US 12,386,980 B1
Software testing system for detecting code injection vulnerabilities
Viliam Holub, Prague (CZ); Gerald Curran, Dublin (IE); and Trevor Parsons, Donegal (IE)
Assigned to Rapid7, Inc., Boston, MA (US)
Filed by Rapid7, Inc., Boston, MA (US)
Filed on May 30, 2023, as Appl. No. 18/203,129.
Int. Cl. G06F 21/00 (2013.01); G06F 11/3604 (2025.01); G06F 21/57 (2013.01)
CPC G06F 21/577 (2013.01) [G06F 11/3612 (2013.01); G06F 2221/033 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system, comprising:
one or more computing devices configured to implement a software testing system, configured to:
generate a string that contains an exploit, wherein the exploit includes executable code that, if executed by a software system, causes an execution detection token (EDT) to be generated, wherein the EDT contains a unique value that indicates vulnerability of the software application to the exploit with no risk of false positives;
store the EDT in a data store of the software testing system as part of an injection record;
inject the string into an execution of the software system to simulate a code injection attack on the software system;
obtain an execution result of the software system after the injection of the string;
match the execution result to the injection record in the data store to detect that the EDT was generated during the execution; and
output an indication that the software system is vulnerable to the exploit based on the detection that the EDT was generated.