×

Polluting results of vulnerability scans

  • US 9,485,270 B2
  • Filed: 09/30/2013
  • Issued: 11/01/2016
  • Est. Priority Date: 09/30/2013
  • Status: Active Grant
First Claim
Patent Images

1. A security device, comprising:

  • a memory; and

    one or more processors, operatively connected to the memory, to;

    receive, from a server device, a response to a request,the request being provided by an attacker device and including a plurality of input values input via at least one input field of a website associated with the server device,the response including a reflected input value, of the plurality of input values, that is included in the request and reflected by the response;

    determine the plurality of input values included in the request based on information received from the server device,modify the response to form a modified response,the response being modified by adding information associated with a non-reflected input value, of the plurality of input values, that is included in the request but not reflected by the response,the response being modified in an attempt to prevent the attacker device from identifying a vulnerability, associated with the server device, based on the reflected input value being reflected in the response; and

    provide the modified response to the attacker device.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×