SYSTEM AND METHOD FOR WEB APPLICATION SECURITY

US 20160119344A1
Filed: 07/04/2014
Published: 04/28/2016
Est. Priority Date: 07/04/2013
Status: Active Grant

First Claim

Patent Images

1. A method for generating a transformed web application code, the method comprising:

intercepting a web application code sent by at least one web server;

providing at least one script; and

embedding the at least one script along with the intercepted web application code resulting in the transformed web application code, wherein the script is meant for collecting and sending the representation of at least one client document object model (DOM) structure of the transformed web application code at least once when executed on a client.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for detection and mitigation of client-side initiated security attack(s) to a web application is disclosed. A server component (SC) of the system is configured to intercept at least partially a web application code and/or data exchanged between a web server and one or more web browsers running on client devices respectively. The SC installs a script in the web application code intercepted from a web server before forwarding a transformed web application code to the a web browser. The CS when executed in a web browser of a client, causes the web browser to execute a loop which sweeps the document object model (DOM) structure of the webpage. Further, the CS sends a report containing the DOM structure and/or details on data to the SC. Using the received reports, SC concludes if tampering occurred at the client-side.

104 Citations

View as Search Results

32 Claims

1. A method for generating a transformed web application code, the method comprising:
- intercepting a web application code sent by at least one web server;
  
  providing at least one script; and
  
  embedding the at least one script along with the intercepted web application code resulting in the transformed web application code, wherein the script is meant for collecting and sending the representation of at least one client document object model (DOM) structure of the transformed web application code at least once when executed on a client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the providing the at least one script comprises:
    - installing at least one of a challenge token or a unique identification number in the at least one script; and
      
      protecting the at least one script with the at least one challenge token or unique identification number.
  - 3. The method of claims 1, further comprising protecting at least partially one of the intercepted web application code, the at least one script or the transformed web application code.
  - 4. The method of claim 3, wherein the protecting comprises at least one of obfuscating or encrypting the intercepted web application code, the at least one script or the transformed web application code one or more times.
  - 5. The method of claim 1, further comprising installing a challenge token in the at least one script to at least one of preclude attacks and/or make it difficult for automated attacks to succeed.
  - 6. The method of claim 1, further comprising installing a unique identification number in the at least one script to detect attempts to reuse the same script.
  - 7. The method of claim 1, further comprising changing a programming language of at least a part of the intercepted web application code.
  - 8. The method of claim 1, further comprising changing an order of one or more programs of the intercepted web application code and the at least one script.
  - 9. The method of claim 1, wherein the script comprising a set of instructions to be executed at the client for initiating a key exchange protocol for establishing a shared secret key between the set of instructions executing on the client and a web server.
  - 10. The method of claim 1 further comprising establishing a secure tunnel for delivery of at least one of the at least one script and/or the transformed web application code to the client.
  - 11. The method of claim 1, further comprising:
    - obtaining a deemed clean representation of a document object model (DOM) structure of the intercepted web application code;
      
      comparing a representation of at least one client DOM structure received from a client with the deemed clean representation of the DOM structure, wherein the representation of the at least one client DOM structure is received subsequent to the execution of the transformed web application code on the client; and
      
      determining one or more tampering events that signify one or more security threats to the transformed web application code based upon the comparison.

12. (canceled)

13. (canceled)

14. (canceled)

15. (canceled)

16. (canceled)

17. A method for executing a transformed web application code, the method comprising:
- receiving the transformed web application code, wherein the transformed web application code comprises at least the web application code and a script;
  
  executing the script to generate a loop for sweeping at least once a client document object model (DOM) structure of the web application code; and
  
  transmitting at least one representation of the client DOM structure to at least one web server.
- View Dependent Claims (18)
- - 18. The method of claim 17 further comprising displaying at least one of a visual alert or an audio notification in case a tampering event is detected.

20. (canceled)

21. (canceled)

22. (canceled)

23. (canceled)

24. (canceled)

25. (canceled)

26. (canceled)

27. A web application protection system for detecting and mitigating security attacks on a web application code, the system comprising:
- an interface to intercept the web application code sent by a web server;
  
  a clean document object model (DOM) builder module to build a deemed clean representation of the DOM structure of the intercepted web application code; and
  
  a detection engine to compare at least one representation of at least one client DOM structure received from a client with the deemed clean representation of the DOM structure, wherein the at least one representation of the at least one DOM structure is received subsequent to the execution of a transformed web application code on the client, wherein the detection engine determines one or more tampering events that signify one or more security threats to the transformed web application code based upon the comparison.
- View Dependent Claims (19, 28, 29, 30, 31, 32)
- - 19. The web application protection system of claim 27, further comprising a page processing module to embed at least one script with the intercepted web application code to produce the transformed web application code, wherein the at least one script triggers a loop to collect and send one or more client document object model (DOM) structures of the transformed web application code at least once when executed on a client.
  - 28. The system of claim 27, wherein the interface comprises one or more of a reverse proxy interface, a collaborating proxy interface or a remote proxy interface.
  - 29. The system of claim 27, wherein the clean DOM builder module is configured to merge one or more variations produced to the deemed clean representation of the DOM structure.
  - 30. The system of claim 27, wherein the detection engine is configured to share one or more variations ignored in the at least one representation of the at least one DOM structure received from the client across different installations of a server component.
  - 31. The system of claim 27, further comprising an event manager to notify at least one of the web server or the client in case one or more tampering event is determined.
  - 32. The system of claim 31, wherein the event manager notifies at least one of the web server or the client in case even if one representation of the at least one client DOM structure is not received from the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Jscrambler SA
Original Assignee
Jscrambler SA
Inventors
Freitas Fortuna dos Santos, Antonio Pedro, Silvares Ribeiro, Rui Miguel, Gomes Silva, Filipe Manuel

Granted Patent

US 9,979,726 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 40/143   Markup, e.g. Standard Gener...

H04L 63/0876   based on the identity of th...

H04L 63/1466   Active attacks involving in...

H04L 63/168   above the transport layer

SYSTEM AND METHOD FOR WEB APPLICATION SECURITY

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

104 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR WEB APPLICATION SECURITY

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

104 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links