专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08621639B1 Using fuzzy classification models to perform matching operations in a web application security scanner 有权
标题翻译：使用模糊分类模型在Web应用程序安全扫描程序中执行匹配操作
公开(公告)号：US08621639B1
公开(公告)日：2013-12-31
申请号：US13307382
申请日：2011-11-30
申请人： William Pennington , Jeremiah Grossman , Robert Stone , Siamak Pazirandeh
发明人： William Pennington , Jeremiah Grossman , Robert Stone , Siamak Pazirandeh
IPC分类号： G06F21/00
CPC分类号： G06F11/3692
摘要： A system provides for fuzzy classification in comparisons of scanner responses. A web application test suite performs tests against a web application by sending client requests from a testing computer to the server running the web application and checking how the web application responds. A thorough web application security scan might involve thousands of checks and responses. As a result, some sort of programmatic analysis is needed. One such evaluation involves comparing one response against another. Response matching that compares two HTTP responses might use fuzzy classification processes.
摘要翻译：系统提供了扫描器响应比较中的模糊分类。 Web应用程序测试套件通过将测试计算机的客户端请求发送到运行Web应用程序的服务器并检查Web应用程序的响应方式来对Web应用程序执行测试。彻底的Web应用程序安全扫描可能涉及数千个检查和响应。因此，需要进行某种程序化分析。一个这样的评估涉及将一个响应与另一个相比较比较两个HTTP响应的响应匹配可能使用模糊分类过程。

2. 发明授权

US08789187B1 Pattern tracking and capturing human insight in a web application security scanner 有权
标题翻译：模式跟踪并在Web应用程序安全扫描程序中捕获人的洞察力
公开(公告)号：US08789187B1
公开(公告)日：2014-07-22
申请号：US11864787
申请日：2007-09-28
申请人： William Pennington , Jeremiah Grossman , Robert Stone , Siamak Pazirandeh
发明人： William Pennington , Jeremiah Grossman , Robert Stone , Siamak Pazirandeh
IPC分类号： H04L29/06 , G06F11/36 , G06F11/263 , G06F21/57
CPC分类号： G06F11/3672 , G06F11/263 , G06F11/3688 , G06F21/577
摘要： An apparatus and method of managing vulnerability testing of a web application is provided for running a set of one or more scripted tests against a web application, recording results of the one or more scripted tests, providing an interface for a human evaluator to review the recorded results, and accepting from the human evaluator custom test parameters based on observations of the recorded results, wherein custom test parameters include at least one context usable by a future tester in deciding whether to run the custom test, and also includes at least one instruction for automatically running custom test steps of the custom test.
摘要翻译：提供了一种用于管理web应用的漏洞测试的装置和方法，用于针对web应用运行一组一个或多个脚本测试，记录一个或多个脚本测试的结果，为人类评估者提供一个接口，以查看记录的结果，并且基于对记录结果的观察从人类评估者自定义测试参数接受，其中定制测试参数包括由未来测试者在决定是否运行定制测试中可用的至少一个上下文，并且还包括至少一个指令自动运行自定义测试的自定义测试步骤。

3. 发明授权

US08341711B1 Automated login session extender for use in security analysis systems 有权
标题翻译：用于安全分析系统的自动登录会话扩展器
公开(公告)号：US08341711B1
公开(公告)日：2012-12-25
申请号：US12267235
申请日：2008-11-07
申请人： William Pennington , Jeremiah Grossman , Robert Stone , Siamak Pazirandeh
发明人： William Pennington , Jeremiah Grossman , Robert Stone , Siamak Pazirandeh
IPC分类号： H04L29/06
CPC分类号： H04L63/1483 , H04L63/10 , H04L63/1433 , H04L63/168
摘要： A web application security scanner (WASS) includes a login manager configured to perform an automated login to a web site. The automated login may be performed when the login manager detects that a login session has ended. The login manager is configured to determine credentials for the web site to allow the WASS to access the web site. The WASS may then use the credentials to continue scanning the web site. Thus, previously unscannable web pages may be accessed in the web site because of the automated login process.
摘要翻译： Web应用安全扫描器（WASS）包括配置为执行自动登录到网站的登录管理器。当登录管理器检测到登录会话已经结束时，可以执行自动登录。登录管理器配置为确定网站的凭据以允许WASS访问该网站。然后，WASS可以使用凭据继续扫描网站。因此，由于自动登录过程，可能在网站中访问以前不可扫描的网页。

