ATE540515T1 - Verfahren zur bereitstellung von webanwendungssicherheit - Google Patents

Verfahren zur bereitstellung von webanwendungssicherheit

Info

Publication number
ATE540515T1
ATE540515T1 AT07724163T AT07724163T ATE540515T1 AT E540515 T1 ATE540515 T1 AT E540515T1 AT 07724163 T AT07724163 T AT 07724163T AT 07724163 T AT07724163 T AT 07724163T AT E540515 T1 ATE540515 T1 AT E540515T1
Authority
AT
Austria
Prior art keywords
http request
remote client
http
web application
application security
Prior art date
Application number
AT07724163T
Other languages
English (en)
Inventor
Alexander Meisel
Original Assignee
Art Of Defence Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Art Of Defence Gmbh filed Critical Art Of Defence Gmbh
Application granted granted Critical
Publication of ATE540515T1 publication Critical patent/ATE540515T1/de

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1475Passive attacks, e.g. eavesdropping or listening without modification of the traffic monitored
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computer And Data Communications (AREA)
  • Information Transfer Between Computers (AREA)
AT07724163T 2006-04-13 2007-04-11 Verfahren zur bereitstellung von webanwendungssicherheit ATE540515T1 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP06007879 2006-04-13
PCT/EP2007/003222 WO2007118657A1 (en) 2006-04-13 2007-04-11 Method for providing web application security

Publications (1)

Publication Number Publication Date
ATE540515T1 true ATE540515T1 (de) 2012-01-15

Family

ID=38445977

Family Applications (1)

Application Number Title Priority Date Filing Date
AT07724163T ATE540515T1 (de) 2006-04-13 2007-04-11 Verfahren zur bereitstellung von webanwendungssicherheit

Country Status (6)

Country Link
US (1) US20090292925A1 (de)
EP (1) EP2005698B1 (de)
AT (1) ATE540515T1 (de)
CA (1) CA2648997A1 (de)
IL (1) IL193975A (de)
WO (1) WO2007118657A1 (de)

