	US 12,074,896 B2
	Systems, methods, and storage media for conducting security penetration testing
Rajiv Chhetri, Bengaluru Karnataka (IN); and Karthickprakash Selvaraj, Bengaluru Karnataka (IN)
Assigned to Cerner Innovation, Inc., Kansas City, MO (US)
Filed by CERNER INNOVATION, INC., Kansas City, KS (US)
Filed on Apr. 17, 2020, as Appl. No. 16/851,474.
Prior Publication US 2021/0329022 A1, Oct. 21, 2021
Int. Cl. H04L 29/06 (2006.01); G06F 9/38 (2018.01); G06F 11/36 (2006.01); G06F 16/951 (2019.01); H04L 9/40 (2022.01); H04L 67/561 (2022.01)

CPC H04L 63/1433 (2013.01) [G06F 9/3851 (2013.01); G06F 11/3684 (2013.01); G06F 16/951 (2019.01); H04L 67/561 (2022.05)]

26 Claims

1. A system having one or more processors configured to perform a plurality of operations for conducting security penetration testing, the operations comprising:

recording, via a security extension of a web browser, a user interface workflow;

generating, via the security extension, a test script that represents the user interface workflow;

executing the test script in an application, using a proxy port, to recreate the user interface workflow recorded via the security extension of the web browser,

wherein executing the test script comprises:

generating a plurality of threads in the application that each (a) correspond to a copy of the test script and (b) apply the recorded user interface workflow based on the test script; and

executing the plurality of threads in the application in parallel;

simulating a plurality of cyber-attacks, corresponding at least in part to the plurality of threads, against the user interface workflow recreated by executing the test script in the application;

identifying a security vulnerability based at least in part on the plurality of cyber-attacks; and

generating a security report that identifies the security vulnerability.