公开(公告)号：US07934253B2

公开(公告)日：2011-04-26

申请号：US11532060

申请日：2006-09-14

申请人： Kevin Overcash ,  Kate Delikat ,  Rami Mizrahi ,  Galit Efron ,  Doron Kolton ,  Asaf Wexler ,  Netta Gavrieli ,  Yoram Zahavi

发明人： Kevin Overcash ,  Kate Delikat ,  Rami Mizrahi ,  Galit Efron ,  Doron Kolton ,  Asaf Wexler ,  Netta Gavrieli ,  Yoram Zahavi

IPC分类号： G06F11/00

CPC分类号： H04L63/1425 ,  G06F21/55 ,  H04L63/20

摘要： A system and method for protection of Web based applications are described. The techniques described provide an enterprise wide approach to preventing attacks of Web based applications. Individual computer networks within the enterprise monitor network traffic to identify anomalous traffic. The anomalous traffic can be identified by comparing the traffic to a profile of acceptable user traffic when interacting with the application. The anomalous traffic, or security events, identified at the individual computer networks are communicated to a central security manager. The central security manager correlates the security events at the individual computer networks to determine if there is an enterprise wide security threat. The central security manager can then communicate instructions to the individual computer networks so as to provide an enterprise wide solution to the threat.

摘要翻译： 描述了一种用于保护基于Web的应用程序的系统和方法。 所描述的技术提供了一种企业级的方法来防止基于Web的应用程序的攻击。 企业内的个人计算机网络监控网络流量，以识别异常流量。 通过在与应用程序交互时将流量与可接受用户流量的配置文件进行比较，可以识别异常流量。 在个别计算机网络上识别的异常流量或安全事件被传送给中央安全管理员。 中央安全经理将各个计算机网络上的安全事件相关联，以确定是否存在企业级的安全威胁。 然后，中央安全经理可以向各个计算机网络传达指令，从而为威胁提供企业级的解决方案。

公开(公告)号：US08180886B2

公开(公告)日：2012-05-15

申请号：US12270635

申请日：2008-11-13

申请人： Kevin Overcash ,  Doron Kolton ,  Rami Mizrahi

发明人： Kevin Overcash ,  Doron Kolton ,  Rami Mizrahi

IPC分类号： G06F15/16

CPC分类号： H04L63/1425 ,  H04L41/142 ,  H04L43/16

摘要： In one embodiment, a method for securing a network application is described. The method for securing a network application includes receiving network information within a network application and assigning a probability value to an independent aspect of the network information. The probability value is based on a verification of the independent aspect of the information against a profile of acceptable behavior. The method for securing a network application also includes aggregating the probability values of the independent aspects of the network information to determine the probability of the entire network traffic. In addition, the method for securing a network application includes determining whether the probability value of the entire network information is above or below a threshold probability value. The entire network information is screened out based on the probability value of the entire message with respect to the threshold probability value.

摘要翻译： 在一个实施例中，描述了用于保护网络应用的方法。 用于保护网络应用的方法包括在网络应用内接收网络信息，并将概率值分配给网络信息的独立方面。 概率值是基于信息的独立方面对可接受行为概况的验证。 用于保护网络应用的方法还包括聚合网络信息的独立方面的概率值以确定整个网络业务的概率。 此外，用于确保网络应用的方法包括确定整个网络信息的概率值是否高于或低于阈值概率值。 基于整个消息的概率值相对于阈值概率值来筛选整个网络信息。

公开(公告)号：US20080047009A1

公开(公告)日：2008-02-21

申请号：US11458965

申请日：2006-07-20

申请人： Kevin Overcash ,  Kate Delikat ,  Rami Mizrahi ,  Galit Efron (Njtzan) ,  Doron Kolton ,  Asaf Wexler ,  Netta Gavrieli ,  Yoram Zahavi

发明人： Kevin Overcash ,  Kate Delikat ,  Rami Mizrahi ,  Galit Efron (Njtzan) ,  Doron Kolton ,  Asaf Wexler ,  Netta Gavrieli ,  Yoram Zahavi

IPC分类号： G06F12/14

CPC分类号： H04L63/0209 ,  H04L63/1408 ,  H04L63/166

摘要： A system and method for protection of Web based applications are described. A Web application security system is included within a computer network to monitor traffic received from a wide area network, such as the Internet, and determine if there is a threat to the Web application. The Web application security system monitors web traffic in a non-inline configuration and identifies any anomalous traffic against a profile that identifies acceptable behavior of a user of the application. Any anomalous traffic is analyzed and appropriate protective action is taken to secure the Web application against an attack.

摘要翻译： 描述了一种用于保护基于Web的应用程序的系统和方法。 Web应用程序安全系统包括在计算机网络内以监视从诸如因特网的广域网接收的流量，并确定是否存在对Web应用程序的威胁。 Web应用程序安全系统以非内联配置监视Web流量，并根据识别应用程序用户可接受行为的配置文件识别任何异常流量。 分析任何异常流量，并采取适当的保护措施来保护Web应用程序免受攻击。

公开(公告)号：US20080034425A1

公开(公告)日：2008-02-07

申请号：US11532060

申请日：2006-09-14

申请人： Kevin Overcash ,  Kate Delikate ,  Rami Mizrahi ,  Galit Efron ,  Doron Kolton ,  Asaf Wexler ,  Netta Gavrieli ,  Yoram Zahavi

发明人： Kevin Overcash ,  Kate Delikate ,  Rami Mizrahi ,  Galit Efron ,  Doron Kolton ,  Asaf Wexler ,  Netta Gavrieli ,  Yoram Zahavi