Families Citing this family (66)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7162035B1 (en) 2000-05-24 2007-01-09 Tracer Detection Technology Corp. Authentication method and system
US8171567B1 (en) 2002-09-04 2012-05-01 Tracer Detection Technology Corp. Authentication method and system
US20070245422A1 (en) * 2006-04-18 2007-10-18 Softrun, Inc. Phishing-Prevention Method Through Analysis of Internet Website to be Accessed and Storage Medium Storing Computer Program Source for Executing the Same
US7827311B2 (en) * 2007-05-09 2010-11-02 Symantec Corporation Client side protection against drive-by pharming via referrer checking
SG183697A1 (en) * 2007-08-06 2012-09-27 Monseignat Bernard De System and method for authentication, data transfer, and protection against phishing
US8315951B2 (en) * 2007-11-01 2012-11-20 Alcatel Lucent Identity verification for secure e-commerce transactions
US8091118B2 (en) * 2007-12-21 2012-01-03 At & T Intellectual Property I, Lp Method and system to optimize efficiency when managing lists of untrusted network sites
US7995196B1 (en) 2008-04-23 2011-08-09 Tracer Detection Technology Corp. Authentication method and system
US9059979B2 (en) * 2009-02-27 2015-06-16 Blackberry Limited Cookie verification methods and apparatus for use in providing application services to communication devices
US9049247B2 (en) 2010-04-01 2015-06-02 Cloudfare, Inc. Internet-based proxy service for responding to server offline errors
US10102301B2 (en) 2010-04-01 2018-10-16 Cloudflare, Inc. Internet-based proxy security services
US8448231B2 (en) * 2010-10-05 2013-05-21 Guest Tek Interactive Entertainment Ltd. Walled garden system for providing access to one or more websites that incorporate content from other websites and method thereof
CN102480490B (zh) * 2010-11-30 2014-09-24 国际商业机器公司 一种用于防止csrf攻击的方法和设备
US8370914B2 (en) * 2010-12-15 2013-02-05 Microsoft Corporation Transition from WS-Federation passive profile to active profile
EP2498206A1 (de) * 2011-03-10 2012-09-12 Adalbert Gubo Verfahren und Vorrichtung zur Kontrolle von Mehrschrittprozessen
US8285808B1 (en) 2011-05-20 2012-10-09 Cloudflare, Inc. Loading of web resources
WO2013009713A2 (en) * 2011-07-08 2013-01-17 Uab Research Foundation Syntactical fingerprinting
CN103729768B (zh) * 2012-10-15 2018-10-19 北京京东尚科信息技术有限公司 一种电子交易信息处理方法和装置
US8996855B2 (en) * 2012-11-14 2015-03-31 Blackberry Limited HTTP layer countermeasures against blockwise chosen boundary attack
US8966637B2 (en) 2013-02-08 2015-02-24 PhishMe, Inc. Performance benchmarking for simulated phishing attacks
US9356948B2 (en) 2013-02-08 2016-05-31 PhishMe, Inc. Collaborative phishing attack detection
US9231951B2 (en) * 2013-11-01 2016-01-05 Google Inc. Probabilistically expedited secure connections via connection parameter reuse
US9906539B2 (en) 2015-04-10 2018-02-27 PhishMe, Inc. Suspicious message processing and incident response
US10893009B2 (en) * 2017-02-16 2021-01-12 eTorch Inc. Email fraud prevention
CN107528811A (zh) * 2016-06-21 2017-12-29 中兴通讯股份有限公司 请求的响应方法及装置
RU2649793C2 (ru) 2016-08-03 2018-04-04 ООО "Группа АйБи" Способ и система выявления удаленного подключения при работе на страницах веб-ресурса
US11316895B1 (en) * 2016-10-20 2022-04-26 United Services Automobile Association (Usaa) Method of generating and using credentials to detect the source of account takeovers
RU2671991C2 (ru) * 2016-12-29 2018-11-08 Общество с ограниченной ответственностью "Траст" Система и способ сбора информации для обнаружения фишинга
RU2637477C1 (ru) 2016-12-29 2017-12-04 Общество с ограниченной ответственностью "Траст" Система и способ обнаружения фишинговых веб-страниц
RU2689816C2 (ru) 2017-11-21 2019-05-29 ООО "Группа АйБи" Способ для классифицирования последовательности действий пользователя (варианты)
RU2668710C1 (ru) 2018-01-17 2018-10-02 Общество с ограниченной ответственностью "Группа АйБи ТДС" Вычислительное устройство и способ для обнаружения вредоносных доменных имен в сетевом трафике
RU2680736C1 (ru) 2018-01-17 2019-02-26 Общество с ограниченной ответственностью "Группа АйБи ТДС" Сервер и способ для определения вредоносных файлов в сетевом трафике
RU2677361C1 (ru) 2018-01-17 2019-01-16 Общество с ограниченной ответственностью "Траст" Способ и система децентрализованной идентификации вредоносных программ
RU2676247C1 (ru) 2018-01-17 2018-12-26 Общество С Ограниченной Ответственностью "Группа Айби" Способ и компьютерное устройство для кластеризации веб-ресурсов
RU2677368C1 (ru) 2018-01-17 2019-01-16 Общество С Ограниченной Ответственностью "Группа Айби" Способ и система для автоматического определения нечетких дубликатов видеоконтента
