WO2006119336A3 - In-line website securing system with html processor and link verification - Google Patents

In-line website securing system with html processor and link verification Download PDF

Info

Publication number
WO2006119336A3
WO2006119336A3 PCT/US2006/016925 US2006016925W WO2006119336A3 WO 2006119336 A3 WO2006119336 A3 WO 2006119336A3 US 2006016925 W US2006016925 W US 2006016925W WO 2006119336 A3 WO2006119336 A3 WO 2006119336A3
Authority
WO
WIPO (PCT)
Prior art keywords
waf
server
client
website
validity
Prior art date
Application number
PCT/US2006/016925
Other languages
French (fr)
Other versions
WO2006119336A2 (en
WO2006119336B1 (en
Inventor
Bill Pennington
Jeremiah Grossman
Robert Stone
Siamak Pazirandeh
Lex Arquette
Original Assignee
Whitehat Security Inc
Bill Pennington
Jeremiah Grossman
Robert Stone
Siamak Pazirandeh
Lex Arquette
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Whitehat Security Inc, Bill Pennington, Jeremiah Grossman, Robert Stone, Siamak Pazirandeh, Lex Arquette filed Critical Whitehat Security Inc
Publication of WO2006119336A2 publication Critical patent/WO2006119336A2/en
Publication of WO2006119336A3 publication Critical patent/WO2006119336A3/en
Publication of WO2006119336B1 publication Critical patent/WO2006119336B1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls

Abstract

A web application firewall (WAFs) used to secure websites from many known and unknown vulnerabilities is described. In one embodiment, the WAF is installed between a server that is serving web content and a network over which clients access the website hosted on the server. The WAF is configured to provide security from external attacks by preventing the website from receiving data that it did not send, and that the data received was not altered by a client. The WAF encodes outbound HTTP response data such that when a client or interloper follows one of the links or other constructs in the response data, the WAF can determine the validity of the next client request. In one embodiment, each universal resource locator link is encrypted and checked for validity when it is returned to the server via the WAF.
PCT/US2006/016925 2005-05-02 2006-05-02 In-line website securing system with html processor and link verification WO2006119336A2 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US67720705P 2005-05-02 2005-05-02
US60/677,207 2005-05-02
US11/415,794 US20060288220A1 (en) 2005-05-02 2006-05-01 In-line website securing system with HTML processor and link verification
US11/415,794 2006-05-01

Publications (3)

Publication Number Publication Date
WO2006119336A2 WO2006119336A2 (en) 2006-11-09
WO2006119336A3 true WO2006119336A3 (en) 2007-08-09
WO2006119336B1 WO2006119336B1 (en) 2007-09-27

Family

ID=37308656

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2006/016925 WO2006119336A2 (en) 2005-05-02 2006-05-02 In-line website securing system with html processor and link verification

Country Status (2)

Country Link
US (1) US20060288220A1 (en)
WO (1) WO2006119336A2 (en)

Families Citing this family (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8161538B2 (en) * 2004-09-13 2012-04-17 Cisco Technology, Inc. Stateful application firewall
US8650214B1 (en) * 2005-05-03 2014-02-11 Symantec Corporation Dynamic frame buster injection
US8819049B1 (en) 2005-06-01 2014-08-26 Symantec Corporation Frame injection blocking
US7734722B2 (en) * 2005-06-02 2010-06-08 Genius.Com Incorporated Deep clickflow tracking
US8996715B2 (en) * 2006-06-23 2015-03-31 International Business Machines Corporation Application firewall validation bypass for impromptu components
US8060916B2 (en) * 2006-11-06 2011-11-15 Symantec Corporation System and method for website authentication using a shared secret
US8613096B2 (en) * 2007-11-30 2013-12-17 Microsoft Corporation Automatic data patch generation for unknown vulnerabilities
US20090144828A1 (en) * 2007-12-04 2009-06-04 Microsoft Corporation Rapid signatures for protecting vulnerable browser configurations
EP2144420B1 (en) * 2008-07-07 2011-06-22 Barracuda Networks AG Web application security filtering
US8266687B2 (en) * 2009-03-27 2012-09-11 Sophos Plc Discovery of the use of anonymizing proxies by analysis of HTTP cookies
US20120117455A1 (en) * 2010-11-08 2012-05-10 Kwift SAS (a French corporation) Anthropomimetic analysis engine for analyzing online forms to determine user view-based web page semantics
US20130019314A1 (en) * 2011-07-14 2013-01-17 International Business Machines Corporation Interactive virtual patching using a web application server firewall
US8862868B2 (en) 2012-12-06 2014-10-14 Airwatch, Llc Systems and methods for controlling email access
US8826432B2 (en) * 2012-12-06 2014-09-02 Airwatch, Llc Systems and methods for controlling email access
US9787686B2 (en) 2013-04-12 2017-10-10 Airwatch Llc On-demand security policy activation
US9231915B2 (en) 2013-10-29 2016-01-05 A 10 Networks, Incorporated Method and apparatus for optimizing hypertext transfer protocol (HTTP) uniform resource locator (URL) filtering
CN104935551B (en) * 2014-03-18 2018-09-04 杭州迪普科技股份有限公司 A kind of webpage tamper protective device and method
GB2524497A (en) * 2014-03-24 2015-09-30 Vodafone Ip Licensing Ltd User equipment proximity requests
CN104301302B (en) * 2014-09-12 2017-09-19 深信服网络科技(深圳)有限公司 Go beyond one's commission attack detection method and device
CN108712430A (en) * 2018-05-24 2018-10-26 网宿科技股份有限公司 A kind of method and apparatus sending form request
US10965659B2 (en) * 2018-11-09 2021-03-30 International Business Machines Corporation Real-time cookie format validation and notification
CN110034922B (en) * 2019-04-22 2022-09-20 湖南快乐阳光互动娱乐传媒有限公司 Request processing method, processing device, request verification method and verification device
US11356275B2 (en) * 2020-05-27 2022-06-07 International Business Machines Corporation Electronically verifying a process flow

