-
公开(公告)号:US20110154473A1
公开(公告)日:2011-06-23
申请号:US12645924
申请日:2009-12-23
申请人: Craig Anderson , Anoop Reddy , Yariv Keinan
发明人: Craig Anderson , Anoop Reddy , Yariv Keinan
CPC分类号: G06F21/64 , G06F2221/2119 , H04L63/0209 , H04L63/0272 , H04L63/08 , H04L63/1466 , H04L63/1483
摘要: The present solution described herein is directed towards systems and methods to prevent cross-site request forgeries based on web form verification using unique identifiers. The present solution tags each form from a server that is served out in the response with a unique and unpredictable identifier. When the form is posted, the present solution enforces that the identifier being returned is the same as the one that was served out to the user. This prevents malicious unauthorized third party users from submitting a form on a user's behalf since they cannot guess the value of this unique identifier that was inserted.
摘要翻译: 本文描述的本解决方案涉及用于使用唯一标识符基于web表单验证来防止跨站点请求伪造的系统和方法。 本解决方案从响应中提供的具有唯一且不可预测的标识符的服务器标记每个表单。 当表单发布时,本解决方案强制要返回的标识符与向用户提供的标识符相同。 这样可以防止恶意的未经授权的第三方用户代表用户提交表单,因为他们无法猜测插入的唯一标识符的值。
-
公开(公告)号:US20110154472A1
公开(公告)日:2011-06-23
申请号:US12645913
申请日:2009-12-23
申请人: Craig Anderson , Anoop Reddy , Yariv Keinan
发明人: Craig Anderson , Anoop Reddy , Yariv Keinan
CPC分类号: H04L63/1408 , H04L63/0272 , H04L63/1441 , H04L63/166
摘要: Described herein is a method and system for prevention of personal computing attacks, such as JavaScript Objection Notation (JSON) attacks. An intermediary device is deployed between a plurality of clients and servers. A firewall executes on the intermediary device. A client sends a request to the server and the server sends a response to the request. The intermediary device intercepts the response and identifies that the response may contain possibly harmful content. The application firewall parses the content of the response and determines whether it contains any harmful content. If it does, the application firewall blocks the response from being sent to its destination. Additionally, the method and system can provide other security checks, such as content hijacking protection and data validation.
摘要翻译: 这里描述了一种用于防止个人计算攻击(例如JavaScript异议符号(JSON))攻击的方法和系统。 中间设备部署在多个客户端和服务器之间。 防火墙在中间设备上执行。 客户端向服务器发送请求,服务器向请求发送响应。 中间设备拦截响应并识别响应可能包含可能有害的内容。 应用程序防火墙解析响应的内容,并确定它是否包含任何有害的内容。 如果是这样,应用程序防火墙阻止响应发送到其目的地。 此外,该方法和系统可以提供其他安全检查,如内容劫持保护和数据验证。
-
公开(公告)号:US08640216B2
公开(公告)日:2014-01-28
申请号:US12645924
申请日:2009-12-23
申请人: Craig Anderson , Anoop Reddy , Yariv Keinan
发明人: Craig Anderson , Anoop Reddy , Yariv Keinan
CPC分类号: G06F21/64 , G06F2221/2119 , H04L63/0209 , H04L63/0272 , H04L63/08 , H04L63/1466 , H04L63/1483
摘要: The present solution described herein is directed towards systems and methods to prevent cross-site request forgeries based on web form verification using unique identifiers. The present solution tags each form from a server that is served out in the response with a unique and unpredictable identifier. When the form is posted, the present solution enforces that the identifier being returned is the same as the one that was served out to the user. This prevents malicious unauthorized third party users from submitting a form on a user's behalf since they cannot guess the value of this unique identifier that was inserted.
摘要翻译: 本文描述的本解决方案涉及用于使用唯一标识符基于web表单验证来防止跨站点请求伪造的系统和方法。 本解决方案从响应中提供的具有唯一且不可预测的标识符的服务器标记每个表单。 当表单发布时,本解决方案强制要返回的标识符与向用户提供的标识符相同。 这样可以防止恶意的未经授权的第三方用户代表用户提交表单,因为他们无法猜测插入的唯一标识符的值。
-
公开(公告)号:US09094435B2
公开(公告)日:2015-07-28
申请号:US12645913
申请日:2009-12-23
申请人: Craig Anderson , Anoop Reddy , Yariv Keinan
发明人: Craig Anderson , Anoop Reddy , Yariv Keinan
CPC分类号: H04L63/1408 , H04L63/0272 , H04L63/1441 , H04L63/166
摘要: Described herein is a method and system for prevention of personal computing attacks, such as JavaScript Objection Notation (JSON) attacks. An intermediary device is deployed between a plurality of clients and servers. A firewall executes on the intermediary device. A client sends a request to the server and the server sends a response to the request. The intermediary device intercepts the response and identifies that the response may contain possibly harmful content. The application firewall parses the content of the response and determines whether it contains any harmful content. If it does, the application firewall blocks the response from being sent to its destination. Additionally, the method and system can provide other security checks, such as content hijacking protection and data validation.
摘要翻译: 这里描述了一种用于防止个人计算攻击(例如JavaScript异议符号(JSON))攻击的方法和系统。 中间设备部署在多个客户端和服务器之间。 防火墙在中间设备上执行。 客户端向服务器发送请求,服务器向请求发送响应。 中间设备拦截响应并识别响应可能包含可能有害的内容。 应用程序防火墙解析响应的内容,并确定它是否包含任何有害的内容。 如果是这样,应用程序防火墙阻止响应发送到其目的地。 此外,该方法和系统可以提供其他安全检查,如内容劫持保护和数据验证。
-
-
-
搜索结果
4 条记录 (耗时 0.013 秒)
