1. Field of the Invention
The present invention relates to a computer program product, system, and method for interacting with a remote server over a network to determine whether to allow data exchange with a resource at the remote server.
2. Description of the Related Art
Computer users do not know whether a web site they are connecting to is exposed to a known security vulnerability issue. For instance, the security bug known as Heartbleed (CVE-2014-0160) operates by exploiting a known security vulnerability by requesting an excessive amount of data to cause the server to return recent data in memory which may include passwords, usernames and other sensitive information. To avoid the Heartbleed vulnerability after detected, users had to resort to manual checking or verification of the remote web site.
Another recently discovered vulnerability is known as Shellshock (CVE-2014-6271), which is a vulnerability that has existed since 1992 in Bash, a program that Unix based systems use to execute command lines and command scripts. The vulnerability exists in that web based requests and commands can invoke calls to Bash that allow exploitation of vulnerabilities. To probe if a remote system is exposed to Shellshock, a test may be performed to attempt to extend an innocuous command, such as echo, beyond a bash variable setting, and check if the command executes. If it does, the system is exposed to the Shellshock vulnerability.
There is a need in the art for improved techniques for detecting security vulnerabilities with servers and code to protect web users.