公开(公告)号：US20220272127A1

公开(公告)日：2022-08-25

申请号：US17386870

申请日：2021-07-28

申请人： Tala Security, Inc.

发明人： Siddhesh Shripad Yawalkar ,  Hemant Puri ,  Nicholas Maxwell ,  Sandeep Bhatkar ,  Nhan Nyugen ,  Anindita Bhattacharjee

IPC分类号： H04L29/06

摘要： Techniques to facilitate automatic insertion of security policies for web applications are disclosed herein. In at least one implementation, security configuration information for a web application is received. A web request for a web resource is received and processed to determine an HTTP security header for insertion into a web response to the web request based on properties of the web request. The web response is intercepted and the HTTP security header is inserted into the web response to generate a modified web response. The web response is processed to determine a security enhancement to apply to the web resource based on the security configuration information. The security enhancement is applied to the web resource to generate a modified web resource. The modified web response and the modified web resource are provided to a client application in response to the web request for the web resource.