RU2681699C1 (ru) 2018-02-13 2019-03-12 Общество с ограниченной ответственностью "Траст" Способ и сервер для поиска связанных сетевых ресурсов
US10826935B2 (en) 2018-04-24 2020-11-03 International Business Machines Corporation Phishing detection through secure testing implementation
CN110557358A (zh) * 2018-05-31 2019-12-10 武汉安天信息技术有限责任公司 蜜罐服务器通信方法、SSLStrip中间人攻击感知方法及相关装置
US10972481B2 (en) * 2018-06-07 2021-04-06 Sap Se Web application session security
US10992759B2 (en) 2018-06-07 2021-04-27 Sap Se Web application session security with protected session identifiers
RU2708508C1 (ru) 2018-12-17 2019-12-09 Общество с ограниченной ответственностью "Траст" Способ и вычислительное устройство для выявления подозрительных пользователей в системах обмена сообщениями
RU2701040C1 (ru) 2018-12-28 2019-09-24 Общество с ограниченной ответственностью "Траст" Способ и вычислительное устройство для информирования о вредоносных веб-ресурсах
EP3842968B1 (de) 2019-02-27 2024-04-24 "Group IB" Ltd. Verfahren und system zur identifizierung eines benutzers gemäss der tastenanschlagsdynamik
EP3842966B8 (de) 2019-04-10 2026-03-04 Group-Ib Global Private Limited Identifizierung eines benutzers aus der sequenz von auf einer benutzerschnittstelle geöffneten fenstern
US11017064B2 (en) 2019-05-14 2021-05-25 Bank Of America Corporation Authentication using interprogram communication
RU2728498C1 (ru) 2019-12-05 2020-07-29 Общество с ограниченной ответственностью "Группа АйБи ТДС" Способ и система определения принадлежности программного обеспечения по его исходному коду
RU2728497C1 (ru) 2019-12-05 2020-07-29 Общество с ограниченной ответственностью "Группа АйБи ТДС" Способ и система определения принадлежности программного обеспечения по его машинному коду
US12333525B1 (en) * 2019-12-18 2025-06-17 Worldpay, Llc Systems and methods for dynamic application of tokens in credit authorization
RU2743974C1 (ru) 2019-12-19 2021-03-01 Общество с ограниченной ответственностью "Группа АйБи ТДС" Система и способ сканирования защищенности элементов сетевой архитектуры
RU2722693C1 (ru) 2020-01-27 2020-06-03 Общество с ограниченной ответственностью «Группа АйБи ТДС» Способ и система выявления инфраструктуры вредоносной программы или киберзлоумышленника
RU2722692C1 (ru) 2020-02-21 2020-06-03 Общество с ограниченной ответственностью «Группа АйБи ТДС» Способ и система выявления вредоносных файлов в неизолированной среде
SG10202001963TA (en) 2020-03-04 2021-10-28 Group Ib Global Private Ltd System and method for brand protection based on the search results
RU2738344C1 (ru) 2020-03-10 2020-12-11 Общество с ограниченной ответственностью «Группа АйБи ТДС» Способ и система поиска схожих вредоносных программ по результатам их динамического анализа
US11475090B2 (en) 2020-07-15 2022-10-18 Group-Ib Global Private Limited Method and system for identifying clusters of affiliated web resources
RU2743619C1 (ru) 2020-08-06 2021-02-20 Общество с ограниченной ответственностью "Группа АйБи ТДС" Способ и система генерации списка индикаторов компрометации
US11582223B2 (en) 2021-01-07 2023-02-14 Bank Of America Corporation Browser extension for validating communications
US11314841B1 (en) * 2021-01-07 2022-04-26 Bank Of America Corporation Web browser communication validation extension
US11947572B2 (en) 2021-03-29 2024-04-02 Group IB TDS, Ltd Method and system for clustering executable files
NL2030861B1 (en) 2021-06-01 2023-03-14 Trust Ltd System and method for external monitoring a cyberattack surface
RU2769075C1 (ru) 2021-06-10 2022-03-28 Общество с ограниченной ответственностью "Группа АйБи ТДС" Система и способ активного обнаружения вредоносных сетевых ресурсов
NL2031253B1 (en) 2021-08-19 2023-03-24 Group Ib Tds Ltd Computing device and method of detecting compromised network devices based on dns tunneling detection
US20230247081A1 (en) * 2022-01-31 2023-08-03 Salesforce.Com, Inc. Declarative rendering of hypertext transfer protocol headers
US11991207B2 (en) * 2022-03-14 2024-05-21 Bank Of America Corporation Anti-phish, personalized, security token for use with electronic communications
US11991172B2 (en) 2022-03-29 2024-05-21 Bank Of America Corporation Double anti-phish, personalized, security token for use with electronic communications
US12278837B2 (en) * 2022-04-18 2025-04-15 Bank Of America Corporation Anti-phish network for securing electronic communications
US12003646B2 (en) 2022-04-18 2024-06-04 Bank Of America Corporation Storage locations for anti-phish, personalized, security tokens for use with electronic communications

