MONITORING AND MITIGATING CLIENT-SIDE EXPLOITATION OF APPLICATION FLAWS

US 20140215605A1
Filed: 01/28/2013
Published: 07/31/2014
Est. Priority Date: 01/28/2013
Status: Active Grant

First Claim

Patent Images

1. A system for monitoring and mitigating client-side exploitation of application flaws, the system comprising:

a client device operating an application;

a server communicatively coupled to the client device; and

an application flaw service module communicatively coupled to the client device and server;

in which the application flaw service module receives a request from the client device comprising transactional metadata and inspecting the transactional metadata for malicious content within the request.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for monitoring and mitigating client-side exploitation of application flaws, the system comprising a client device operating an application, a server communicatively coupled to the client device, and an application flaw service module communicatively coupled to the client device and server in which the application flaw service module receives a request from the client device comprising transactional metadata and inspecting the transactional metadata for malicious content within the request. A method of monitoring and mitigating client-side exploitation of application flaws by adding computer usable program code to the response to a first request from a client, receiving a second request from the client, determining that transactional metadata within the response contains an attack vector, and returning a response to the browser including attack vector countermeasures embedded in the response.

32 Citations

View as Search Results

15 Claims

1. A system for monitoring and mitigating client-side exploitation of application flaws, the system comprising:
- a client device operating an application;
  
  a server communicatively coupled to the client device; and
  
  an application flaw service module communicatively coupled to the client device and server;
  
  in which the application flaw service module receives a request from the client device comprising transactional metadata and inspecting the transactional metadata for malicious content within the request.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, in which the request is a GET request and in which the application is a web-application.
  - 3. The system of claim 1, which prior to the application flaw service module receiving and inspecting the transactional metadata within the request, the server causes application flaw script to be added to the transactional metadata of a response to the request sent by the client device.
  - 4. The system of claim 3, in which the client device executes the application flaw script and sends a generated request to the application flaw service module.
  - 5. The system of claim 1, in which the application flaw service module further generates a countermeasure script and response and sends the response to the client device for execution of the countermeasures.
  - 6. The system of claim 1, in which the application flaw service module inspects, with a header and location inspection module, the transactional metadata for malicious content within the request by referring to a filter rules and logic database.
  - 7. The system of claim 6, further comprising a vulnerability tracking module that tracks attack vectors in the received requests that are detected by the header and location inspection module.

8. A method of monitoring and mitigating client-side exploitation of application flaws comprising:
- adding computer usable program code to the beginning of a response to a first request from a client;
  
  receiving a second request from the client;
  
  determining that transactional metadata within the response contains an attack vector; and
  
  returning a response to the client including attack vector countermeasures embedded in the response.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method of claim 8, further comprising tracking a type of vulnerability as evidenced by the attack vector.
  - 10. The method of claim 8, in which the first and second requests are GET requests originating from a client device executing a web-application.
  - 11. The method of claim 8, in which 1 determining that the transactional metadata of the response contains an attack vector further comprises comparing a number of filter rules and logic from a filter rules and logic database with the content of the request to determine if the response contains an attack vector.
  - 12. The method of claim 8, in which the computer usable program code added to the beginning of the response to a first request is executed by a client device and in which the client device generates and sends the second request.

13. A computer program product for monitoring and mitigating client-side exploitation of application flaws, the computer program product comprising:
- a computer readable storage medium comprising computer usable program code embodied therewith, the computer usable program code comprising;
  
  computer usable program code to, when executed by a processor, add computer usable program code to the beginning of a response to a first request from a client;
  
  computer usable program code to, when executed by a processor, receive a second request from the client;
  
  computer usable program code to, when executed by a processor, determine that transactional metadata within the response contains an attack vector; and
  
  computer usable program code to, when executed by a processor, return a response to the client including attack vector countermeasures embedded in the response.
- View Dependent Claims (14, 15)
- - 14. The computer program product of claim 13, further comprising computer usable program code to, when executed by a processor, track a type of vulnerability as evidenced by the attack vector.
  - 15. The computer program product of claim 13, in which the computer usable program code to determine that the transactional metadata of the response contains an attack vector further comprises computer usable program code to, when executed by a processor, compare a number of filter rules and logic from a filter rules and logic database with the content of the request to determine if the response contains an attack vector.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Decime, Jerry Brent, Smith, Cale

Granted Patent

US 9,083,736 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/52   during program execution, e...

G06F 21/57   Certifying or maintaining t...

G06F 2221/033   Test or assess software

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

MONITORING AND MITIGATING CLIENT-SIDE EXPLOITATION OF APPLICATION FLAWS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

32 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

MONITORING AND MITIGATING CLIENT-SIDE EXPLOITATION OF APPLICATION FLAWS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links