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6351811B1 (en) * 1999-04-22 2002-02-26 Adapt Network Security, L.L.C. Systems and methods for preventing transmission of compromised data in a computer network
US20040199762A1 (en) * 2003-04-03 2004-10-07 International Business Machines Corporation Method and system for dynamic encryption of a URL
US20050021972A1 (en) * 1999-04-15 2005-01-27 Gilian Technologies Ltd. Data quality assurance

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020112162A1 (en) * 2001-02-13 2002-08-15 Cocotis Thomas Andrew Authentication and verification of Web page content
US20030051142A1 (en) * 2001-05-16 2003-03-13 Hidalgo Lluis Mora Firewalls for providing security in HTTP networks and applications
US7100049B2 (en) * 2002-05-10 2006-08-29 Rsa Security Inc. Method and apparatus for authentication of users and web sites
US20060005237A1 (en) * 2003-01-30 2006-01-05 Hiroshi Kobata Securing computer network communication using a proxy server
US7395428B2 (en) * 2003-07-01 2008-07-01 Microsoft Corporation Delegating certificate validation

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050021972A1 (en) * 1999-04-15 2005-01-27 Gilian Technologies Ltd. Data quality assurance
US6351811B1 (en) * 1999-04-22 2002-02-26 Adapt Network Security, L.L.C. Systems and methods for preventing transmission of compromised data in a computer network
US20040199762A1 (en) * 2003-04-03 2004-10-07 International Business Machines Corporation Method and system for dynamic encryption of a URL

Also Published As

Publication number Publication date
WO2006119336A2 (en) 2006-11-09
US20060288220A1 (en) 2006-12-21
WO2006119336B1 (en) 2007-09-27

Similar Documents

Publication Publication Date Title
WO2006119336A3 (en) In-line website securing system with html processor and link verification
CN107209830B (en) Method for identifying and resisting network attack
EP3095225B1 (en) Redirect to inspection proxy using single-sign-on bootstrapping
JP6367375B2 (en) System and method for secure communication over a network using linking addresses
EP2005698B1 (en) Method for providing web application security
US11126749B2 (en) Apparatus and method for securing web application server source code
CN102624729B (en) Web authentication method, device and system
PH12019501854A1 (en) Trusted login method, server, and system
WO2016006520A1 (en) Detection device, detection method and detection program
US20100071048A1 (en) Service binding
US20140373138A1 (en) Method and apparatus for preventing distributed denial of service attack
US20170359349A1 (en) Method and apparatus for causing a delay in processing requests for internet resources received from client devices
WO2010011731A3 (en) Methods and systems for secure key entry via communication networks
Shulman et al. Towards security of internet naming infrastructure
WO2008124515A3 (en) A system and method for binding a subscription-based computing system to an internet service provider
WO2006097397A3 (en) Single login systems and methods.
CN103023869B (en) Malicious attack prevention method and browser
Al‐Hammouri et al. ReCAP: a distributed CAPTCHA service at the edge of the network to handle server overload
US10218805B2 (en) Method and apparatus for causing delay in processing requests for internet resources received from client devices
WO2007078037A1 (en) Web page protection method employing security appliance and set-top box having the security appliance built therein
Hollenbeck et al. Security Services for the Registration Data Access Protocol (RDAP)
US20180324211A1 (en) System and method for prevening denial of service attacks
Pansa et al. Architecture and protocols for secure LAN by using a software-level certificate and cancellation of ARP protocol
de los Santos et al. Implementation state of HSTS and HPKP in both browsers and servers
JP2010250791A (en) Web security management device and method for monitoring communication between web server and client

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: RU

122 Ep: pct application non-entry in european phase

Ref document number: 06758970

Country of ref document: EP

Kind code of ref document: A2