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7954144B1 (en) * 2000-01-18 2011-05-31 Novell, Inc. Brokering state information and identity among user agents, origin servers, and proxies
US8005965B2 (en) * 2001-06-30 2011-08-23 International Business Machines Corporation Method and system for secure server-based session management using single-use HTTP cookies
US20040054898A1 (en) * 2002-08-28 2004-03-18 International Business Machines Corporation Authenticating and communicating verifiable authorization between disparate network domains
US8578462B2 (en) * 2003-12-12 2013-11-05 Avaya Inc. Method and system for secure session management in a web farm
US20060080735A1 (en) * 2004-09-30 2006-04-13 Usa Revco, Llc Methods and systems for phishing detection and notification
US8132242B1 (en) * 2006-02-13 2012-03-06 Juniper Networks, Inc. Automated authentication of software applications using a limited-use token

Also Published As

Publication number Publication date
EP2005698A1 (de) 2008-12-24
WO2007118657A1 (en) 2007-10-25
CA2648997A1 (en) 2007-10-25
IL193975A (en) 2013-11-28
EP2005698B1 (de) 2012-01-04
US20090292925A1 (en) 2009-11-26

Similar Documents

Publication Publication Date Title
ATE540515T1 (de) Verfahren zur bereitstellung von webanwendungssicherheit
DE602007001336D1 (de) Abhängigkeitsmeldung
WO2007138423A3 (en) Method and system for providing remote access to applications
WO2014190337A3 (en) Requesting proximate resources by learning devices
MX2011009172A (es) Aparato, sistema y metodo de ornamento.
WO2006068969A3 (en) Method and device for publishing cross-network user behavioral data
WO2010014539A3 (en) Client device and associated methodology of accessing networked services
RU2014140732A (ru) Способ и система для обеспечения удаленного доступа к состоянию прикладной программы
WO2008106361A3 (en) Hierarchical temporal memory (htm) system deployed as web service
WO2012121846A3 (en) Automatic entry of calendar events
TR201905420T4 (tr) Bir cihazın ve buna karşılık gelen cihazın uzaktan yönetim yöntemi.
EP2472829A8 (de) Verfahren, Systeme und Vorrichtungen zum horizontal skalierbaren, hochverfügbaren dynamischen inhaltsbasierten Routing
MX2009003549A (es) Ejecucion fuera de linea de aplicaciones basadas en web.
WO2009108732A3 (en) Electronic profile development, storage, use and systems for taking action based thereon
CL2007001510A1 (es) Metodos y dispositivos de computacion cliente que permiten delegar credenciales de usuario desde el dispositivo de computacion cliente a un dispositivo de computacion seridor en una red de computacion, eventualmente en una sola conexion, y obtener seguro a recursos del servidor.
WO2013032515A3 (en) Systems and methods for application identification
EP1909462A3 (de) Verfahren zur unterteilten Bereitstellung eines elektronischen Dienstes
FI20070044A7 (fi) Viestintää helpottava järjestely tietoliikennejärjestelmässä
BR112013004094A2 (pt) isim transferível por download.
GB2472169A (en) System and method for providing a system management command
WO2008135620A8 (es) Acceso desde un terminal remoto a la información de un terminal móvil
ATE540519T1 (de) Verfahren und vorrichtung zur gemeinsamen nutzung von verbindungen von gemeinsamem interesse zwischen kommunikationsgeräten
MX2010009898A (es) Alojamiento escalable de soluciones de usuario.
JP2018514102A5 (de)
WO2014186696A3 (en) Managing communications in a multi-client, multi-server environment