US 12,254,081 B2
Verification of serverless applications using fuzzing techniques
David Autrey Bohannon, Sugar Hill, GA (US); Ksenia A. Peguero, Herndon, VA (US); and Benjamin D. Sedat, San Francisco, CA (US)
Assigned to Black Duck Software, Inc., Burlington, MA (US)
Filed by BLACK DUCK SOFTWARE, INC., Mountain View, MA (US)
Filed on Oct. 24, 2022, as Appl. No. 17/972,353.
Prior Publication US 2024/0134962 A1, Apr. 25, 2024
Prior Publication US 2024/0232329 A9, Jul. 11, 2024
Int. Cl. G06F 11/36 (2006.01); G06F 11/3604 (2025.01); G06F 21/52 (2013.01)
CPC G06F 21/52 (2013.01) [G06F 11/3604 (2013.01); G06F 2221/033 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method of verifying an application, the method comprising:
communicating, to an application device, a request for source code for a first function of an application hosted on the application device, wherein the request bypasses an application programming interface (API) gateway that would otherwise reject the request due to the first function being unexposed by the API gateway;
downloading the source code for the first function from the application device;
injecting a first fuzzing payload into an input object of the first function to generate a test object;
invoking the first function using the test object; and
generating a response to invoking the first function using the test object, wherein the response comprises at least one of an error message, a stack trace, or a timeout indicator that indicates a vulnerability in the first function.