WEB APPLICATION SECURITY FILTERING
First Claim
1. A method for operating a Web applications security filtering system, the method comprisinga) receiving from a first computer endpoint content description language comprising at least one request for input data and at least one constrain to the expected input data,b) enriching the content description language sent by the first computer endpoint with at least one security token that is based on the at least one request for input data and comprises at least one constraint to the expected input data,c) sending to a second computer endpoint content description language enriched with the at least one security token,d) receiving from the second computer endpoint input data together with the at least one security token,e) parsing input data and the at least one security token sent by the second computer endpoint,f) verifying the input data against the at least one constraint determined in the security token, andg) blocking the transfer of input data which does not conform to the at least one constraint.
3 Assignments
0 Petitions
Accused Products
Abstract
User inputs and/or Uniform Resource Identifier (URI), historically and popularly referred to as Universal Resource Locator (URL), requests in a content description language are passed through a security service (Web application firewall or a reverse Web proxy server) that is placed in front of Web application servers in order to protect the servers from hacking attempts. For validating Webform user inputs and/or URI requests and parameters the content description language is enriched by the security service with additional security tokens that are dynamically created based on the content being transferred. The user receives the information and returns input with the security tokens. The security service can then verify all provided user input data against the constraints described in the corresponding security token. As a result, the method may block the HTTP request or create log messages or notification events in reaction to violations of the user input data compared to the constraints in the security token.
41 Citations
15 Claims
-
1. A method for operating a Web applications security filtering system, the method comprising
a) receiving from a first computer endpoint content description language comprising at least one request for input data and at least one constrain to the expected input data, b) enriching the content description language sent by the first computer endpoint with at least one security token that is based on the at least one request for input data and comprises at least one constraint to the expected input data, c) sending to a second computer endpoint content description language enriched with the at least one security token, d) receiving from the second computer endpoint input data together with the at least one security token, e) parsing input data and the at least one security token sent by the second computer endpoint, f) verifying the input data against the at least one constraint determined in the security token, and g) blocking the transfer of input data which does not conform to the at least one constraint.
-
15. A security service apparatus for Web application security filtering, the apparatus comprising:
-
a) means for receiving content description language transferred between at least a first and a second computer endpoint through the security service apparatus, b) means for enriching the content description language sent by the first computer endpoint with at least one security token that is based on at least one request for input data and at least one constraint to the expected input data, c) means for sending to the second computer endpoint content description language enriched with the at least one security token, d) means for receiving from the second computer endpoint input data together with the at least one security token, e) means for parsing input data and the at least one security token sent by the second computer endpoint, f) means for verifying the input data against the at least one constraint in the security token, and g) means for blocking the transfer of input data which does not conform to the at least one constraint.
-
Specification