专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US09742791B2 Site independent methods for deriving contextually tailored security vulnerability corrections for hardening solution stacks 有权
公开(公告)号：US09742791B2
公开(公告)日：2017-08-22
申请号：US14485645
申请日：2014-09-12
申请人： Tinfoil Security, Inc.
发明人： Michael Borohovski , Ainsley K. Braun , Angel Irizarry , Benjamin D. Sedat
IPC分类号： H04L29/06 , G06F17/22 , G06F21/57
CPC分类号： H04L63/1433 , G06F17/2247 , G06F21/577 , G06F2221/033 , G06F2221/034
摘要： In auditing a target Web site for security exposures, site specific remediation reports are generated to provide instructional data tailored to components of the Web server solution stack as determined by the auditing computer system. Stack and component identification is performed in a site independent manner based on an analysis of Web page data retrieved by the auditing computer system. Informational aspects of the received data are recognized, enabling further identification of component implementation aspects. Based on the informational and implementation aspects, site, solution stack, and component specific security audit tests are executed against the target Web site. Audit identified security exposures are recorded in correspondence with site, solution stack, and component implementation specific remediation instruction data.

2. 发明授权

US10362050B2 System and methods for scalably identifying and characterizing structural differences between document object models 有权
公开(公告)号：US10362050B2
公开(公告)日：2019-07-23
申请号：US15603391
申请日：2017-05-23
申请人： Tinfoil Security, Inc.
发明人： Michael Borohovski , Ainsley K Braun , Benjamin Sedat , Angel Irizarry
IPC分类号： H04L29/06 , G06F21/57 , G06F16/951 , G06F16/22 , H04L29/08
摘要： A security auditing computer system efficiently evaluates and reports security exposures in a target Web site hosted on a remote Web server system. The auditing system includes a crawler subsystem that constructs a first list of Web page identifiers representing the target Web site. An auditing subsystem selectively retrieves and audits Web pages based on a second list, based on the first. Retrieval is sub-selected dependent on a determined uniqueness of Web page identifiers relative to the second list. Auditing is further sub-selected dependent on a determined uniqueness of structural identifiers computed for each retrieved Web page, including structural identifiers of Web page components contained within a Web page. The computed structural identifiers are stored in correspondence with Web page identifiers and Web page component identifiers in the second list. A reporting system produces reports of security exposures identified through the auditing of Web pages and Web page components.

3. 发明授权

US09305169B2 System and methods for scalably identifying and characterizing structural differences between document object models 有权
标题翻译：用于可扩展地识别和表征文档对象模型之间的结构差异的系统和方法
公开(公告)号：US09305169B2
公开(公告)日：2016-04-05
申请号：US14105038
申请日：2013-12-12
申请人： Michael Borohovski , Ainsley K. Braun , Angel Irizarry , Benjamin D. Sedat
发明人： Michael Borohovski , Ainsley K. Braun , Angel Irizarry , Benjamin D. Sedat
IPC分类号： G06F21/57
CPC分类号： H04L63/1433 , G06F17/3033 , G06F17/30864 , G06F21/577 , H04L67/02
摘要： A security auditing computer system efficiently evaluates and reports security exposures in a target Web site hosted on a remote Web server system. The auditing system includes a crawler subsystem that constructs a first list of Web page identifiers representing the target Web site. An auditing subsystem selectively retrieves and audits Web pages based on a second list, based on the first. Retrieval is sub-selected dependent on a determined uniqueness of Web page identifiers relative to the second list. Auditing is further sub-selected dependent on a determined uniqueness of structural identifiers computed for each retrieved Web page, including structural identifiers of Web page components contained within a Web page. The computed structural identifiers are stored in correspondence with Web page identifiers and Web page component identifiers in the second list. A reporting system produces reports of security exposures identified through the auditing of Web pages and Web page components.
摘要翻译：安全审计计算机系统有效地评估并报告驻留在远程Web服务器系统上的目标网站中的安全风险。审计系统包括构建表示目标网站的网页标识符的第一列表的履历系统。审计子系统基于第一列，基于第二列表选择性地检索和审核网页。检索被子选择取决于网页标识符相对于第二列表的确定的唯一性。进一步子选择审核，这取决于为每个检索到的网页计算的结构标识符的确定唯一性，包括网页中包含的网页组件的结构标识符。计算的结构标识符与第二列表中的网页标识符和网页组件标识符相对应地存储。报告系统生成通过审核网页和网页组件确定的安全风险报告。