4. 发明授权

US09239745B1 Method and apparatus for managing security vulnerability lifecycles 有权
标题翻译：管理安全漏洞生命周期的方法和设备
公开(公告)号：US09239745B1
公开(公告)日：2016-01-19
申请号：US11864712
申请日：2007-09-28
申请人： William Pennington , Jeremiah Grossman , Robert Stone , Siamak Pazirandeh
发明人： William Pennington , Jeremiah Grossman , Robert Stone , Siamak Pazirandeh
IPC分类号： G06F11/00
CPC分类号： G06F11/00 , G06F11/3672 , G06F21/577 , H04L63/1433
摘要： Vulnerability testing of a web application can be done using external testing, wherein an external test system runs with permissions of a user of the web application and interacts with the web application over a network, the external test system might obtain a schedule for a vulnerability test, execute the schedule using the external test system, log at least portions of responses of the web application to interactions of the external test system with the web application, compare portions of the responses to expected possible responses associated with particular possible vulnerabilities of the web application, thereby detecting possible vulnerabilities of the web application and, for at least one detected possible vulnerability, generating a retest script that comprises at least instructions to place the web application in a state at least similar to the state at which the at least one detected possible vulnerability was detected during execution of the schedule and that comprises at least instructions to interact with the web application in an attempt to recreate the detection without requiring reexecution of the schedule.
摘要翻译： Web应用程序的漏洞测试可以使用外部测试完成，其中外部测试系统以Web应用程序的用户的权限运行，并通过网络与Web应用程序交互，外部测试系统可能会获得漏洞测试的进度，使用外部测试系统执行计划，将至少部分Web应用程序的响应记录到外部测试系统与Web应用程序的交互中，将响应中的部分响应与Web应用程序的特定可能漏洞相关联的预期可能响应进行比较，从而检测网络应用程序的可能的漏洞，并且对于至少一个检测到的可能的脆弱性，生成重新测试脚本，其包括至少指令以将web应用程序置于至少类似于所述至少一个检测到的可能状态的状态执行时间表期间检测到漏洞，并包括在l 与Web应用程序交互的东方指令，以尝试重新创建检测，而不需要重新执行日程安排。

5. 发明授权

US08370929B1 Automatic response culling for web application security scan spidering process 有权
标题翻译：自动响应剔除Web应用程序安全扫描过程
公开(公告)号：US08370929B1
公开(公告)日：2013-02-05
申请号：US11864749
申请日：2007-09-28
申请人： William Pennington , Jeremiah Grossman , Robert Stone , Siamak Pazirandeh
发明人： William Pennington , Jeremiah Grossman , Robert Stone , Siamak Pazirandeh
IPC分类号： G06F11/00
CPC分类号： H04L63/1433 , G06F11/3672 , G06F21/577
摘要： A method of testing a web application, wherein a web application is a program that operates on a server and interacts with clients that access the program over a network, wherein further the web application accepts parameters that define results generated from the web application, the method comprising determining which web application uniform resource identifiers (URIs) are used to access various web applications on a system, determining if more than a threshold of the URIs are for a common web application, selecting a subset of less than all of the URIs for the common web application when the threshold is exceeded for that common web application, wherein the subset is selected at least in part independently of the order generated and performing a security scan on the selected subset.
摘要翻译：一种测试Web应用程序的方法，其中web应用程序是在服务器上操作并且与通过网络访问该程序的客户端进行交互的程序，其中该web应用程序进一步接受定义从web应用程序产生的结果的参数，该方法包括确定哪个web应用程序统一资源标识符（URI）用于访问系统上的各种Web应用程序，确定多于一个URI的阈值是否用于公共Web应用程序，选择少于所有URI的子集当对于该通用Web应用程序超过阈值时，其中该子集至少部分地独立于所生成的顺序并且对所选择的子集执行安全扫描。

6. 发明授权

US08087088B1 Using fuzzy classification models to perform matching operations in a web application security scanner 有权
标题翻译：使用模糊分类模型在Web应用程序安全扫描程序中执行匹配操作
公开(公告)号：US08087088B1
公开(公告)日：2011-12-27
申请号：US11864736
申请日：2007-09-28
申请人： William Pennington , Jeremiah Grossman , Robert Stone , Siamak Pazirandeh
发明人： William Pennington , Jeremiah Grossman , Robert Stone , Siamak Pazirandeh
IPC分类号： G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00
CPC分类号： G06F11/3692
摘要： A system provides for fuzzy classification in comparisons of scanner responses. A web application test suite performs tests against a web application by sending client requests from a testing computer to the server running the web application and checking how the web application responds. A thorough web application security scan might involve thousands of checks and responses. As a result, some sort of programmatic analysis is needed. One such evaluation involves comparing one response against another. Response matching that compares two HTTP responses might use fuzzy classification processes.
摘要翻译：系统提供了扫描器响应比较中的模糊分类。 Web应用程序测试套件通过将测试计算机的客户端请求发送到运行Web应用程序的服务器并检查Web应用程序的响应方式来对Web应用程序执行测试。彻底的Web应用程序安全扫描可能涉及数千个检查和响应。因此，需要进行某种程序化分析。一个这样的评估涉及将一个响应与另一个相比较。比较两个HTTP响应的响应匹配可能使用模糊分类过程。

