Improving security scanning with GlassBox via code parts bypass
Publication Date: 2010-Jul-19
The IP.com Prior Art Database
Many web-applications use various techniques, such as CAPTACH, in order to cripple malicious automated clients that aim to degrade the application's quality of service. However, as a by-product, these countermeasures also cripple automated vulnerability scanners, rendering their coverage capabilities ineffective. Our solution identifies crippling code parts and then dynamically bypasses them in way which does not affect the application's logic. This ultimately allows black-box scanners to scan web-applications that contain anti-automation measures fluently.