Polluting results of vulnerability scans
First Claim
1. A security device, comprising:
- a memory; and
one or more processors, operatively connected to the memory, to;
receive, from a server device, a response to a request,the request being provided by an attacker device and including a plurality of input values input via at least one input field of a website associated with the server device,the response including a reflected input value, of the plurality of input values, that is included in the request and reflected by the response;
determine the plurality of input values included in the request based on information received from the server device,modify the response to form a modified response,the response being modified by adding information associated with a non-reflected input value, of the plurality of input values, that is included in the request but not reflected by the response,the response being modified in an attempt to prevent the attacker device from identifying a vulnerability, associated with the server device, based on the reflected input value being reflected in the response; and
provide the modified response to the attacker device.
1 Assignment
0 Petitions
Accused Products
Abstract
A security device may receive, from a server device, a response to a request. The request may be provided by an attacker device and may include a plurality of input values. The security device may determine the plurality of input values, included in the request, based on receiving the response. The security device may modify the response to form a modified response. The response may be modified to include information associated with the plurality of input values. The response may be modified in an attempt to prevent the attacker device from identifying a vulnerability, associated with the server device, based on the plurality of input values being included in the response. The security device may provide the modified response to the attacker device.
-
Citations
20 Claims
-
1. A security device, comprising:
-
a memory; and one or more processors, operatively connected to the memory, to; receive, from a server device, a response to a request, the request being provided by an attacker device and including a plurality of input values input via at least one input field of a website associated with the server device, the response including a reflected input value, of the plurality of input values, that is included in the request and reflected by the response; determine the plurality of input values included in the request based on information received from the server device, modify the response to form a modified response, the response being modified by adding information associated with a non-reflected input value, of the plurality of input values, that is included in the request but not reflected by the response, the response being modified in an attempt to prevent the attacker device from identifying a vulnerability, associated with the server device, based on the reflected input value being reflected in the response; and provide the modified response to the attacker device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer-readable medium storing instructions, the instructions comprising:
one or more instructions that, when executed by one or more processors, cause the one or more processors to; receive, from a server device, a response associated with a request provided by an attacker device, the request including a set of inputs input by a user of the attacker device via at least one field of a website associated with the server device, the response including a reflected input, of the set of inputs, that is included in the request and reflected by the response; obtain information that identifies the set of inputs included in the request based on information received from the server device, modify the response to form a modified response, the response being modified by adding information associated with a non-reflected input, of the set of inputs, that is included in the request but not reflected by the response, the response being modified in an attempt to prevent the attacker device from receiving information that identifies a vulnerability, associated with the server device, based on the reflected input being reflected in the modified response; and provide the modified response to the attacker device. - View Dependent Claims (11, 12, 13, 14, 15)
-
16. A method, comprising:
-
receiving, by a security device, a response to a request, the request being provided to a server device by an attacker device and including input values, the input values being input via at least one input field of a website associated with the server device, the response being provided by the server device, and the response including a reflected input value, of the input values, that is included in the request and reflected by the response; determining, by the security device, the input values included in the request based on information received from the server device, modifying, by the security device, the response to generate a modified response, the response being modified by adding information associated with a non-reflective input value, of the input values, that is included in the request but not reflected by the response; and providing, by the security device, the modified response to attempt to cause the attacker device to be unable to identify a vulnerability, associated with the server device, based on the reflected input value being reflected in the response. - View Dependent Claims (17, 18, 19, 20)
-
Specification