Securing web page content

US 10,033,755 B2
Filed: 10/23/2017
Issued: 07/24/2018
Est. Priority Date: 09/30/2014
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a memory; and

one or more physical processors coupled to the memory and configured to;

receiving a source code that is requested by a client device;

processing the source code to identify one or more security vulnerabilities including identification of an unsecure channel corresponding to a resource identified by the source code;

wherein processing the source code includes identifying a first reference in the source code to the resource to retrieve the resource via the unsecure channel;

determine whether one or more modifications to the source code would result in the resource being undeliverable to the client device;

modifying, responsive to processing the source code, the source code thereby generating a modified code, to access the resource via a secure channel;

wherein modifying the source code includes removing the first reference to the resource, adding a second reference to the resource specifying a security directive requiring use of the secure channel by a browser on the client device, and causing the resource to be hosted on a secure server or domain;

transmitting the modified code to the client device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus are described for automatically modifying web page source code to address a variety of security vulnerabilities such as, for example, vulnerabilities that are exploited by mixed content attacks.

59 Citations

View as Search Results

16 Claims

1. A system comprising:
- a memory; and
  
  one or more physical processors coupled to the memory and configured to;
  
  receiving a source code that is requested by a client device;
  
  processing the source code to identify one or more security vulnerabilities including identification of an unsecure channel corresponding to a resource identified by the source code;
  
  wherein processing the source code includes identifying a first reference in the source code to the resource to retrieve the resource via the unsecure channel;
  
  determine whether one or more modifications to the source code would result in the resource being undeliverable to the client device;
  
  modifying, responsive to processing the source code, the source code thereby generating a modified code, to access the resource via a secure channel;
  
  wherein modifying the source code includes removing the first reference to the resource, adding a second reference to the resource specifying a security directive requiring use of the secure channel by a browser on the client device, and causing the resource to be hosted on a secure server or domain;
  
  transmitting the modified code to the client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the source code was received from a server computer.
  - 3. The system of claim 1, wherein the one or more physical processors are further configured to:
    - receive one or more headers; and
      
      modify a header among the one or more headers based on the security directive.
  - 4. The system of claim 1, wherein the one or more physical processors are further configured to determine that the client device supports communication via the secure channel.
  - 5. The system of claim 1, wherein modifying the source code causes the modified code to include identify an executable script in the source code.
  - 6. The system of claim 1, wherein modifying the source code causes the modified code to include an executable script.
  - 7. The system of claim 1, wherein modifying the source code includes specifying an X-Frame options header, or inserting frame-breaking code in the modified code.
  - 8. The system of claim 1, wherein the security directive is for use by the browser on the client device.

9. A method comprising:
- receiving a source code that is requested by a client device;
  
  processing the source code to identify one or more security vulnerabilities including identification of an unsecure channel corresponding to a resource identified by the source code;
  
  wherein processing the source code includes identifying a first reference in the source code to the resource to retrieve the resource via the unsecure channel;
  
  modifying, responsive to processing the source code, the source code thereby generating a modified code, to access the resource via a secure channel;
  
  determining whether one or more modifications to the source code would result in the resource being undeliverable to the client device;
  
  wherein modifying the source code includes removing the first reference to the resource, adding a second reference to the resource specifying a security directive requiring use of the secure channel by a browser on the client device, and causing the resource to be hosted on a secure server or domain;
  
  executing the modified code on the client device;
  
  wherein the method is performed by one or more physical processors.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9 further comprising requesting the resource via the secure channel.
  - 11. The method of claim 9 further comprising sending a request, to a server computer, based on the security directive.
  - 12. The method of claim 9 further comprising determining that the client device supports communication via the secure channel.
  - 13. The method of claim 9, wherein modifying the source code causes the modified code to include identify an executable script in the source code.
  - 14. The method of claim 9, wherein modifying the source code causes the modified code to include an executable script.
  - 15. The method of claim 9 further comprising specifying an X-Frame options header, or inserting frame-breaking code in the modified code.
  - 16. The method of claim 9, wherein the security directive is for use by the browser on the client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Shape Security Inc. (F5 Incorporated)
Original Assignee
Shape Security Inc. (F5 Incorporated)
Inventors
Shekyan, Sergey, Coates, Michael, Hales, Wesley, Peacock, Tim, Call, Justin
Primary Examiner(s)
Okeke, Izunna

Application Number

US15/791,291
Publication Number

US 20180048671A1
Time in Patent Office

274 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/958   Organisation or management ...

G06F 21/56   Computer malware detection ...

G06F 21/568   eliminating virus, restorin...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/033   Test or assess software

G06F 2221/2125   Just-in-time application of...

H04L 63/1433   Vulnerability analysis

H04L 63/168   above the transport layer

Securing web page content

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

59 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Securing web page content

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

59 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links