US 9,811,668 B2
Multi-context exploit test management
Antonino Sabetta, Mouans-Sartoux (FR); Luca Compagna, La Roquette (FR); Serena Ponta, Antibes (FR); Stanislav Dashevskyi, Dnipropetrovsk (UA); Daniel Dos Santos, Trento (IT); and Fabio Massacci, Trento (IT)
Assigned to SAP SE, Walldorf (DE)
Filed by SAP SE, Walldorf (DE)
Filed on Apr. 21, 2015, as Appl. No. 14/692,203.
Prior Publication US 2016/0314302 A1, Oct. 27, 2016
Int. Cl. G06F 11/00 (2006.01); G06F 12/14 (2006.01); G06F 12/16 (2006.01); G08B 23/00 (2006.01); G06F 21/57 (2013.01); G06F 21/54 (2013.01); G06F 21/53 (2013.01); G06F 21/56 (2013.01)
CPC G06F 21/577 (2013.01) [G06F 21/53 (2013.01); G06F 21/54 (2013.01); G06F 21/566 (2013.01); G06F 2221/033 (2013.01)] 19 Claims
OG exemplary drawing
 
1. A system for exploit test management including instructions recorded on a non-transitory computer-readable storage medium, and executable by at least one hardware processor, the system comprising:
an input handler configured to cause the at least one hardware processor to receive an exploit test request specifying at least one exploit to be tested against at least one application in at least one execution environment, the at least one execution environment including an operating system and an application server, and the at least one exploit including at least two exploit script portions;
a deployment engine configured to cause the at least one hardware processor to deploy the at least one execution environment including instantiating a container providing a virtual machine image and configured based on the exploit test request, the instantiated container actively executing operations of the at least one application on the operating system and application server within at least one execution engine;
a scheduler configured to cause the at least one hardware processor to schedule injections of the at least two exploit script portions into the at least one execution environment of the at least one execution engine, with a timing determined from the exploit test request and defined with respect to the actively executing operations; and
a report generator configured to cause the at least one hardware processor to generate an exploit test report characterizing a result of the injections into the at least one execution environment of the at least one execution engine.