Injection attack mitigation using context sensitive encoding of injected input
First Claim
1. A method for preventing malicious code being embedded within a scripting language of a web application accessed by a web browser, the method comprising:
- monitoring all incoming traffic, generated by the web browser, and outgoing traffic generated by a server;
identifying a page of the web application and inputs associated with the page to form a set of identified inputs associated with the page;
transforming each identified input associated with the page to have a unique element representative of an input value of that identified input associated with the page;
sending the monitored incoming traffic including each transformed input having a unique element representative of an input value of that transformed identified input to the server;
determining whether a given unique element, defined in a configuration file, is matched with an input value of the monitored incoming traffic to form a matched input value;
responsive to a determination that the given unique element is matched with an input value of the monitored incoming traffic, saving the matched input value;
determining whether an output from the server contains the matched input value in an expected location in the output from the server;
responsive to a determination that the output from the server contains the matched input value in an expected location in the output from the server, encoding the matched input value using a definition from the configuration file; and
returning the output from the server to a requester.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for preventing malicious code being embedded within a scripting language of a web application accessed by a web browser (308), the method comprising: monitoring all incoming traffic (310), generated by the web browser, and outgoing traffic (326) generated by a server (318) to form monitored traffic; determining whether a unique element, defined in a configuration file, is matched with an input value of the monitored traffic to form a matched input value; responsive to a determination that the unique element is matched with an input value of the monitored traffic, saving the matched input value, determining whether an output contains the matched input value in an expected location; responsive to a determination that the output contains the matched input value in an expected location, encoding the matched input value using a respective definition from the configuration file; and returning the output (330) to the requester.
-
Citations
12 Claims
-
1. A method for preventing malicious code being embedded within a scripting language of a web application accessed by a web browser, the method comprising:
-
monitoring all incoming traffic, generated by the web browser, and outgoing traffic generated by a server; identifying a page of the web application and inputs associated with the page to form a set of identified inputs associated with the page; transforming each identified input associated with the page to have a unique element representative of an input value of that identified input associated with the page; sending the monitored incoming traffic including each transformed input having a unique element representative of an input value of that transformed identified input to the server; determining whether a given unique element, defined in a configuration file, is matched with an input value of the monitored incoming traffic to form a matched input value; responsive to a determination that the given unique element is matched with an input value of the monitored incoming traffic, saving the matched input value; determining whether an output from the server contains the matched input value in an expected location in the output from the server; responsive to a determination that the output from the server contains the matched input value in an expected location in the output from the server, encoding the matched input value using a definition from the configuration file; and returning the output from the server to a requester. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer program product for preventing malicious code being embedded within a scripting language of a web application accessed by a web browser, the computer program product comprising:
-
a computer-readable storage medium having computer-readable program code embodied therein, the computer-readable program code comprising; computer-readable program code configured to monitor all incoming traffic, generated by the web browser, and outgoing traffic generated by a server; computer-readable program code configured to identify a page of the web application and inputs associated with the page to form a set of identified inputs associated with the page; computer-readable program code configured to transform each identified input associated with the page to have a unique element representative of an input value of that identified input associated with the page; and computer-readable program code configured to send the monitored incoming traffic including each transformed input having a unique element representative of an input value of that transformed identified input to the server; computer-readable program code configured to determine whether a given unique element, defined in a configuration file, is matched with an input value of the monitored incoming traffic to form a matched input value; computer-readable program code, responsive to a determination that the given unique element is matched with an input value of the monitored incoming traffic, configured to save the matched input value; computer-readable program code configured to determine whether an output from the server contains the matched input value in an expected location in the output from the server; computer-readable program code, responsive to a determination that the output from the server contains the matched input value in an expected location in the output from the server, configured to encode the matched input value using a definition from the configuration file; and computer-readable program code configured to return the output from the server to a requester. - View Dependent Claims (8, 9, 10, 11, 12)
-
Specification