Prajakta Subbash Jagdale - Alpharetta GA, US Gerald Eugene Sullivan - Roswell GA, US Leonid Promyshlyansky Bensman - Alpharetta GA, US
Assignee:
Hewlett-Packard Development Company, L.P. - Houston TX
International Classification:
G06F 12/14 H04L 9/32
US Classification:
726 25, 713180
Abstract:
A method and system for generating a signature for determining whether a web page is in a first state or a second state, comprising the steps of selecting a plurality of web pages for processing, requesting the web pages in the first state, dividing the first state pages into a first set of text blocks, requesting the web pages in the second state, dividing the second state pages into a second set of text blocks, eliminating from the first and second sets the text blocks that are common between the first and second set, generating a signature comprising the text blocks of the first set as a component indicative of the first state and the text blocks of the second set as a component indicative of the second state.
Method And System For Characterising A Web Site By Sampling
Prajakta Jagdale - Alpharetta GA, US Billy Hoffman - Atlanta GA, US
International Classification:
G06F 17/00
US Classification:
715206
Abstract:
A method of characterising a web site by sampling, the method comprising, the repeated steps of: accessing a URL; receiving a web page; analysing the URL and received webpage and recording characteristics thereof; identifying links within the received web page; grouping links within the received web-page based on proximity; and selecting one of the selected links for subsequent access based on the grouping. The method can be applied in a web application assessment tool.
- Houston TX, US Prajakta JAGDALE - Sunnyvale CA, US Sasi MUTHURAJAN - Alpharetta GA, US Nidhi KEJRIWAL - Alpharetta GA, US
Assignee:
HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP - Houston TX
International Classification:
G06F 21/57
Abstract:
Example embodiments disclosed herein relate to determining terms for a security test. Terms associated with an application under test are determined. The terms are filtered with words in a dictionary to generate a filtered set or wordlist. The set or wordlist is used for input to the application under test for the security test.
- Houston TX, US Matias Madou - Diegem, BE Prajakta Jagdale - Sunnyvale CA, US Jeremy Brooks - Alpharetta GA, US
International Classification:
G06F 21/57
Abstract:
Example embodiments disclosed herein relate to a security test. A crawl of an application under test (AUT) is performed to determine an attack surface using crawl sessions. One or more parameters of the attack surface are probed during the respective crawl sessions. A trace is requested from an observer for the probe of the one or more parameters. Attack suggestions are received from the observer based on the trace of the one or more parameters.
- Houston TX, US Iftach Ragoler - Alpharetta GA, US Philip Edward Hamer - Alpharetta GA, US Russell Andrew Spitler - San Francisco CA, US Sean Patrick Fay - San Francisco CA, US Prajakta Subbash Jagdale - Alpharetta GA, US
International Classification:
G06F 21/57 H04L 29/06
Abstract:
The present disclosure provides a system that includes a server hosting an application under test (AUT), an observer configured to monitor instructions executed by the AUT, and a computing device communicatively coupled to the AUT and the observer through a common communication channel. The computing device may be configured to send an application request to the AUT, wherein the application request is configured to expose a potential vulnerability of the AUT. The computing device may receive an application response from the AUT in accordance with the AUT's programming. The computing device may send a service request to the observer, and receive a service response from the observer that contains information corresponding to the instructions executed by the AUT due to the application request, information about the AUT, or information about a server hosting the AUT.
Sasi Siddharth Muthurajan - Atlanta GA, US Prajakta Subhash Jagdale - Mountain View CA, US Leonid Promyshlyansky Bensman - Johns Creek GA, US Iftach Ragoler - Alpharetta GA, US Philip Edward Hamer - Alpharetta GA, US
International Classification:
G06F 21/57
US Classification:
726 25
Abstract:
Disclosed herein are techniques for determining vulnerabilities in applications under testing. It is determined whether a first database instruction of an application enters information into a database and whether a second database instruction thereof obtains said information from the database. If the first database instruction enters the information in the database and the second database instruction obtains the information therefrom, it is determined whether the application is vulnerable to entry of malicious code via the database.
Georgia Institute of Technology 2005 - 2006
Master of Science, Masters
Department of Technology, Savitribai Phule Pune University 2000 - 2004
Bachelor of Engineering, Bachelors, Computer Engineering
Vivekanand College 1998 - 2000
Skills:
Web Application Security Application Security Penetration Testing Vulnerability Assessment Information Security Computer Security Internet Security Web Security