SYSTEM AND METHOD FOR WEB APPLICATION SECURITY
First Claim
1. A method for generating a transformed web application code, the method comprising:
- intercepting a web application code sent by at least one web server;
providing at least one script; and
embedding the at least one script along with the intercepted web application code resulting in the transformed web application code, wherein the script is meant for collecting and sending the representation of at least one client document object model (DOM) structure of the transformed web application code at least once when executed on a client.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for detection and mitigation of client-side initiated security attack(s) to a web application is disclosed. A server component (SC) of the system is configured to intercept at least partially a web application code and/or data exchanged between a web server and one or more web browsers running on client devices respectively. The SC installs a script in the web application code intercepted from a web server before forwarding a transformed web application code to the a web browser. The CS when executed in a web browser of a client, causes the web browser to execute a loop which sweeps the document object model (DOM) structure of the webpage. Further, the CS sends a report containing the DOM structure and/or details on data to the SC. Using the received reports, SC concludes if tampering occurred at the client-side.
104 Citations
32 Claims
-
1. A method for generating a transformed web application code, the method comprising:
-
intercepting a web application code sent by at least one web server; providing at least one script; and embedding the at least one script along with the intercepted web application code resulting in the transformed web application code, wherein the script is meant for collecting and sending the representation of at least one client document object model (DOM) structure of the transformed web application code at least once when executed on a client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. (canceled)
-
13. (canceled)
-
14. (canceled)
-
15. (canceled)
-
16. (canceled)
-
17. A method for executing a transformed web application code, the method comprising:
-
receiving the transformed web application code, wherein the transformed web application code comprises at least the web application code and a script; executing the script to generate a loop for sweeping at least once a client document object model (DOM) structure of the web application code; and transmitting at least one representation of the client DOM structure to at least one web server. - View Dependent Claims (18)
-
-
20. (canceled)
-
21. (canceled)
-
22. (canceled)
-
23. (canceled)
-
24. (canceled)
-
25. (canceled)
-
26. (canceled)
-
27. A web application protection system for detecting and mitigating security attacks on a web application code, the system comprising:
-
an interface to intercept the web application code sent by a web server; a clean document object model (DOM) builder module to build a deemed clean representation of the DOM structure of the intercepted web application code; and a detection engine to compare at least one representation of at least one client DOM structure received from a client with the deemed clean representation of the DOM structure, wherein the at least one representation of the at least one DOM structure is received subsequent to the execution of a transformed web application code on the client, wherein the detection engine determines one or more tampering events that signify one or more security threats to the transformed web application code based upon the comparison. - View Dependent Claims (19, 28, 29, 30, 31, 32)
-
Specification