Software proxy for securing web application business logic
First Claim
1. A method for securing web application business logic comprising:
- embedding unique keys into an outgoing HTTP response;
sending an incoming HTTP request to access a web server;
determining if the incoming HTTP request is valid using the unique keys; and
responding to the incoming HTTP request if the incoming HTTP request is valid.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention describes a novel method for securing the Business Logic of on-line Internet applications against application manipulation attacks by means of identifying the exact manner in which the application was intended to be used (Intended Use Guidelines) and enforcing said intended use by embedding unique identification keys inside outgoing HTTP (HyperText Transfer Protocol) response headers and/or HTTP response HTML (HyperText Markup Language) streams and validating subsequent HTTP requests before submitting an independent HTTP request to a standard Web Server (HTTP daemon). Each unique identification key is mapped to one or more Intended Use Guidelines. The software is designed to be positioned behind an Internet-facing network firewall and in front of a standard Web Server. The software is further designed to accept TCP/IP (Transmission Control Protocol/Internet Protocol) socket connections from clients (typically standard Web browsers), validate incoming HTTP requests, and submit an independent HTTP request to the Web Server over a separate TCP/IP socket connection. The software is further designed to create an outgoing HTTP response with an appropriate status (error) code to the client before disconnecting the socket connection between the software and the Client in response to invalid HTTP requests. Under such conditions, an HTTP request is not created or sent to the Web Server, thereby avoiding any damage to the Web Server, the operating system on which the Web Server executes, and other internal network resources.
-
Citations
20 Claims
-
1. A method for securing web application business logic comprising:
-
embedding unique keys into an outgoing HTTP response;
sending an incoming HTTP request to access a web server;
determining if the incoming HTTP request is valid using the unique keys; and
responding to the incoming HTTP request if the incoming HTTP request is valid. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 11)
-
-
10. A system for securing web application business logic comprising:
-
a client configured to send a request to access a web server; and
a protection proxy configured to;
receive the request from the client;
validate the request from the client using a unique key;
receive a response to the request from the web server;
update an Intended Use Guidelines database based on a response from the web server; and
generate an outgoing response to the client including the unique key. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer system for securing web application business logic comprising:
-
a processor;
a memory;
a storage device; and
software instructions stored in the memory for enabling the computer system under control of the processor, to;
embed unique keys into an outgoing HTTP response;
send an incoming HTTP request to access a web server;
determine if the incoming HTTP request is valid using the unique keys; and
respond to the incoming HTTP request if the incoming HTTP request is valid.
-
Specification