US 12,294,603 B2
Application security testing based on live traffic
Inon Shkedy, Berkeley, CA (US); Roshan Piyush, Bengaluru (IN); Sanjay Nagaraj, Dublin, CA (US); Satish Kumar Mittal, Bengaluru (IN); and Juan Pablo Tosso Alvarez, Santiago (CL)
Assigned to TRACEABLE INC, San Francisco, CA (US)
Filed by Traceable Inc., San Francisco, CA (US)
Filed on Jan. 8, 2022, as Appl. No. 17/571,463.
Prior Publication US 2023/0224318 A1, Jul. 13, 2023
Int. Cl. H04L 29/06 (2006.01); G06F 9/54 (2006.01); H04L 9/40 (2022.01)
CPC H04L 63/1433 (2013.01) [G06F 9/547 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method for testing application security, comprising:
accessing intercepted application program interface (API) traffic transmitted between a client device and a server;
identifying a subset of the intercepted traffic to duplicate, the subset selected based on parsing the intercepted traffic;
duplicating the subset of intercepted traffic;
modifying the duplication of the subset of intercepted traffic, the modification including transforming the duplicated traffic to include malicious code;
transmitting the modified duplicate traffic to the server; and
detecting whether the modified duplicate traffic resulted in a successful attack event on the server.