Methods for proactively securing a web application and apparatuses thereof

US 8,949,988 B2
Filed: 02/25/2011
Issued: 02/03/2015
Est. Priority Date: 02/26/2010
Status: Active Grant

First Claim

Patent Images

1. A method for proactively securing a web application, the method comprising:

receiving, from a client device and by a proactive administrative proxy server positioned between the client device and a server device, a request to access a web application provided by the server device;

sending the request from the proactive administrative proxy server to the server device;

receiving, with the proactive administrative proxy server, a response from the server device, wherein the response includes the requested web application;

after receiving the response, injecting, with the proactive administrative proxy server positioned between the client device and the server device, one or more decoys into the web application contained within the response to form a modified response;

sending the modified response from the proactive administrative server to the client device;

identifying, with the proactive administrative proxy server, an attempt by the client device to exploit one of the one or more injected decoys in the web application; and

performing with the proactive administrative proxy server at least one action to secure the web application from the attempted exploitation.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, non-transitory computer readable medium, and apparatus that proactively secures a web application includes injecting one or more decoys into an executing web application. An attempt to exploit one of the one more injected decoys in the executing application is identified. At least one action to secure the executing application from the attempted exploitation is performed.

28 Citations

View as Search Results

21 Claims

1. A method for proactively securing a web application, the method comprising:
- receiving, from a client device and by a proactive administrative proxy server positioned between the client device and a server device, a request to access a web application provided by the server device;
  
  sending the request from the proactive administrative proxy server to the server device;
  
  receiving, with the proactive administrative proxy server, a response from the server device, wherein the response includes the requested web application;
  
  after receiving the response, injecting, with the proactive administrative proxy server positioned between the client device and the server device, one or more decoys into the web application contained within the response to form a modified response;
  
  sending the modified response from the proactive administrative server to the client device;
  
  identifying, with the proactive administrative proxy server, an attempt by the client device to exploit one of the one or more injected decoys in the web application; and
  
  performing with the proactive administrative proxy server at least one action to secure the web application from the attempted exploitation.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method as set forth in claim 1 wherein the injecting further comprises injecting with the proactive administrative proxy server the one or more decoys in real-time into the web application contained within the response after receiving the response from the server device and prior to sending the modified response to the client device.
  - 3. The method as set forth in claim 1 wherein the one or more decoys further comprises at least one of a fake vulnerability and a trap.
  - 4. The method as set forth in claim 1 further comprising actively monitoring, with the proactive administrative proxy server, subsequent requests from the client device to determine whether the subsequent requests from the client device attempt to utilize the one or more decoys that were injected in the web application by the proactive administrative proxy server, wherein the identifying is based on the monitoring.
  - 5. The method as set forth in claim 4 further comprising:
    - collecting information with the proactive administrative proxy server about the attempted exploitation based on the monitoring; and
      
      categorizing and classifying with the proactive administrative proxy server the attempted exploitation to obtain a threat level, wherein the performing further comprises selecting the action to secure the executing application based on the threat level.
  - 6. The method as set forth in claim 1 wherein the at least one action comprises blocking with the proactive administrative proxy server the attempted exploitation.
  - 7. The method as set forth in claim 1 wherein the at least one action comprises issuing an alert with the proactive administrative proxy server about the attempted exploitation.

8. A non-transitory computer readable medium having stored thereon instructions for proactively securing a web application comprising machine executable code which when executed by at least one processor, causes the processor to perform steps comprising:
- receiving, from a client device and by a proactive administrative proxy server positioned between the client device and a server device, a request to access a web application provide by the server device;
  
  sending the request from the proactive administrative proxy server to the server device;
  
  receiving, with the proactive administrative proxy server, a response from the server device, wherein the response includes the requested web application;
  
  after receiving the response, injecting, with the proactive administrative proxy server positioned between the client device and the server device, one or more decoys into the web application contained within the response to form a modified response;
  
  sending the modified response from the proactive administrative server to the client device;
  
  identifying, with the proactive administrative proxy server, an attempt by the client device to exploit one of the one or more injected decoys in the web application; and
  