IPC分类号： G06F11/00

CPC分类号： H04L63/1425 ,  G06F21/55 ,  H04L63/20

摘要： A system and method for protection of Web based applications are described. The techniques described provide an enterprise wide approach to preventing attacks of Web based applications. Individual computer networks within the enterprise monitor network traffic to identify anomalous traffic. The anomalous traffic can be identified by comparing the traffic to a profile of acceptable user traffic when interacting with the application. The anomalous traffic, or security events, identified at the individual computer networks are communicated to a central security manager. The central security manager correlates the security events at the individual computer networks to determine if there is an enterprise wide security threat. The central security manager can then communicate instructions to the individual computer networks so as to provide an enterprise wide solution to the threat

摘要翻译： 描述了一种用于保护基于Web的应用程序的系统和方法。 所描述的技术提供了一种企业级的方法来防止基于Web的应用程序的攻击。 企业内的个人计算机网络监控网络流量，以识别异常流量。 通过在与应用程序交互时将流量与可接受用户流量的配置文件进行比较，可以识别异常流量。 在个别计算机网络上识别的异常流量或安全事件被传送给中央安全管理员。 中央安全经理将各个计算机网络上的安全事件相关联，以确定是否存在企业级的安全威胁。 然后，中央安全经理可以向各个计算机网络传达指令，从而为威胁提供企业级的解决方案

公开(公告)号：US20090138592A1

公开(公告)日：2009-05-28

申请号：US12270635

申请日：2008-11-13

申请人： Kevin Overcash ,  Doron Kolton ,  Rami Mizrahi

发明人： Kevin Overcash ,  Doron Kolton ,  Rami Mizrahi

IPC分类号： G06F15/173

CPC分类号： H04L63/1425 ,  H04L41/142 ,  H04L43/16

摘要： In one embodiment, a method for securing a network application is described. The method for securing a network application includes receiving network information within a network application and assigning a probability value to an independent aspect of the network information. The probability value is based on a verification of the independent aspect of the information against a profile of acceptable behavior. The method for securing a network application also includes aggregating the probability values of the independent aspects of the network information to determine the probability of the entire network traffic. In addition, the method for securing a network application includes determining whether the probability value of the entire network information is above or below a threshold probability value. The entire network information is screened out based on the probability value of the entire message with respect to the threshold probability value.

摘要翻译： 在一个实施例中，描述了用于保护网络应用的方法。 用于保护网络应用的方法包括在网络应用内接收网络信息，并将概率值分配给网络信息的独立方面。 概率值是基于信息的独立方面对可接受行为概况的验证。 用于保护网络应用的方法还包括聚合网络信息的独立方面的概率值以确定整个网络业务的概率。 此外，用于确保网络应用的方法包括确定整个网络信息的概率值是否高于或低于阈值概率值。 基于整个消息的概率值相对于阈值概率值来筛选整个网络信息。

公开(公告)号：US20080034424A1

公开(公告)日：2008-02-07

申请号：US11532058

申请日：2006-09-14

申请人： Kevin Overcash ,  Kate Delikate ,  Rami Mizrahi ,  Galit Efron ,  Doron Kolton ,  Asaf Wexler ,  Netta Gavrieli ,  Yoram Zahavi

发明人： Kevin Overcash ,  Kate Delikate ,  Rami Mizrahi ,  Galit Efron ,  Doron Kolton ,  Asaf Wexler ,  Netta Gavrieli ,  Yoram Zahavi

IPC分类号： G06F12/14

CPC分类号： H04L63/1416 ,  G06F21/55 ,  H04L63/102

摘要： A system and method for protection of Web based applications are described. An agent is included in a web server such that traffic is routed through the agent. A security module is also in communication with the agent. The agent receives information about the application profile, and patterns of acceptable traffic behavior, from the security module. The agent acts as a gatekeeper, holding up suspicious traffic that does not match the pattern of acceptable traffic behavior until the suspicious traffic has been analyzed by the security module. Using the agent, malicious traffic can dropped before it can reach the application, or the user can be logged out, or both.

摘要翻译： 描述了一种用于保护基于Web的应用程序的系统和方法。 代理被包括在web服务器中，使得流量通过代理路由。 安全模块也与代理通信。 代理从安全模块接收有关应用程序配置文件的信息和可接受流量行为的模式。 该代理充当网守，阻止可疑流量与可接受的流量行为模式不匹配，直到安全模块分析了可疑流量。 使用代理程序，恶意流量可能会在到达应用程序之前丢弃，或者用户可以注销，或两者兼而有之。

公开(公告)号：US20090100518A1

公开(公告)日：2009-04-16

申请号：US12234303

申请日：2008-09-19

申请人： Kevin Overcash

发明人： Kevin Overcash

IPC分类号： G06F11/30 ,  G08B25/00

CPC分类号： H04L63/1433 ,  G06F21/552 ,  G06F21/554

摘要： A system and method for detecting vulnerabilities in a deployed web application includes developing a profile of acceptable behavior for inbound communication and outbound communication of a web application. The method also includes receiving a current inbound communication and a current outbound communication from the web application. The current inbound communication includes an inbound user request and the current outbound communication is in response to the current inbound communication. The current inbound communication and the current outbound communication are validated with the profile of acceptable behavior to identify an anomaly. The identified anomaly includes an occurrence of an acceptable behavior for the current inbound communication in combination with an occurrence of an unacceptable behavior for the current outbound communication.

摘要翻译： 用于检测已部署的Web应用程序中的漏洞的系统和方法包括开发用于入站通信和web应用的出站通信的可接受行为的简档。 该方法还包括从web应用接收当前入站通信和当前出站通信。 当前的入站通信包括入站用户请求，并且当前出站通信是响应于当前的入站通信。 当前的入站通信和当前的出站通信通过可接受的行为来识别异常。 所识别的异常包括当前入站通信的可接受行为的发生以及当前出站通信的不可接受行为的发生。