DETECTING AND MONITORING SERVER SIDE STATES DURING WEB APPLICATION SCANNING

1. A computer-implemented method of detecting and monitoring server side state during the scanning of a web application, the method comprising:

monitoring executed code of said web application while scanning said web application;

retrieving code coverage information from said monitoring of said executed code and retrieving scanning information from said scanning of said web application;

correlating said code coverage information with said scanning information; and

determining a change in said server side state based on said correlation.

2. The method according to claim 1, wherein said step of monitoring executed code of said web application while scanning said web application comprises:

sending a request to said web application; and

receiving a response to said request.

3. The method according to claim 2, wherein said step of correlating said code coverage information with said scanning information comprises:

extracting, from said code coverage information, the part of said executed code that was executed between the time when said request was sent and when said response was received; and

mapping said part of said executed code to said request to establish a relationship between said part of said executed code and said request.

4. The method according to claim 1, wherein said step of determining a change in said server side state based on said comparison comprises:

retrieving the part of previously executed code on said web application that was executed between the time when a previous request was sent and when a previous response was received, wherein said request is the same as said previous request; and

determining if said part of previously executed code is different from said part of said executed code that was executed between the time when said request was sent and when said response was received.

5. The method according to claim 1, further comprising identifying said server side state based on said step of determining a change in said server side state.

6. A computer-implemented method of detecting and monitoring server side state during the scanning of a web application, the method comprising:

monitoring executed code of said web application while scanning said web application;

retrieving code coverage information from said monitoring of said executed code and retrieving scanning information from said scanning of said web application; and

determining, based on said code coverage information and said scanning information, if a specified portion of the web application code was executed.

7. The method according to claim 6, wherein said step of monitoring executed code of said web application while scanning said web application comprises:

sending a request to said web application; and

receiving a response to said request.

8. A computer-implemented method of detecting and monitoring server side state during the scanning of a web application, the method comprising:

sending a request to said web application while monitoring executed code of said web application and scanning said web application;

receiving a response to said request;

retrieving code coverage information from said monitoring of said executed code and retrieving scanning information from said scanning of said web application;

extracting, from said code coverage information, said part of said executed code that was executed between the time when said request was sent and when said response was received;

mapping said part of said executed code to said request to establish a relationship between said part of said executed code and said request;

retrieving the part of previously executed code on said web application that was executed between the time when a previous request was sent and when a previous response was received, wherein said request is the same as said previous request; and

determining if said part of previously executed code is different from said part of said executed code that was executed between the time when said request was sent and when said response was received.

9. The method according to claim 8, further comprising identifying said server side state based on said step of determining a change in said server side state.

10. A computer-implemented system for detecting and monitoring server side state during the scanning of a web application comprising:

a monitoring unit for monitoring executed code of said web application while scanning said web application;

an information retrieving unit for retrieving code coverage information from said monitoring of said executed code and for retrieving scanning information from said scanning of said web application;

a correlating unit for correlating said code coverage information with said scanning information; and

a server side state analyzing unit for determining a change in said server side state based on said correlation.

11. The system according to claim 10, wherein said information retrieving unit further retrieves information about a request sent to said web application and information about a response to said request.

12. The system according to claim 11, wherein said correlating unit comprising:

an extracting unit for extracting, from said code coverage information, the part of said executed code that was executed between the time when said request was sent and when said response was received; and

a mapping unit for mapping said part of said executed code to said request to establish a relationship between said part of said executed code and said request.

13. The system according to claim 10, wherein said server side state analyzing unit comprises:

a code retrieving unit for retrieving the part of previously executed code on said web application that was executed between the time when a previous request was sent and when a previous response was received, wherein said request is the same as said previous request; and

a code analyzing unit for determining if said part of previously executed code is different from said part of said executed code that was executed between the time when said request was sent and when said response was received.

14. The system according to claim 10, further comprising a server side state identifying unit for identifying said server side state based on the determination of said server side state analyzing unit.

15. A computer-implemented system for detecting and monitoring server side state during the scanning of a web application, said system comprising one or more devices that executes the steps of the method according to claim 6.

16. A computer-implemented system for detecting and monitoring server side state during the scanning of a web application, said system comprising one or more devices that executes the steps of the method according to claim 8.

17. A computer readable article of manufacture tangibly embodying computer readable instructions which when executed causes a computer to carry out the steps of a method according to claim 1.

18. A computer readable article of manufacture tangibly embodying computer readable instructions which when executed causes a computer to carry out the steps of a method according to claim 6.

19. A computer readable article of manufacture tangibly embodying computer readable instructions which when executed causes a computer to carry out the steps of a method according to claim 8.