  performing with the proactive administrative proxy server at least one action to secure the web application from the attempted exploitation.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory medium as set forth in claim 8 wherein the injecting further comprises injecting the one or more decoys in real-time into the web application contained within the response after receiving the response from the server device and prior to sending the modified response to the client device.
  - 10. The non-transitory medium as set forth in claim 9 wherein the one or more decoys further comprises at least one of a fake vulnerability and a trap.
  - 11. The non-transitory medium as set forth in claim 8 further comprising actively monitoring, with the proactive administrative proxy server, subsequent requests from the client device to determine whether the subsequent requests from the client device attempt to utilize the one or more decoys that were injected in the web application by the proactive administrative proxy server, wherein the identifying is based on the monitoring.
  - 12. The non-transitory medium as set forth in claim 11 further comprising:
    - collecting information about the attempted exploitation based on the monitoring; and
      
      categorizing and classifying the attempted exploitation to obtain a threat level, wherein the performing further comprises selecting the action to secure the executing application based on the threat level.
  - 13. The non-transitory medium as set forth in claim 8 wherein the at least one action comprises blocking the attempted exploitation.
  - 14. The non-transitory medium as set forth in claim 8 wherein the at least one action comprises issuing an alert about the attempted exploitation.

15. A proactively secured computing apparatus comprising:
- one or more processors;
  
  a memory coupled to the one or more processors which are configured to execute programmed instructions stored in the memory, the instructions comprising executable code for;
  
  receiving, from a client device and by a proactive administrative proxy server positioned between the client device and a server device, a request to access a web application provide by the server device;
  
  sending the request from the proactive administrative proxy server to the server device;
  
  receiving, with the proactive administrative proxy server, a response from the server device, wherein the response includes the requested web application;
  
  after receiving the response, injecting, with the proactive administrative proxy server positioned between the client device and the server device, one or more decoys into the web application contained within the response to form a modified response;
  
  sending the modified response from the proactive administrative server to the client device;
  
  identifying, with the proactive administrative proxy server, an attempt by the client device to exploit one of the one or more injected decoys in the web application; and
  
  performing with the proactive administrative proxy server at least one action to secure the web application from the attempted exploitation.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The apparatus as set forth in claim 15 wherein the one or more processors is further configured to execute programmed instructions stored in the memory for injecting further comprising injecting the one or more decoys in real-time into the web application contained within the response after receiving the response from the server device and prior to sending the modified response to the client device.
  - 17. The apparatus as set forth in claim 16 wherein the one or more decoys further comprises at least one of a fake vulnerability and a trap.
  - 18. The apparatus as set forth in claim 15 wherein the one or more processors is further configured to execute programmed instructions stored in the memory further comprising actively monitoring, with the proactive administrative proxy server, subsequent requests from the client device to determine whether the subsequent requests from the client device attempt to utilize the one or more decoys that were injected in the web application by the proactive administrative proxy server, wherein the identifying is based on the monitoring.
  - 19. The apparatus as set forth in claim 18 wherein the one or more processors is further configured to execute programmed instructions stored in the memory further comprising:
    - collecting information about the attempted exploitation based on the monitoring; and
      
      categorizing and classifying the attempted exploitation to obtain a threat level, wherein the performing further comprises selecting the action to secure the executing application based on the threat level.
  - 20. The apparatus as set forth in claim 15 wherein the at least one action comprises blocking the attempted exploitation.
  - 21. The apparatus as set forth in claim 15 wherein the at least one action comprises issuing an alert about the attempted exploitation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Adams, Kyle, Pinenkov, Victor
Primary Examiner(s)
CHOUDHURY, AZIZUL Q

Application Number

US13/035,723
Publication Number

US 20110214182A1
Time in Patent Office

1,439 Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/54   by adding security routines...

G06F 21/552   involving long-term monitor...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

H04L 63/145   the attack involving the pr...

Methods for proactively securing a web application and apparatuses thereof

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

28 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Methods for proactively securing a web application and apparatuses thereof

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links