7. 发明申请

US20060048214A1 Automated login session extender for use in security analysis systems 有权
标题翻译：用于安全分析系统的自动登录会话扩展器
公开(公告)号：US20060048214A1
公开(公告)日：2006-03-02
申请号：US11210351
申请日：2005-08-23
申请人： William Pennington , Jeremiah Grossman , Robert Stone , Siamak Pazirandeh
发明人： William Pennington , Jeremiah Grossman , Robert Stone , Siamak Pazirandeh
IPC分类号： H04L9/32
CPC分类号： H04L63/1483 , H04L63/10 , H04L63/1433 , H04L63/168
摘要： A web application security scanner (WASS) includes a login manager configured to perform an automated login to a web site. The automated login may be performed when the login manager detects that a login session has ended. The login manager is configured to determine credentials for the web site to allow the WASS to access the web site. The WASS may then use the credentials to continue scanning the web site. Thus, previously unscannable web pages may be accessed in the web site because of the automated login process.
摘要翻译： Web应用安全扫描器（WASS）包括配置为执行自动登录到网站的登录管理器。当登录管理器检测到登录会话已经结束时，可以执行自动登录。登录管理器配置为确定网站的凭据以允许WASS访问该网站。然后，WASS可以使用凭据继续扫描网站。因此，由于自动登录过程，可能在网站中访问以前不可扫描的网页。

8. 发明授权

US4240855A Method of welding plastic sheets edge-to-edge 失效
标题翻译：焊接塑料片边缘到边缘的方法
公开(公告)号：US4240855A
公开(公告)日：1980-12-23
申请号：US66843
申请日：1979-08-15
申请人： William Pennington
发明人： William Pennington
IPC分类号： B29C65/00 , B29C65/04 , B29C65/08 , B29C65/14 , B29C65/78 , B29C27/04 , B65H69/08
CPC分类号： B29C65/04 , B29C65/78 , B29C66/02241 , B29C66/032 , B29C66/03241 , B29C66/1142 , B29C66/43 , B29C66/81263 , B29C66/8322 , B29C2793/00 , B29C65/08 , B29C65/14 , B29C66/818 , B29C66/8264 , Y10T156/1066 , Y10T156/108
摘要： An improved weld is formed between plastic sheets, by performing the steps that include:(a) deforming two joint defining work sheets into a volumetric position substantially defined by two undeformed sample sheets positioned in edge-to-edge position, the work sheets and sample sheets having the same thickness, and(b) heating the deformed work sheets under pressurization at said joint to soften them to form an improved weld therebetween characterized in that the sheet thickness remains the same at and proximate the weld.
摘要翻译：通过执行以下步骤，在塑料片之间形成改进的焊接：（a）将两个接合的限定工件片变形成基本上由位于边缘到边缘位置的两个未变形的样品片限定的体积位置，工件片和样品具有相同厚度的片材，和（b）在所述接头处加压变形的加工片材以软化它们以形成改进的焊接，其特征在于，所述板材厚度在焊缝处和焊缝附近保持相同。

9. 发明授权

US4177100A Plastic sheet sealing process and apparatus 失效
标题翻译：塑料片材密封工艺及装置
公开(公告)号：US4177100A
公开(公告)日：1979-12-04
申请号：US900529
申请日：1978-04-27
申请人： William Pennington
发明人： William Pennington
IPC分类号： B29C65/00 , B29C65/04 , B29C65/08 , B29C65/14 , B29C65/78 , B29C27/02 , B65H69/06
CPC分类号： B29C65/04 , B29C65/78 , B29C66/02241 , B29C66/032 , B29C66/03241 , B29C66/1142 , B29C66/43 , B29C66/81263 , B29C66/8322 , B29C2793/00 , B29C65/08 , B29C65/14 , B29C66/818 , B29C66/8264 , Y10T156/1066 , Y10T156/108
摘要： An improved weld is formed between plastic sheets, by performing the steps that include:(a) deforming two joint defining work sheets into a volumetric position substantially defined by two undeformed sample sheets positioned in edge-to-edge position, the work sheets and sample sheets having the same thickness, and(b) heating the deformed work sheets under pressurization at said joint to soften them to form an improved weld therebetween characterized in that the sheet thickness remains the same at and proximate the weld.
摘要翻译：通过执行以下步骤，在塑料片之间形成改进的焊接：（a）将两个接合的限定工件片变形成基本上由位于边缘到边缘位置的两个未变形的样品片限定的体积位置，工件片和样品具有相同厚度的片材，和（b）在所述接头处加压变形的加工片材以软化它们以形成改进的焊接，其特征在于，所述板材厚度在焊缝处和焊缝附近保持相同。

10. 发明授权

US4036676A Heat sealing of plastic sheets 失效
标题翻译：塑料片的热封
公开(公告)号：US4036676A
公开(公告)日：1977-07-19
申请号：US716983
申请日：1976-08-23
申请人： William Pennington
发明人： William Pennington
IPC分类号： B29C65/00 , B29C65/04 , B29C65/74 , B29C27/04 , H05B9/04
CPC分类号： B29C66/1122 , B29C65/04 , B29C65/7441 , B29C66/24244 , B29C66/43 , B29C66/80 , B29C66/81427 , B29C66/82421 , B29C66/8322 , B29L2031/7052
摘要： The heat bonding of plastic sheets includes the steps:A. transmitting high frequency electrical energy in one direction through a firstportion of said sheets of sufficient area as to preclude heat bonding of the sheets at said first portion thereof, andB. transmitting said energy back through a second portion of the sheets and of sufficiently reduced area as to effect heating bonding of the sheets at said second portion.
摘要翻译：塑料片的热粘结包括以下步骤：

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式