication systems. The method of providing integrity of transmitted information involves receiving information over n parallel channels at the receiving side; calculating a value , where P(S1) and P(S2) are a priori probabilities of transmitted symbols (S1=1; S2=-1) of information from a source; x1, …, xi, …, xn are values received symbols over each of the n channels; PM(i) is the probability of unauthorised third party action over the transmitted symbols from the source in each of the i-th of the n channels; comparing the calculated value with zero; if the calculated value is greater than zero, the symbol S1 was transmitted, otherwise the symbol S2 was transmitted.

EFFECT: high efficiency of receiving transmitted information while taking into account the probability of modification of the transmitted information.

9 dwg, 1 tbl

FIELD: information technology.

SUBSTANCE: method is realised on a computer with an operating system (OS) installed thereon, and involves establishing a point of interrupt when a system call is made by a user application requesting the transfer of control via an address in the kernel of the loaded OS, checking the data structure of the loaded OS by performing the following: determining the address of the instruction in the computer memory, which will be handed over control during a system call; checking affiliation addresses of commands executed during the system call to the normal range addresses the kernel and modules of operating system kernel in memory; detecting the presence of malicious software in the absence of affiliation of the instruction address to the normal range of addresses.

EFFECT: high efficiency of detecting malware by enabling detection of illegal interception and alteration of the code in the kernel and in the OS kernel modules that are to be loaded.

FIELD: measurement equipment.

SUBSTANCE: system comprises a unit being controlled which consists of a controlled unit identifier, a set of software-controlled sources of input test signals, a set of response signal parameters' meters, a computer, a replaceable adapter including an adapter identifier; the identifier inputs are connected to the outputs of supplementary test channels at software-controlled sources of input test signals, and the identifier outputs are connected to the inputs of the supplementary channels of the response signal parameters' meters.

EFFECT: improving reliability and efficiency of controlling the electronics operability and fault diagnostics, prevention of using an incorrect adapter type.

2 cl, 1 dwg

FIELD: information technology.

SUBSTANCE: apparatus has an operational device, four memory registers, three combinational circuits, an OR circuit unit, a decision unit, a synchronisation unit, first, second and third flip-flops, a parallel paraphrase result transmission circuit unit, first and second counters, an encoding unit, an AND element, second, third and fourth units of AND circuits, a comparator unit, wherein the synchronisation unit has synchronisation microcommand outputs B1B2…Bp connected to all control inputs of the self-controlled automatic machine, wherein unit outputs of the first (α) and second (β) flip-flops are connected to control inputs of the third combinational circuit.

EFFECT: high accuracy of self-control.

15 dwg

FIELD: information technology.

SUBSTANCE: method involves initially obtaining a primary mathematical description of the working law of n-input logic converters in Zhegalkin basis testability logic, designing and realising the schematic diagram of the logic converter from an element - logic 1 generator, r series circuits of (k-1) two-input logic elements with an electronically adjusted logic function, which execute k-argument AND functions, and a series circuit of (r-1) two-input inequivalence elements which execute the working function Fp, wherein the step of designing and realising the schematic diagram of the logic converter further includes (s+1) series circuits of (k-1) two-input logic elements with an electronically adjusted logic function and a series circuit of (s+1) two-input inequivalence elements, which forms an error attribute at the output by performing modulo two convolution of the value of the function Fp, all s additional k-argument conjunctions and an additional n-argument conjunction of inversions of input arguments.

EFFECT: high reliability of testability of logic converters.

2 dwg

FIELD: information technology.

SUBSTANCE: method includes steps of: emulating object execution; recording performed operations in a journal with memory during emulation of object execution; merging said operations with memory into at least one serial set; determining high-level operations that were performed during emulation of object execution on the operations with memory merged into at least one serial set; creating software detection records based on high-level operation information.

EFFECT: improved detection of unknown packers by using detection records created based on information on high-level operations, execution of which said unknown packer is responsible.

12 cl, 4 dwg

FIELD: information technologies.

SUBSTANCE: device comprises an n-digit data input X1-Xn, an n-digit data output Y1-Yn, an n-digit masking bit input F1-Fn, an m-digit input of a device control code C1,1-Cn/2,k, where m=n/2k, k=log2(n), a k-digit input of a value of a data shift number A0-Ak-1 binary inputs of device functioning mode control codes: AOR, RL, AMUX, AIOR, AOUT, AC. The device comprises a multi-level switching network baseline or ibaseline 1, a unit for formation of masking and control bits, an n-digit multiplexor of input data, an n-digit multiplexor of output data, an n-digit unit of data masking at the input, an n-digit unit of data masking at the output, an m-digit multiplexor of control bits, an n-digit input connector and an n-digit output connector.

EFFECT: increased speed of operations performance.

8 cl, 9 dwg

FIELD: computers.

SUBSTANCE: method includes, on basis of contents of central processor registers, received after processor performs some sort of command, by means of mathematical logical operation, forming certain finite control sum and storing it in memory, and on basis of contents of registers, received before start of execution by said processor of directly next command, certain starting checksum is formed, while if starting checksum mismatches finite checksum, error message is generated, which can be followed by halting of processor operation or blocking of chip board with its removal from circulation.

EFFECT: higher reliability.

2 cl, 2 dwg

Up!