WO2006119336A3 - In-line website securing system with html processor and link verification - Google Patents
In-line website securing system with html processor and link verification Download PDFInfo
- Publication number
- WO2006119336A3 WO2006119336A3 PCT/US2006/016925 US2006016925W WO2006119336A3 WO 2006119336 A3 WO2006119336 A3 WO 2006119336A3 US 2006016925 W US2006016925 W US 2006016925W WO 2006119336 A3 WO2006119336 A3 WO 2006119336A3
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- waf
- server
- client
- website
- validity
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
Abstract
A web application firewall (WAFs) used to secure websites from many known and unknown vulnerabilities is described. In one embodiment, the WAF is installed between a server that is serving web content and a network over which clients access the website hosted on the server. The WAF is configured to provide security from external attacks by preventing the website from receiving data that it did not send, and that the data received was not altered by a client. The WAF encodes outbound HTTP response data such that when a client or interloper follows one of the links or other constructs in the response data, the WAF can determine the validity of the next client request. In one embodiment, each universal resource locator link is encrypted and checked for validity when it is returned to the server via the WAF.
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US67720705P | 2005-05-02 | 2005-05-02 | |
US60/677,207 | 2005-05-02 | ||
US11/415,794 US20060288220A1 (en) | 2005-05-02 | 2006-05-01 | In-line website securing system with HTML processor and link verification |
US11/415,794 | 2006-05-01 |
Publications (3)
Publication Number | Publication Date |
---|---|
WO2006119336A2 WO2006119336A2 (en) | 2006-11-09 |
WO2006119336A3 true WO2006119336A3 (en) | 2007-08-09 |
WO2006119336B1 WO2006119336B1 (en) | 2007-09-27 |
Family
ID=37308656
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2006/016925 WO2006119336A2 (en) | 2005-05-02 | 2006-05-02 | In-line website securing system with html processor and link verification |
Country Status (2)
Country | Link |
---|---|
US (1) | US20060288220A1 (en) |
WO (1) | WO2006119336A2 (en) |
Families Citing this family (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8161538B2 (en) * | 2004-09-13 | 2012-04-17 | Cisco Technology, Inc. | Stateful application firewall |
US8650214B1 (en) * | 2005-05-03 | 2014-02-11 | Symantec Corporation | Dynamic frame buster injection |
US8819049B1 (en) | 2005-06-01 | 2014-08-26 | Symantec Corporation | Frame injection blocking |
US7734722B2 (en) * | 2005-06-02 | 2010-06-08 | Genius.Com Incorporated | Deep clickflow tracking |
US8996715B2 (en) * | 2006-06-23 | 2015-03-31 | International Business Machines Corporation | Application firewall validation bypass for impromptu components |
US8060916B2 (en) * | 2006-11-06 | 2011-11-15 | Symantec Corporation | System and method for website authentication using a shared secret |
US8613096B2 (en) * | 2007-11-30 | 2013-12-17 | Microsoft Corporation | Automatic data patch generation for unknown vulnerabilities |
US20090144828A1 (en) * | 2007-12-04 | 2009-06-04 | Microsoft Corporation | Rapid signatures for protecting vulnerable browser configurations |
EP2144420B1 (en) * | 2008-07-07 | 2011-06-22 | Barracuda Networks AG | Web application security filtering |
US8266687B2 (en) * | 2009-03-27 | 2012-09-11 | Sophos Plc | Discovery of the use of anonymizing proxies by analysis of HTTP cookies |
US20120117455A1 (en) * | 2010-11-08 | 2012-05-10 | Kwift SAS (a French corporation) | Anthropomimetic analysis engine for analyzing online forms to determine user view-based web page semantics |
US20130019314A1 (en) * | 2011-07-14 | 2013-01-17 | International Business Machines Corporation | Interactive virtual patching using a web application server firewall |
US8862868B2 (en) | 2012-12-06 | 2014-10-14 | Airwatch, Llc | Systems and methods for controlling email access |
US8826432B2 (en) * | 2012-12-06 | 2014-09-02 | Airwatch, Llc | Systems and methods for controlling email access |
US9787686B2 (en) | 2013-04-12 | 2017-10-10 | Airwatch Llc | On-demand security policy activation |
US9231915B2 (en) | 2013-10-29 | 2016-01-05 | A 10 Networks, Incorporated | Method and apparatus for optimizing hypertext transfer protocol (HTTP) uniform resource locator (URL) filtering |
CN104935551B (en) * | 2014-03-18 | 2018-09-04 | 杭州迪普科技股份有限公司 | A kind of webpage tamper protective device and method |
GB2524497A (en) * | 2014-03-24 | 2015-09-30 | Vodafone Ip Licensing Ltd | User equipment proximity requests |
CN104301302B (en) * | 2014-09-12 | 2017-09-19 | 深信服网络科技(深圳)有限公司 | Go beyond one's commission attack detection method and device |
CN108712430A (en) * | 2018-05-24 | 2018-10-26 | 网宿科技股份有限公司 | A kind of method and apparatus sending form request |
US10965659B2 (en) * | 2018-11-09 | 2021-03-30 | International Business Machines Corporation | Real-time cookie format validation and notification |
