Field
The methods and systems of selective website vulnerability and infection testing relates to website malware testing and detection.
Description of the Related Art
Websites are collections of information intended to be viewed, used, and interacted with such as through a web server by exchanging information between a server and a client over a network, such as the Internet. There are a number of commercially available packages that generate the necessary website pages that can be uploaded to web servers connected to the Internet. Any number of defects, infections, vulnerabilities, malware, spam, and the like may be found in website pages on the internet. Therefore, web testing may be done for identifying such defects in a website pages (e.g. before a website is made live). Testing and analysis of websites confirms content and proper operation. For example, testing the website ensures whether all links are working correctly. Further, the website can be tested to be cross browser compatible. Testing of the website determines delivered performance of a website server, analyzes capacity of the website server by imposing realistic loads, and identifies erroneous website pages. Issues such as the security of the website content or data stored in association therewith are also typically checked during testing.
Conventionally, there are several security testing methods that can be used to obtain information about how a website behaves when viewed in a web browser or the like. Examples of such security testing methods may include, but are not limited to, sequel injection testing, phantom web page testing, open source security testing, penetration testing, cross-site scripting (XSS) testing, Carriage Return and Line Feed (CRLF) injection testing, JavaScript injection testing, code execution testing, directory traversal testing, and the like are some of the testing techniques currently available in the market.
However, these conventional testing techniques generate a significant amount of traffic to and require a significant amount of data traffic from a website (an in particular the server(s) that are used to host the website) to test its integrity and to look for hidden web pages, and the like. The significant amount of traffic, generated by the current website testing functionality, takes up a significant amount of website access bandwidth due to generation of tens of thousands of page requests to test for hidden pages on the website that are generally known to be associated with intrusions or malware. The significant amount of access bandwidth may affect or even overload a server that is hosting the website under test. Further, resource and bandwidth efficiency of conventional testing techniques may not be acceptable for the advancing share hosting environments that are common today. They eat up a lot of time of the resource (i.e. hosting server) for the security testing. Often there are redundant page requests for the required pages of the website. All these issues can lead to a significant degradation in the performance of a website.
There has also been a noticeable increase in the existence of small websites. Small websites may be increasing due to a number of factors such consumer demand, ease of website creation tools, low cost for shared web hosting, inexpensive ways of making others aware of a business or brand, affiliating networks that target web traffic to a website to increase profits, and the like. Many easy and inexpensive website generation software packages have also lead to the creation of a plurality of small websites. Web hosting has responded to this significant increase by offering a variety of shared hosting approaches such as offering lower costs hosting fees for websites up to a small number of web pages (e.g., 25). Shared web hosting approach may host multiple websites on a single web server connected to the Internet. Each site may be placed on its own partition on the server to keep it separate from other sites. Shared web hosting keeps costs down as many people share the overall cost of server operation and maintenance. Further, shared web hosting provides affordable web hosting solution for small business.
In a shared hosting environment tens of thousands or even millions of small websites may be hosted by a single web server. This single web server must handle all the traffic for this large number of small websites. However, heavy use of small websites can lead to a significant degradation in performance, or even a complete loss of services of the small websites because the small websites have been hosted by a single web server.
As discussed above, conventional website security testing methods generate a significant amount of traffic towards a website to test its integrity and look for hidden web pages. Since small websites are typically hosted on a shared server, employment of conventional website security testing methods can result in an uncceptable amount of traffic to web pages hosted on the shared server. This may cause the shared server to get overloaded and also lead to a significant degradation in the performance of the small websites, making them unavailable or inaccessible. Achieving a timely, high degree of confidence in the integrity and security of website content while lightly loading web servers, particularly shared hosting servers to enable high availability and superior responsiveness for visitor website access is not simple to achieve and may require rethinking how website testing is conceived, designed, offered for subscription, delivered, and the like.