WO2008060722A3 - System and method of securing web applications against threats - Google Patents

System and method of securing web applications against threats Download PDF

Info

Publication number
WO2008060722A3
WO2008060722A3 PCT/US2007/073974 US2007073974W WO2008060722A3 WO 2008060722 A3 WO2008060722 A3 WO 2008060722A3 US 2007073974 W US2007073974 W US 2007073974W WO 2008060722 A3 WO2008060722 A3 WO 2008060722A3
Authority
WO
WIPO (PCT)
Prior art keywords
web application
web
traffic
web applications
applications against
Prior art date
Application number
PCT/US2007/073974
Other languages
French (fr)
Other versions
WO2008060722A2 (en
Inventor
Kevin Overcash
Kate Delikat
Rami Mizrahi
Nitzan Galit Efron
Doron Kolton
Asaf Wexler
Netta Gavrieli
Yoram Zahavi
Original Assignee
Breach Security Inc
Kevin Overcash
Kate Delikat
Rami Mizrahi
Nitzan Galit Efron
Doron Kolton
Asaf Wexler
Netta Gavrieli
Yoram Zahavi
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Breach Security Inc, Kevin Overcash, Kate Delikat, Rami Mizrahi, Nitzan Galit Efron, Doron Kolton, Asaf Wexler, Netta Gavrieli, Yoram Zahavi filed Critical Breach Security Inc
Priority to EP07868318A priority Critical patent/EP2044515A2/en
Publication of WO2008060722A2 publication Critical patent/WO2008060722A2/en
Publication of WO2008060722A3 publication Critical patent/WO2008060722A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer

Abstract

A system and method for protection of Web based applications are described. A Web application security system is included within a computer network to monitor traffic received from a wide area network, such as the Internet, and determine if there is a threat to the Web application. The Web application security system monitors web traffic in a non-inline configuration and identifies any anomalous traffic against a profile that identifies acceptable behavior of a user of the application. Any anomalous traffic is analyzed and appropriate protective action is taken to secure the Web application against an attack.
PCT/US2007/073974 2006-07-20 2007-07-20 System and method of securing web applications against threats WO2008060722A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP07868318A EP2044515A2 (en) 2006-07-20 2007-07-20 System and method of securing networks against application threats

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/458,965 US20080047009A1 (en) 2006-07-20 2006-07-20 System and method of securing networks against applications threats
US11/458,965 2006-07-20

Publications (2)

Publication Number Publication Date
WO2008060722A2 WO2008060722A2 (en) 2008-05-22
WO2008060722A3 true WO2008060722A3 (en) 2008-08-14

Family

ID=39102881

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2007/073974 WO2008060722A2 (en) 2006-07-20 2007-07-20 System and method of securing web applications against threats

Country Status (3)

Country Link
US (1) US20080047009A1 (en)
EP (1) EP2044515A2 (en)
WO (1) WO2008060722A2 (en)

