Please download the dossier by clicking on the dossier button x
×

DEALING WITH WEB ATTACKS USING CRYPTOGRAPHICALLY SIGNED HTTP COOKIES

  • US 20130055384A1
  • Filed: 08/25/2011
  • Published: 02/28/2013
  • Est. Priority Date: 08/25/2011
  • Status: Active Grant
First Claim
Patent Images

1. A method in a security gateway (SG), coupled between a hypertext transport protocol (HTTP) client and a web application server, for detecting web attacks, the method comprising:

  • responsive to a first HTTP message being transmitted between the HTTP client and the web application server as part of an HTTP session, generating security gateway session security state information (SGI) based on a policy and the first HTTP message;

    generating a digital signature (SGS) from the SGI;

    creating an SG signed session security state information cookie (SGC) that includes the SGS and not the SGI;

    sending the SGC to the HTTP client for storage instead of storing the SGI in the SG, wherein the HTTP client should return the SGC as part of a next HTTP request transmitted from the HTTP client to the web application server as part of the HTTP session; and

    responsive to a second HTTP message being transmitted from the HTTP client to the web application server as part of the HTTP session, attempting to validate a claim made in the second HTTP request message using at least the policy and the SGC that is supposed to be returned with the next HTTP request.

View all claims
  • 5 Assignments
Timeline View
Assignment View
    ×
    ×