CREATION OF SECURITY PROFILES FOR WEB APPLICATION COMPONENTS

US 20200137126A1
Filed: 10/30/2019
Published: 04/30/2020
Est. Priority Date: 10/31/2018
Status: Active Application

First Claim

Patent Images

1. A method of operating a computing system to facilitate creation of security profiles for web application components, the method comprising:

receiving a plurality of web resources used to construct web applications;

analyzing the plurality of web resources to generate normalized fingerprints for each of the web resources;

determining a plurality of security risk factors for each of the plurality of web resources based on the normalized fingerprints generated for each of the web resources; and

generating a reputation score for each of the plurality of web resources based on the security risk factors determined for each of the web resources.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques to facilitate creation of security profiles for web application components are disclosed herein. In at least one implementation, a plurality of web resources used to construct web applications is received. The plurality of web resources is analyzed to generate normalized fingerprints for each of the web resources. A plurality of security risk factors is determined for each of the plurality of web resources based on the normalized fingerprints generated for each of the web resources. A reputation score is generated for each of the plurality of web resources based on the security risk factors determined for each of the web resources.

5 Citations

View as Search Results

20 Claims

1. A method of operating a computing system to facilitate creation of security profiles for web application components, the method comprising:
- receiving a plurality of web resources used to construct web applications;
  
  analyzing the plurality of web resources to generate normalized fingerprints for each of the web resources;
  
  determining a plurality of security risk factors for each of the plurality of web resources based on the normalized fingerprints generated for each of the web resources; and
  
  generating a reputation score for each of the plurality of web resources based on the security risk factors determined for each of the web resources.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprising:
    - receiving an application programming interface (API) call that identifies a web object of a web application;
      
      comparing the web object to the normalized fingerprints for each of the web resources to determine one of the web resources that matches the web object; and
      
      returning the reputation score for the one of the web resources that matches the web object.
  - 3. The method of claim 1 wherein analyzing the plurality of web resources to generate the normalized fingerprints for each of the web resources comprises analyzing syntactic structures of the plurality of web resources to generate the normalized fingerprints for each of the web resources.
  - 4. The method of claim 1 wherein the normalized fingerprints generated for each of the web resources describe security attributes of each of the web resources.
  - 5. The method of claim 1 wherein the normalized fingerprints generated for each of the web resources comprise abstract syntax trees.
  - 6. The method of claim 1 wherein determining the plurality of security risk factors for each of the plurality of web resources comprises determining the plurality of security risk factors for each of the plurality of web resources based on prevalence of each of the web resources.
  - 7. The method of claim 1 wherein generating the reputation score for each of the plurality of web resources based on the security risk factors comprises generating the reputation score for each of the web resources based on levels of information gain associated with each of the web resources.

8. One or more computer-readable storage media having program instructions stored thereon to facilitate creation of security profiles for web application components, wherein the program instructions, when executed by a computing system, direct the computing system to at least:
- receive a plurality of web resources used to construct web applications;
  
  analyze the plurality of web resources to generate normalized fingerprints for each of the web resources;
  
  determine a plurality of security risk factors for each of the plurality of web resources based on the normalized fingerprints generated for each of the web resources; and
  
  generate a reputation score for each of the plurality of web resources based on the security risk factors determined for each of the web resources.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The one or more computer-readable storage media of claim 8 wherein the program instructions further direct the computing system to:
    - receive an application programming interface (API) call that identifies a web object of a web application;
      
      compare the web object to the normalized fingerprints for each of the web resources to determine one of the web resources that matches the web object; and
      
      return the reputation score for the one of the web resources that matches the web object.
  - 10. The one or more computer-readable storage media of claim 8 wherein the program instructions direct the computing system to analyze the plurality of web resources to generate the normalized fingerprints for each of the web resources by directing the computing system to analyze syntactic structures of the plurality of web resources to generate the normalized fingerprints for each of the web resources.
  - 11. The one or more computer-readable storage media of claim 8 wherein the normalized fingerprints generated for each of the web resources describe security attributes of each of the web resources.
  - 12. The one or more computer-readable storage media of claim 8 wherein the normalized fingerprints generated for each of the web resources comprise abstract syntax trees.
  - 13. The one or more computer-readable storage media of claim 8 wherein the program instructions direct the computing system to determine the plurality of security risk factors for each of the plurality of web resources by directing the computing system to determine the plurality of security risk factors for each of the plurality of web resources based on prevalence of each of the web resources.
  - 14. The one or more computer-readable storage media of claim 8 wherein the program instructions direct the computing system to generate the reputation score for each of the plurality of web resources based on the security risk factors by directing the computing system to generate the reputation score for each of the web resources based on levels of information gain associated with each of the web resources.

15. An apparatus comprising:
- one or more computer-readable storage media; and
  
  program instructions stored on the one or more computer-readable storage media that, when executed by a processing system, direct the processing system to at least;
  
  receive a plurality of web resources used to construct web applications;
  
  analyze the plurality of web resources to generate normalized fingerprints for each of the web resources;
  
  determine a plurality of security risk factors for each of the plurality of web resources based on the normalized fingerprints generated for each of the web resources; and
  
  generate a reputation score for each of the plurality of web resources based on the security risk factors determined for each of the web resources.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The apparatus of claim 15 wherein the program instructions further direct the processing system to:
    - receive an application programming interface (API) call that identifies a web object of a web application;
      
      compare the web object to the normalized fingerprints for each of the web resources to determine one of the web resources that matches the web object; and
      
      return the reputation score for the one of the web resources that matches the web object.
  - 17. The apparatus of claim 15 wherein the program instructions direct the processing system to analyze the plurality of web resources to generate the normalized fingerprints for each of the web resources by directing the processing system to analyze syntactic structures of the plurality of web resources to generate the normalized fingerprints for each of the web resources.
  - 18. The apparatus of claim 15 wherein the normalized fingerprints generated for each of the web resources describe security attributes of each of the web resources.
  - 19. The apparatus of claim 15 wherein the normalized fingerprints generated for each of the web resources comprise abstract syntax trees.
  - 20. The apparatus of claim 15 wherein the program instructions direct the processing system to determine the plurality of security risk factors for each of the plurality of web resources by directing the processing system to determine the plurality of security risk factors for each of the plurality of web resources based on prevalence of each of the web resources.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tala Security, Inc. (Intuit, Inc.)
Original Assignee
Tala Security, Inc. (Intuit, Inc.)
Inventors
Yawalkar, Siddhesh, Bhalode, Swapnil, Blair, Brian, Yang, Jason, Rastogi, Vaibhav

Application Number

US16/669,201
Publication Number

US 20200137126A1
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/205   involving negotiation or de...

CREATION OF SECURITY PROFILES FOR WEB APPLICATION COMPONENTS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

5 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CREATION OF SECURITY PROFILES FOR WEB APPLICATION COMPONENTS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

5 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links