Families Citing this family (104)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7673335B1 (en) 2004-07-01 2010-03-02 Novell, Inc. Computer-implemented method and system for security event correlation
US8578480B2 (en) * 2002-03-08 2013-11-05 Mcafee, Inc. Systems and methods for identifying potentially malicious messages
US20060015942A1 (en) 2002-03-08 2006-01-19 Ciphertrust, Inc. Systems and methods for classification of messaging entities
US8561167B2 (en) * 2002-03-08 2013-10-15 Mcafee, Inc. Web reputation scoring
US7926113B1 (en) 2003-06-09 2011-04-12 Tenable Network Security, Inc. System and method for managing network vulnerability analysis systems
US7761918B2 (en) * 2004-04-13 2010-07-20 Tenable Network Security, Inc. System and method for scanning a network
US8635690B2 (en) 2004-11-05 2014-01-21 Mcafee, Inc. Reputation based message processing
US7926099B1 (en) * 2005-07-15 2011-04-12 Novell, Inc. Computer-implemented method and system for security event transport using a message bus
US8763113B2 (en) 2005-11-28 2014-06-24 Threatmetrix Pty Ltd Method and system for processing a stream of information from a computer network using node based reputation characteristics
US8141148B2 (en) 2005-11-28 2012-03-20 Threatmetrix Pty Ltd Method and system for tracking machines on a network using fuzzy GUID technology
JP2007183838A (en) * 2006-01-06 2007-07-19 Fujitsu Ltd Query parameter output page discovering program, query parameter output page discovering method, and query parameter output page discovering device
US8676961B2 (en) * 2006-07-27 2014-03-18 Yahoo! Inc. System and method for web destination profiling
US9715675B2 (en) * 2006-08-10 2017-07-25 Oracle International Corporation Event-driven customizable automated workflows for incident remediation
US7904472B1 (en) * 2006-09-18 2011-03-08 Symantec Operating Corporation Scanning application binaries to identify database queries
JP4908131B2 (en) * 2006-09-28 2012-04-04 富士通株式会社 Display processing program, apparatus, and method of non-immediate processing existence possibility
US8176178B2 (en) * 2007-01-29 2012-05-08 Threatmetrix Pty Ltd Method for tracking machines on a network using multivariable fingerprinting of passively available information
US9444839B1 (en) 2006-10-17 2016-09-13 Threatmetrix Pty Ltd Method and system for uniquely identifying a user computer in real time for security violations using a plurality of processing parameters and servers
US7984452B2 (en) 2006-11-10 2011-07-19 Cptn Holdings Llc Event source management using a metadata-driven framework
US8214497B2 (en) 2007-01-24 2012-07-03 Mcafee, Inc. Multi-dimensional reputation scoring
US7779156B2 (en) 2007-01-24 2010-08-17 Mcafee, Inc. Reputation based load balancing
US8179798B2 (en) * 2007-01-24 2012-05-15 Mcafee, Inc. Reputation based connection throttling
US8763114B2 (en) 2007-01-24 2014-06-24 Mcafee, Inc. Detecting image spam
US8255999B2 (en) * 2007-05-24 2012-08-28 Microsoft Corporation Anti-virus scanning of partially available content
US20080301796A1 (en) * 2007-05-31 2008-12-04 Microsoft Corporation Adjusting the Levels of Anti-Malware Protection
US8949827B2 (en) * 2007-06-22 2015-02-03 Red Hat, Inc. Tracking a virtual machine
US8191141B2 (en) 2007-06-22 2012-05-29 Red Hat, Inc. Method and system for cloaked observation and remediation of software attacks
US9678803B2 (en) 2007-06-22 2017-06-13 Red Hat, Inc. Migration of network entities to a cloud infrastructure
US9354960B2 (en) 2010-12-27 2016-05-31 Red Hat, Inc. Assigning virtual machines to business application service groups based on ranking of the virtual machines
US8127290B2 (en) * 2007-06-22 2012-02-28 Red Hat, Inc. Method and system for direct insertion of a virtual machine driver
US8336108B2 (en) * 2007-06-22 2012-12-18 Red Hat, Inc. Method and system for collaboration involving enterprise nodes
US8539570B2 (en) 2007-06-22 2013-09-17 Red Hat, Inc. Method for managing a virtual machine
US9569330B2 (en) 2007-06-22 2017-02-14 Red Hat, Inc. Performing dependency analysis on nodes of a business application service group
US8984504B2 (en) * 2007-06-22 2015-03-17 Red Hat, Inc. Method and system for determining a host machine by a virtual machine
US8429748B2 (en) * 2007-06-22 2013-04-23 Red Hat, Inc. Network traffic analysis using a dynamically updating ontological network description
US9495152B2 (en) 2007-06-22 2016-11-15 Red Hat, Inc. Automatic baselining of business application service groups comprised of virtual machines
US9727440B2 (en) 2007-06-22 2017-08-08 Red Hat, Inc. Automatic simulation of virtual machine performance
EP2201457A2 (en) * 2007-10-18 2010-06-30 Neustar, Inc. System and method for sharing web performance monitoring data
US9843596B1 (en) * 2007-11-02 2017-12-12 ThetaRay Ltd. Anomaly detection in dynamically evolving data and systems
US8185930B2 (en) 2007-11-06 2012-05-22 Mcafee, Inc. Adjusting filter or classification control settings
US8331240B2 (en) * 2007-11-08 2012-12-11 Harris Corporation Promiscuous monitoring using internet protocol enabled devices
US8589503B2 (en) * 2008-04-04 2013-11-19 Mcafee, Inc. Prioritizing network traffic
US8185488B2 (en) 2008-04-17 2012-05-22 Emc Corporation System and method for correlating events in a pluggable correlation architecture
CN101674293B (en) * 2008-09-11 2013-04-03 阿里巴巴集团控股有限公司 Method and system for processing abnormal request in distributed application
US8769684B2 (en) * 2008-12-02 2014-07-01 The Trustees Of Columbia University In The City Of New York Methods, systems, and media for masquerade attack detection by monitoring computer user behavior
WO2010088550A2 (en) * 2009-01-29 2010-08-05 Breach Security, Inc. A method and apparatus for excessive access rate detection
US10057285B2 (en) * 2009-01-30 2018-08-21 Oracle International Corporation System and method for auditing governance, risk, and compliance using a pluggable correlation architecture
US20100199345A1 (en) * 2009-02-04 2010-08-05 Breach Security, Inc. Method and System for Providing Remote Protection of Web Servers
US8490187B2 (en) 2009-03-20 2013-07-16 Microsoft Corporation Controlling malicious activity detection using behavioral models
US9231964B2 (en) * 2009-04-14 2016-01-05 Microsoft Corporation Vulnerability detection based on aggregated primitives
US8418227B2 (en) * 2009-08-21 2013-04-09 Verizon Patent And Licensing, Inc. Keystroke logger for Unix-based systems
US8789204B2 (en) * 2009-12-22 2014-07-22 Nokia Corporation Method and apparatus for secure cross-site scripting
US8528091B2 (en) 2009-12-31 2013-09-03 The Trustees Of Columbia University In The City Of New York Methods, systems, and media for detecting covert malware
US8438270B2 (en) * 2010-01-26 2013-05-07 Tenable Network Security, Inc. System and method for correlating network identities and addresses
US8302198B2 (en) 2010-01-28 2012-10-30 Tenable Network Security, Inc. System and method for enabling remote registry service security audits
