SYSTEMS AND METHODS FOR CROSS SITE FORGERY PROTECTION
First Claim
1. A method of protecting against forgery of forms, the method comprising:
- (a) identifying, by an application firewall executing on an intermediary device deployed between a plurality of clients and one or more servers, that a response to a first request of a client is a first form;
(b) generating, by the application firewall, a form identifier for the first form that is unique and unpredictable among form identifiers transmitted via the intermediary device;
(c) transmitting, by the application firewall to the client, the response comprising the form identifier embedded in the first form;
(d) receiving, by the application firewall, a second request from the client to send form data for the first form to the server; and
(e) determining, by the application firewall, whether to send the second request to the server based on whether the second request identifies the form identifier transmitted with the response.
8 Assignments
0 Petitions
Accused Products
Abstract
The present solution described herein is directed towards systems and methods to prevent cross-site request forgeries based on web form verification using unique identifiers. The present solution tags each form from a server that is served out in the response with a unique and unpredictable identifier. When the form is posted, the present solution enforces that the identifier being returned is the same as the one that was served out to the user. This prevents malicious unauthorized third party users from submitting a form on a user'"'"'s behalf since they cannot guess the value of this unique identifier that was inserted.
-
Citations
22 Claims
-
1. A method of protecting against forgery of forms, the method comprising:
-
(a) identifying, by an application firewall executing on an intermediary device deployed between a plurality of clients and one or more servers, that a response to a first request of a client is a first form; (b) generating, by the application firewall, a form identifier for the first form that is unique and unpredictable among form identifiers transmitted via the intermediary device; (c) transmitting, by the application firewall to the client, the response comprising the form identifier embedded in the first form; (d) receiving, by the application firewall, a second request from the client to send form data for the first form to the server; and (e) determining, by the application firewall, whether to send the second request to the server based on whether the second request identifies the form identifier transmitted with the response. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for protecting against forgery of forms comprising:
an application firewall executing on an intermediary device deployed between a plurality of clients and one or more servers comprising; a form verification engine of an application firewall executing on the intermediary device identifying that a response to a first request of a client has a first form; an identifier generator of the application firewall generating a form identifier for the first form that is unique and unpredictable among form identifiers transmitted via the intermediary device; wherein the form verification engine transmits to the client the response comprising the form identifier embedded in the first form, receives a second request from the client to send form data for the first form to the server, and determines whether to send the second request to the server based on whether the second request identifies the form identifier transmitted with the response. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
Specification