1. A system that dynamically scans a web application to perform a security analysis of the web application comprising:
a computer-readable storage medium; and
a processor configured to initiate executable operations comprising:
collecting log file data from at least one log file, collecting the log file data comprising matching information from a previous HTTP request, which lead to a subsequent HTTP request being generated, using stateful parsing to identify information about at least one HTML parameter type by marking a certain parameter of the previous HTTP request as a parameter originating from a form or a hyperlink;
entering data from the collected log file data into at least one data file;
scanning the at least one data file to identify information relevant to security testing;
from the identified information relevant to the security testing, generating at least a first HTTP request to exercise a web application to perform the security analysis of the web application, the first HTTP request corresponding to a second HTTP request generated by prior use or development of the web application and contained in the log file, the first HTTP request including form data that is different than form data contained in the second HTTP request and configured to specifically test for security vulnerabilities in the web application;
communicating the HTTP request to the web application;
receiving at least one HTTP response to the first HTTP request;
analyzing the HTTP response to perform validation of the web application; and
outputting results of the validation.
2. The system of claim 1, wherein the processor further in configured to initiate executable operations comprising:
filtering the collected log file data to remove redundant information from the collected log file data.
3. The system of claim 1, wherein the processor further in configured to initiate executable operations comprising:
transforming at least a portion of the collected log file data into at least one data structure recognizable by the web application; and
including the data structure in the first HTTP request.
4. The system of claim 1, wherein the at least one log file comprises a log file maintained by an application client on which a client application is executed to access the web application.
5. The system of claim 1, wherein the at least one log file comprises a log file maintained by a web server that hosts the web application.
6. The system of claim 1, wherein the at least one log file comprises a log file maintained by network infrastructure of a communication network to which an application client on which a client application is executed is communicatively linked.
7. The system of claim 1, wherein the at least one log file comprises a log file maintained by network infrastructure of a communication network to which a web server that hosts the web application is communicatively linked.
8. The system of claim 1, wherein the processor further is configured to initiate executable operations comprising:
identifying at least one URL identified in the collected log file data;
wherein generating at least the first HTTP request comprises submitting in the first HTTP request a hazardous payload to the URL.
9. A computer program product for dynamically scanning a web application to perform a security analysis of the web application, the computer program product comprising:
a computer-readable storage device, wherein the computer-readable storage device is not a transitory, propagating signal per se, having computer-readable program code embodied therewith, the computer-readable program code comprising:
computer-readable program code configured to collect log file data from at least one log file;
computer-readable program code configured to enter data from the collected log file data into at least one data file, collecting the log file data comprising matching information from a previous HTTP request, which lead to a subsequent HTTP request being generated, using stateful parsing to identify information about at least one HTML parameter type using stateful parsing to identify information about at least one HTML parameter type by marking a certain parameter of the previous HTTP request as a parameter originating from a form or a hyperlink;
computer-readable program code configured to scan the at least one data file to identify information relevant to security testing;
computer-readable program code configured to, from the identified information relevant to the security testing, generate at least a first HTTP request to exercise a web application to perform the security analysis of the web application, the first HTTP request corresponding to a second HTTP request generated by prior use or development of the web application and contained in the log file, the first HTTP request including form data that is different than form data contained in the second HTTP request and configured to specifically test for security vulnerabilities in the web application;
computer-readable program code configured to communicate the first HTTP request to the web application;
computer-readable program code configured to receive at least one HTTP response to the first HTTP request;
computer-readable program code configured to analyze the HTTP response to perform validation of the web application; and
computer-readable program code configured to output results of the validation.
10. The computer program product of claim 9, the computer-readable program code further comprising:
computer-readable program code configured to filter the collected log file data to remove redundant information from the collected log file data.
11. The computer program product of claim 9, the computer-readable program code further comprising:
computer-readable program code configured to transform at least a portion of the collected log file data into at least one data structure recognizable by the web application; and
computer-readable program code configured to include the data structure in the first HTTP request.
12. The computer program product of claim 9, wherein the at least one log file comprises a log file maintained by an application client on which a client application is executed to access the web application.
13. The computer program product of claim 9, wherein the at least one log file comprises a log file maintained by at least one system selected from a group consisting of a web server that hosts the web application, network infrastructure of a communication network to which an application client on which a client application is executed is communicatively linked, and network infrastructure of a communication network to which a web server that hosts the web application is communicatively linked.
14. The computer program product of claim 9, the computer-readable program code further comprising:
computer-readable program code configured to identify at least one URL identified in the collected log file data;
wherein the computer-readable program code configured to generate at least the first HTTP request comprises computer-readable program code configured to submit in the first HTTP request a hazardous payload to the URL.
The claims below are in addition to those above.
All refrences to claim(s) which appear below refer to the numbering after this setence.
1. A circuit for driving a link being programmable by an energy pulse, the circuit generating an output signal with a boosted signal level compared with a logic level of an input signal, the circuit comprising:
an input stage having a first input terminal pair for receiving a first input signal with a logic level, and a second input terminal pair for receiving a second input signal with a logic level, said input stage having a first switch pair with control inputs forming said first input terminal pair, said input stage having a second switch pair connected to said first switch pair for forming a logic combination of the first and second input signals, said second switch pair having control inputs forming said second input terminal pair;
an output stage connected to said input stage and having a terminal for feeding in a blowing voltage, a first supply voltage terminal, and an output terminal coupled to the link and the output signal with the boosted signal level is tapped at said output terminal; and
a switch having a control input and a controlled path with a first terminal connected to said terminal for feeding in the blowing voltage and a second terminal connected to the link, said control input of said switch connected to said output terminal of said output stage and, depending on the first and second input signals, said switch through-connects said first terminal of said controlled path, connected to said terminal for feeding in the blowing voltage, to said second terminal of said controlled path connected to the link.
2. The circuit according to claim 1, wherein said first switch pair has two input transistors including a first input transistor driven by the first input signal and a second input transistor driven by an inverted first input signal.
3. The circuit according to claim 2, wherein said output stage includes two cross-coupled transistors coupled to said input transistors.
4. The circuit according to claim 3, wherein said output stage further includes two further transistors having control inputs connected to said first supply voltage terminal, said two further transistors coupling said cross-coupled transistors to said input transistors.
5. The circuit according to claim 2, wherein said second switch pair includes two further input transistors including a third input transistor driven by the second input signal and a fourth input transistor driven by an inverted second input signal.
6. The circuit according to claim 5, wherein said first and fourth input transistors are connected up in parallel with one another, and said second and third input transistors are connected in series with one another and said first, second, third and fourth transistors form an AND combination.
7. The circuit according to claim 5,
wherein said third and fourth transistors have control inputs; and
further comprising a shift register generating the second input signal and the inverted second input signal and connected to said control inputs of said third and fourth input transistors for transmitting the second input signal and the inverted second input signal.
8. The circuit according to claim 2,
wherein said first and second transistors have control inputs; and
further comprising a volatile memory cell providing the first input signal and the inverted first input signal and connected to said control inputs of said first and second input transistors for transmitting the first input signal and the inverted first input signal.
9. The circuit according to claim 1, wherein the circuit configuration is constructed using CMOS circuit technology.