CN110034922B (en) * | 2019-04-22 | 2022-09-20 | 湖南快乐阳光互动娱乐传媒有限公司 | Request processing method, processing device, request verification method and verification device |
US11356275B2 (en) * | 2020-05-27 | 2022-06-07 | International Business Machines Corporation | Electronically verifying a process flow |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6351811B1 (en) * | 1999-04-22 | 2002-02-26 | Adapt Network Security, L.L.C. | Systems and methods for preventing transmission of compromised data in a computer network |
US20040199762A1 (en) * | 2003-04-03 | 2004-10-07 | International Business Machines Corporation | Method and system for dynamic encryption of a URL |
US20050021972A1 (en) * | 1999-04-15 | 2005-01-27 | Gilian Technologies Ltd. | Data quality assurance |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020112162A1 (en) * | 2001-02-13 | 2002-08-15 | Cocotis Thomas Andrew | Authentication and verification of Web page content |
US20030051142A1 (en) * | 2001-05-16 | 2003-03-13 | Hidalgo Lluis Mora | Firewalls for providing security in HTTP networks and applications |
US7100049B2 (en) * | 2002-05-10 | 2006-08-29 | Rsa Security Inc. | Method and apparatus for authentication of users and web sites |
US20060005237A1 (en) * | 2003-01-30 | 2006-01-05 | Hiroshi Kobata | Securing computer network communication using a proxy server |
US7395428B2 (en) * | 2003-07-01 | 2008-07-01 | Microsoft Corporation | Delegating certificate validation |
-
2006
- 2006-05-01 US US11/415,794 patent/US20060288220A1/en not_active Abandoned
- 2006-05-02 WO PCT/US2006/016925 patent/WO2006119336A2/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050021972A1 (en) * | 1999-04-15 | 2005-01-27 | Gilian Technologies Ltd. | Data quality assurance |
US6351811B1 (en) * | 1999-04-22 | 2002-02-26 | Adapt Network Security, L.L.C. | Systems and methods for preventing transmission of compromised data in a computer network |
US20040199762A1 (en) * | 2003-04-03 | 2004-10-07 | International Business Machines Corporation | Method and system for dynamic encryption of a URL |
Also Published As
Publication number | Publication date |
---|---|
WO2006119336A2 (en) | 2006-11-09 |
US20060288220A1 (en) | 2006-12-21 |
WO2006119336B1 (en) | 2007-09-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2006119336A3 (en) | In-line website securing system with html processor and link verification | |
CN107209830B (en) | Method for identifying and resisting network attack | |
EP3095225B1 (en) | Redirect to inspection proxy using single-sign-on bootstrapping | |
JP6367375B2 (en) | System and method for secure communication over a network using linking addresses | |
EP2005698B1 (en) | Method for providing web application security | |
US11126749B2 (en) | Apparatus and method for securing web application server source code | |
CN102624729B (en) | Web authentication method, device and system | |
PH12019501854A1 (en) | Trusted login method, server, and system | |
WO2016006520A1 (en) | Detection device, detection method and detection program | |
US20100071048A1 (en) | Service binding | |
US20140373138A1 (en) | Method and apparatus for preventing distributed denial of service attack | |
US20170359349A1 (en) | Method and apparatus for causing a delay in processing requests for internet resources received from client devices | |
WO2010011731A3 (en) | Methods and systems for secure key entry via communication networks | |
Shulman et al. | Towards security of internet naming infrastructure | |
WO2008124515A3 (en) | A system and method for binding a subscription-based computing system to an internet service provider | |
WO2006097397A3 (en) | Single login systems and methods. | |
CN103023869B (en) | Malicious attack prevention method and browser | |
Al‐Hammouri et al. | ReCAP: a distributed CAPTCHA service at the edge of the network to handle server overload | |
US10218805B2 (en) | Method and apparatus for causing delay in processing requests for internet resources received from client devices | |
WO2007078037A1 (en) | Web page protection method employing security appliance and set-top box having the security appliance built therein | |
Hollenbeck et al. | Security Services for the Registration Data Access Protocol (RDAP) | |
US20180324211A1 (en) | System and method for prevening denial of service attacks | |
Pansa et al. | Architecture and protocols for secure LAN by using a software-level certificate and cancellation of ARP protocol | |
de los Santos et al. | Implementation state of HSTS and HPKP in both browsers and servers | |
JP2010250791A (en) | Web security management device and method for monitoring communication between web server and client |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
NENP | Non-entry into the national phase |
Ref country code: DE |
|
NENP | Non-entry into the national phase |
Ref country code: RU |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 06758970 Country of ref document: EP Kind code of ref document: A2 |