4. 发明授权

US10362051B2 Site independent methods for deriving contextually tailored security vulnerability corrections for hardening solution stacks 有权
公开(公告)号：US10362051B2
公开(公告)日：2019-07-23
申请号：US15682432
申请日：2017-08-21
申请人： Tinfoil Security, Inc.
发明人： Michael Borohovski , Ainsley K. Braun , Angel Irizarry , Benjamin D. Sedat
IPC分类号： H04L29/06 , G06F17/22 , G06F21/57
摘要： In auditing a target Web site for security exposures, site specific remediation reports are generated to provide instructional data tailored to components of the Web server solution stack as determined by the auditing computer system. Stack and component identification is performed in a site independent manner based on an analysis of Web page data retrieved by the auditing computer system. Informational aspects of the received data are recognized individually and by various patterns evident in the received data, enabling further identification of component implementation aspects, such as revision levels. Based on the informational and implementation aspects, site, solution stack, and component specific security audit tests are executed against the target Web site. Audit identified security exposures are recorded in correspondence with site, solution stack, and component implementation specific remediation instruction data. This audit data is then available for reporting.

5. 发明授权

US09680856B2 System and methods for scalably identifying and characterizing structural differences between document object models 有权
公开(公告)号：US09680856B2
公开(公告)日：2017-06-13
申请号：US14993014
申请日：2016-01-11
申请人： Tinfoil Security, Inc.
发明人： Michael Borohovski , Ainsley K Braun , Benjamin Sedat , Angel Irizarry
IPC分类号： H04L29/06 , G06F21/57 , G06F17/30 , H04L29/08
CPC分类号： H04L63/1433 , G06F17/3033 , G06F17/30864 , G06F21/577 , H04L67/02
摘要： A security auditing computer system efficiently evaluates and reports security exposures in a target Web site hosted on a remote Web server system. The auditing system includes a crawler subsystem that constructs a first list of Web page identifiers representing the target Web site. An auditing subsystem selectively retrieves and audits Web pages based on a second list, based on the first. Retrieval is sub-selected dependent on a determined uniqueness of Web page identifiers relative to the second list. Auditing is further sub-selected dependent on a determined uniqueness of structural identifiers computed for each retrieved Web page, including structural identifiers of Web page components contained within a Web page. The computed structural identifiers are stored in correspondence with Web page identifiers and Web page component identifiers in the second list. A reporting system produces reports of security exposures identified through the auditing of Web pages and Web page components.

6. 发明授权

US09369482B2 Site independent system for deriving contextually tailored security vulnerability corrections for hardening solution stacks 有权
标题翻译：用于导出针对硬化解决方案堆栈的内容定制安全漏洞修正的现场独立系统
公开(公告)号：US09369482B2
公开(公告)日：2016-06-14
申请号：US14485643
申请日：2014-09-12
申请人： Michael Borohovski , Ainsley K. Braun , Angel Irizarry , Benjamin D. Sedat
发明人： Michael Borohovski , Ainsley K. Braun , Angel Irizarry , Benjamin D. Sedat
IPC分类号： H04L29/06 , G06F21/57
CPC分类号： H04L63/1433 , G06F21/577 , H04L63/1408 , H04L63/1416 , H04L63/20
摘要： In auditing a target Web site for security exposures, site specific remediation reports are generated to provide instructional data tailored to components of the Web server solution stack as determined by the auditing computer system. Stack and component identification is performed in a site independent manner based on an analysis of Web page data retrieved by the auditing computer system. Informational aspects of the received data are recognized individually and by various patterns evident in the received data, enabling further identification of component implementation aspects, such as revision levels. Based on the informational and implementation aspects, site, solution stack, and component specific security audit tests are executed against the target Web site. Audit identified security exposures are recorded in correspondence with site, solution stack, and component implementation specific remediation instruction data. This audit data is then available for reporting.
摘要翻译：在审核目标网站以进行安全风险时，会生成针对网站特定的修复报告，以根据审核计算机系统确定的针对Web服务器解决方案堆栈的组件定制的指导性数据。基于对由审计计算机系统检索的网页数据的分析，以站点独立的方式执行堆栈和组件标识。接收到的数据的信息方面被单独地识别并且通过收到的数据中显而易见的各种模式被识别，使得能够进一步识别组件实现方面，例如修订级别。根据信息和实施方面，针对目标网站执行站点，解决方案堆栈和组件特定的安全审核测试。审计确认的安全风险记录与站点，解决方案堆栈和组件实施特定的修复指令数据相对应。此审核数据随后可用于报告。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式