US8707440B2 (en) * 2010-03-22 2014-04-22 Tenable Network Security, Inc. System and method for passively identifying encrypted and interactive network sessions
US8549650B2 (en) 2010-05-06 2013-10-01 Tenable Network Security, Inc. System and method for three-dimensional visualization of vulnerability and asset data
US8621638B2 (en) 2010-05-14 2013-12-31 Mcafee, Inc. Systems and methods for classification of messaging entities
WO2012041385A1 (en) * 2010-09-30 2012-04-05 Hewlett-Packard Development Company, L P Virtual machines for virus scanning
RU2449348C1 (en) 2010-11-01 2012-04-27 Закрытое акционерное общество "Лаборатория Касперского" System and method for virus-checking data downloaded from network at server side
US8578487B2 (en) 2010-11-04 2013-11-05 Cylance Inc. System and method for internet security
RU2454714C1 (en) * 2010-12-30 2012-06-27 Закрытое акционерное общество "Лаборатория Касперского" System and method of increasing efficiency of detecting unknown harmful objects
US8800033B2 (en) * 2011-05-26 2014-08-05 International Business Machines Corporation Rotation of web site content to prevent E-mail spam/phishing attacks
US9116717B2 (en) 2011-05-27 2015-08-25 Cylance Inc. Run-time interception of software methods
US9032529B2 (en) * 2011-11-30 2015-05-12 International Business Machines Corporation Detecting vulnerabilities in web applications
US9030562B2 (en) 2011-12-02 2015-05-12 Robert Bosch Gmbh Use of a two- or three-dimensional barcode as a diagnostic device and a security device
US9367707B2 (en) 2012-02-23 2016-06-14 Tenable Network Security, Inc. System and method for using file hashes to track data leakage and document propagation in a network
US9298494B2 (en) 2012-05-14 2016-03-29 Qualcomm Incorporated Collaborative learning for efficient behavioral analysis in networked mobile device
US9324034B2 (en) 2012-05-14 2016-04-26 Qualcomm Incorporated On-device real-time behavior analyzer
US9609456B2 (en) 2012-05-14 2017-03-28 Qualcomm Incorporated Methods, devices, and systems for communicating behavioral analysis information
US9690635B2 (en) 2012-05-14 2017-06-27 Qualcomm Incorporated Communicating behavior information in a mobile computing device
US9202047B2 (en) 2012-05-14 2015-12-01 Qualcomm Incorporated System, apparatus, and method for adaptive observation of mobile device behavior
US20150205463A1 (en) * 2012-06-26 2015-07-23 Google Inc. Method for storing form data
US9043920B2 (en) 2012-06-27 2015-05-26 Tenable Network Security, Inc. System and method for identifying exploitable weak points in a network
US9088606B2 (en) 2012-07-05 2015-07-21 Tenable Network Security, Inc. System and method for strategic anti-malware monitoring
US9747440B2 (en) 2012-08-15 2017-08-29 Qualcomm Incorporated On-line behavioral analysis engine in mobile device with multiple analyzer model providers
US9495537B2 (en) 2012-08-15 2016-11-15 Qualcomm Incorporated Adaptive observation of behavioral features on a mobile device
US9330257B2 (en) 2012-08-15 2016-05-03 Qualcomm Incorporated Adaptive observation of behavioral features on a mobile device
US9319897B2 (en) 2012-08-15 2016-04-19 Qualcomm Incorporated Secure behavior analysis over trusted execution environment
US10089582B2 (en) 2013-01-02 2018-10-02 Qualcomm Incorporated Using normalized confidence values for classifying mobile device behaviors
US9686023B2 (en) 2013-01-02 2017-06-20 Qualcomm Incorporated Methods and systems of dynamically generating and using device-specific and device-state-specific classifier models for the efficient classification of mobile device behaviors
US9684870B2 (en) 2013-01-02 2017-06-20 Qualcomm Incorporated Methods and systems of using boosted decision stumps and joint feature selection and culling algorithms for the efficient classification of mobile device behaviors
US9742559B2 (en) 2013-01-22 2017-08-22 Qualcomm Incorporated Inter-module authentication for securing application execution integrity within a computing device
US9491187B2 (en) 2013-02-15 2016-11-08 Qualcomm Incorporated APIs for obtaining device-specific behavior classifier models from the cloud
US20140259169A1 (en) * 2013-03-11 2014-09-11 Hewlett-Packard Development Company, L.P. Virtual machines
US9467464B2 (en) 2013-03-15 2016-10-11 Tenable Network Security, Inc. System and method for correlating log data to discover network vulnerabilities and assets
US9852290B1 (en) 2013-07-12 2017-12-26 The Boeing Company Systems and methods of analyzing a software component
US9280369B1 (en) 2013-07-12 2016-03-08 The Boeing Company Systems and methods of analyzing a software component
US9336025B2 (en) 2013-07-12 2016-05-10 The Boeing Company Systems and methods of analyzing a software component
US9396082B2 (en) 2013-07-12 2016-07-19 The Boeing Company Systems and methods of analyzing a software component
US9479521B2 (en) 2013-09-30 2016-10-25 The Boeing Company Software network behavior analysis and identification system
US9298597B2 (en) 2014-06-17 2016-03-29 International Business Machines Corporation Automated testing of websites based on mode
US9301126B2 (en) 2014-06-20 2016-03-29 Vodafone Ip Licensing Limited Determining multiple users of a network enabled device
US10230742B2 (en) 2015-01-30 2019-03-12 Anomali Incorporated Space and time efficient threat detection
EP3251047B1 (en) * 2015-01-30 2021-06-02 Micro Focus LLC Protection against database injection attacks
US9680646B2 (en) * 2015-02-05 2017-06-13 Apple Inc. Relay service for communication between controllers and accessories
US10021123B2 (en) * 2015-06-29 2018-07-10 Qualcomm Incorporated Customized network traffic models to detect application anomalies
US9641544B1 (en) * 2015-09-18 2017-05-02 Palo Alto Networks, Inc. Automated insider threat prevention
US10462173B1 (en) * 2016-06-30 2019-10-29 Fireeye, Inc. Malware detection verification and enhancement by coordinating endpoint and malware detection systems
US10298605B2 (en) 2016-11-16 2019-05-21 Red Hat, Inc. Multi-tenant cloud security threat detection
US11194915B2 (en) 2017-04-14 2021-12-07 The Trustees Of Columbia University In The City Of New York Methods, systems, and media for testing insider threat detection systems
US10855656B2 (en) 2017-09-15 2020-12-01 Palo Alto Networks, Inc. Fine-grained firewall policy enforcement using session app ID and endpoint process ID correlation
US10931637B2 (en) 2017-09-15 2021-02-23 Palo Alto Networks, Inc. Outbound/inbound lateral traffic punting based on process risk
WO2021149119A1 (en) * 2020-01-20 2021-07-29 日本電信電話株式会社 Estimation system and estimation program
US20230224275A1 (en) * 2022-01-12 2023-07-13 Bank Of America Corporation Preemptive threat detection for an information system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060259973A1 (en) * 2005-05-16 2006-11-16 S.P.I. Dynamics Incorporated Secure web application development environment
US20060282897A1 (en) * 2005-05-16 2006-12-14 Caleb Sima Secure web application development and execution environment

