The popularity of the Internet has given rise to e-commerce. As illustrated in FIG. 1, many consumers 102 enjoy the convenience of shopping at home via websites 104 including internet portals (such as YAHOO), online shopping sites (such as AMAZON.COM), online auction sites (such as EBAY), and online banking sites (such as CITIBANK). Many other activities that formerly required live interactions either in person or via phone can be conducted on-line, such as applying for car or health insurance, buying and selling stocks, etc. via the Internet 106.
Such on-line activities typically require the exchange and storage of personal information such as credit card numbers and banking information. Accordingly, consumers want to be able to trust that the websites 104 are secure from on-line vulnerabilities, such as the ability for hackers to gain access to their personal information.
The inventions and technologies described in co-pending U.S. patent application Ser. Nos. 10/113,875 and 10/674,878, the contents of which are incorporated herein by reference in their entirety, have dramatically advanced the state of the art of vulnerability detection, assessment and management. For example, these co-pending applications describe techniques for performing vulnerability scans of websites, and hosting and controlling the contents of a mark in accordance with the scan results that indicates to visitors of the website how safe the website is. These vulnerability scans aim to duplicate and/or exploit methods known to be used by hackers to attempt to gain unauthorized access to the devices and systems of the website. Nevertheless, areas of potential improvement exist.
For example, the effectiveness of certain vulnerability scans is sometimes limited to entry points that are identified by conventional crawling methods. Meanwhile, certain parts of a website or web application can only be gained by users who are actually navigating the site, for example to make a purchase. It would be desirable to make use of the information from such actual use to enhance the knowledge of the site, and thus the effectiveness of vulnerability scans of the site.