Please download the dossier by clicking on the dossier button x
×

Injection attack mitigation using context sensitive encoding of injected input

  • US 9,009,821 B2
  • Filed: 06/08/2011
  • Issued: 04/14/2015
  • Est. Priority Date: 06/10/2010
  • Status: Active Grant
First Claim
Patent Images

1. A method for preventing malicious code being embedded within a scripting language of a web application accessed by a web browser, the method comprising:

  • monitoring all incoming traffic, generated by the web browser, and outgoing traffic generated by a server;

    identifying a page of the web application and inputs associated with the page to form a set of identified inputs associated with the page;

    transforming each identified input associated with the page to have a unique element representative of an input value of that identified input associated with the page;

    sending the monitored incoming traffic including each transformed input having a unique element representative of an input value of that transformed identified input to the server;

    determining whether a given unique element, defined in a configuration file, is matched with an input value of the monitored incoming traffic to form a matched input value;

    responsive to a determination that the given unique element is matched with an input value of the monitored incoming traffic, saving the matched input value;

    determining whether an output from the server contains the matched input value in an expected location in the output from the server;

    responsive to a determination that the output from the server contains the matched input value in an expected location in the output from the server, encoding the matched input value using a definition from the configuration file; and

    returning the output from the server to a requester.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×