Family Cites Families (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6574661B1 (en) * 1997-09-26 2003-06-03 Mci Communications Corporation Integrated proxy interface for web based telecommunication toll-free network management using a network manager for downloading a call routing tree to client
US6351811B1 (en) * 1999-04-22 2002-02-26 Adapt Network Security, L.L.C. Systems and methods for preventing transmission of compromised data in a computer network
US6701362B1 (en) * 2000-02-23 2004-03-02 Purpleyogi.Com Inc. Method for creating user profiles
US7159237B2 (en) * 2000-03-16 2007-01-02 Counterpane Internet Security, Inc. Method and system for dynamic network intrusion monitoring, detection and response
AU3054102A (en) * 2000-11-30 2002-06-11 Lancope Inc Flow-based detection of network intrusions
EP1368726A4 (en) * 2001-02-06 2005-04-06 En Garde Systems Apparatus and method for providing secure network communication
US7313822B2 (en) * 2001-03-16 2007-12-25 Protegrity Corporation Application-layer security method and system
US20030084323A1 (en) * 2001-10-31 2003-05-01 Gales George S. Network intrusion detection system and method
US7752665B1 (en) * 2002-07-12 2010-07-06 TCS Commercial, Inc. Detecting probes and scans over high-bandwidth, long-term, incomplete network traffic information using limited memory
US7313092B2 (en) * 2002-09-30 2007-12-25 Lucent Technologies Inc. Apparatus and method for an overload control procedure against denial of service attack
US7788722B1 (en) * 2002-12-02 2010-08-31 Arcsight, Inc. Modular agent for network security intrusion detection system
US7412539B2 (en) * 2002-12-18 2008-08-12 Sonicwall, Inc. Method and apparatus for resource locator identifier rewrite
US20040143749A1 (en) * 2003-01-16 2004-07-22 Platformlogic, Inc. Behavior-based host-based intrusion prevention system
US20040199818A1 (en) * 2003-03-31 2004-10-07 Microsoft Corp. Automated testing of web services
US20050203881A1 (en) * 2004-03-09 2005-09-15 Akio Sakamoto Database user behavior monitor system and method
US8458793B2 (en) * 2004-07-13 2013-06-04 International Business Machines Corporation Methods, computer program products and data structures for intrusion detection, intrusion response and vulnerability remediation across target computer systems
WO2006044798A2 (en) * 2004-10-15 2006-04-27 Protegrity Corporation Cooperative processing and escalation in a multi-node application-layer security system and method
US20060200572A1 (en) * 2005-03-07 2006-09-07 Check Point Software Technologies Ltd. Scan by data direction
JP2007004685A (en) * 2005-06-27 2007-01-11 Hitachi Ltd Communication information monitoring device
US7752274B2 (en) * 2006-04-03 2010-07-06 International Business Machines Corporation Apparatus and method for filtering and selectively inspecting e-mail

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060259973A1 (en) * 2005-05-16 2006-11-16 S.P.I. Dynamics Incorporated Secure web application development environment
US20060282897A1 (en) * 2005-05-16 2006-12-14 Caleb Sima Secure web application development and execution environment

Also Published As

Publication number Publication date
WO2008060722A2 (en) 2008-05-22
US20080047009A1 (en) 2008-02-21
EP2044515A2 (en) 2009-04-08

Similar Documents

Publication Publication Date Title
WO2008060722A3 (en) System and method of securing web applications against threats
Harrop et al. Cyber resilience: A review of critical national infrastructure and cyber security protection measures applied in the UK and USA
WO2010091186A3 (en) Method and system for providing remote protection of web servers
WO2009134900A3 (en) Trusted network interface
WO2006094228A3 (en) Implementing trust policies
WO2008011576A3 (en) System and method of securing web applications across an enterprise
WO2009134906A3 (en) Network security appliance
GB2438133A (en) A multi-layer system for privacy enforcement and monitoring of suspicious data access behavior
WO2007120313A3 (en) Insider attack defense for network client validation of network management frames
WO2011112469A3 (en) Behavior-based security system
WO2008077150A3 (en) Secure service computation
WO2011162848A3 (en) System and method for providing impact modeling and prediction of attacks on cyber targets
WO2008065341A3 (en) Distributed network system
WO2011072289A3 (en) Cloud-based firewall system and service
SG168497A1 (en) Browser preview
WO2009122306A3 (en) Method for mitigating the unauthorized use of a device
WO2006127012A3 (en) Packet sampling flow-based detection of network intrusions
WO2009122291A3 (en) Method for mitigating the unauthorized use of a device
WO2006076273A3 (en) Integrated firewall, ips, and virus scanner system and method
WO2010132860A3 (en) Systems and methods for computer security employing virtual computer systems
WO2011109766A3 (en) Input parameter filtering for web application security
CN108259472A (en) Dynamic joint defence mechanism based on attack analysis realizes system and method
WO2008150786A3 (en) Method and system for network protection against cyber attacks
Hunter Hardware-based security: FPGA-based devices
WO2007125402A3 (en) A method for protecting local servers from denial-of-service attacks

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07868318

Country of ref document: EP

Kind code of ref document: A2

WWE Wipo information: entry into national phase

Ref document number: 2007868318

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: RU