System and method for web application security

US 9,979,726 B2
Filed: 07/04/2014
Issued: 05/22/2018
Est. Priority Date: 07/04/2013
Status: Active Grant

First Claim

Patent Images

1. A method for generating a transformed web application code, the method comprising:

intercepting a web application code sent by at least one web server;

providing at least one script;

embedding the at least one script along with the intercepted web application code resulting in a transformed web application code, wherein the script collects and sends a representation of at least one client document object model (DOM) structure of the transformed web application code at least once when executed on a client; and

building a deemed clean representation of the DOM structure of the transformed web application code, for comparison with the representation sent by the script at the server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for detection and mitigation of client-side initiated security attack(s) to a web application is disclosed. A server component (SC) of the system is configured to intercept at least partially a web application code and/or data exchanged between a web server and one or more web browsers running on client devices respectively. The SC installs a script in the web application code intercepted from a web server before forwarding a transformed web application code to the a web browser. The CS when executed in a web browser of a client, causes the web browser to execute a loop which sweeps the document object model (DOM) structure of the webpage. Further, the CS sends a report containing the DOM structure and/or details on data to the SC. Using the received reports, SC concludes if tampering occurred at the client-side.

Citations

19 Claims

1. A method for generating a transformed web application code, the method comprising:
- intercepting a web application code sent by at least one web server;
  
  providing at least one script;
  
  embedding the at least one script along with the intercepted web application code resulting in a transformed web application code, wherein the script collects and sends a representation of at least one client document object model (DOM) structure of the transformed web application code at least once when executed on a client; and
  
  building a deemed clean representation of the DOM structure of the transformed web application code, for comparison with the representation sent by the script at the server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the providing the at least one script comprises:
    - installing at least one of a challenge token or a unique identification number in the at least one script; and
      
      protecting the at least one script with the at least one challenge token or unique identification number.
  - 3. The method of claim 1, further comprising protecting at least partially one of the intercepted web application code, the at least one script or the transformed web application code.
  - 4. The method of claim 3, wherein the protecting comprises at least one of obfuscating or encrypting the intercepted web application code, the at least one script or the transformed web application code one or more times.
  - 5. The method of claim 1, further comprising installing a unique identification number in the at least one script to detect attempts to reuse the same script.
  - 6. The method of claim 1, further comprising changing a programming language of at least a part of the intercepted web application code.
  - 7. The method of claim 1, further comprising changing an order of one or more programs of the intercepted web application code and the at least one script.
  - 8. The method of claim 1, wherein the script comprising a set of instructions to be executed at the client for initiating a key exchange protocol for establishing a shared secret key between the set of instructions executing on the client and a web server.
  - 9. The method of claim 1 further comprising establishing a secure tunnel for delivery of at least one of the at least one script and/or the transformed web application code to the client.
  - 10. The method of claim 1, further comprising:
    - obtaining the deemed clean representation of a document object model (DOM) structure of the intercepted web application code;
      
      comparing the representation of at least one client DOM structure received from the client with the deemed clean representation of the DOM structure, wherein the representation of the at least one client DOM structure is received subsequent to the execution of the transformed web application code on the client; and
      
      determining one or more tampering events that signify one or more security threats to the transformed web application code based upon the comparison.

11. A method for executing a transformed web application code, the method comprising:
- receiving the transformed web application code, wherein the transformed web application code comprises at least a web application code and a script wherein the script collects and sends a representation of at least one client document object model (DOM) structure of the transformed web application code at least once when executed on a client;
  
  executing the script to generate a loop for sweeping at least once a client document object model (DOM) structure of the web application code; and
  
  transmitting at least one representation of the client DOM structure to at least one web server for comparison with a deemed clean representation of the DOM structure of the transformed web application code at the server.
- View Dependent Claims (12)
- - 12. The method of claim 11 further comprising displaying at least one of a visual alert or an audio notification in case a tampering event is detected.

13. A web application protection system of a server configured to detect and mitigate security attacks on a web application code, the system comprising:
- a communication interface to intercept the web application code sent to a web server via a network;
  
  a processor configured to;
  
  build a deemed clean representation of a DOM structure of an intercepted web application code;
  
  embed at least one script with the intercepted web application code to produce the transformed web application code, wherein the at least one script triggers a loop to collect and send one or more client document object model (DOM) structures of the transformed web application code at least once when executed on the client;
  
  compare at least one representation of at least one client DOM structure received from a client with the deemed clean representation of the DOM structure, wherein the at least one representation of the at least one DOM structure is received subsequent to the execution of a transformed web application code on the client; and
  
  determine one or more tampering events that signify one or more security threats to the transformed web application code based upon the comparison.

14. A web application protection system of a server configured to detect and mitigate security attacks on a web application code, the system comprising:
- a communication interface to intercept the web application code sent to a web server via a network;
  
  a processor configured to;
  
  build a deemed clean representation of a DOM structure of an intercepted web application code;
  
  embed at least one script with the intercepted web application code to produce the transformed web application code, wherein the at least one script triggers a loop to collect and send one or more representations of client document object model (DOM) structures of the transformed web application code at least once when executed on the client;
  
  compare at least one representation of at least one client DOM structure received from a client with the deemed clean representation of the DOM structure, wherein the at least one representation of the at least one DOM structure is received subsequent to the execution of a transformed web application code on the client; and
  
  determine one or more tampering events that signify one or more security threats to the transformed web application code based upon the comparison.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The system of claim 14, wherein the communication interface comprises one or more of a reverse proxy interface, a collaborating proxy interface or a remote proxy interface.
  - 16. The system of claim 14, wherein the processor is further configured to merge one or more variations produced to the deemed clean representation of the DOM structure.
  - 17. The system of claim 14, wherein the processor is further configured to share one or more variations ignored in the at least one representation of the at least one DOM structure received from the client across different installations of a server component.
  - 18. The system of claim 14, wherein the processor is further configured to notify at least one of the web server or the client in case one or more tampering event is determined.
  - 19. The system of claim 18, wherein the processor is further configured to notify at least one of the web server or the client in case even if one representation of the at least one client DOM structure is not received from the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Jscrambler SA
Original Assignee
Jscrambler SA
Inventors
Freitas FOrtuna dos Santos, Antonio Pedro, Silvares Ribeiro, Rui Miguel, Gomes Silva, Filipe Manuel
Primary Examiner(s)
Dada, Beemnet
Assistant Examiner(s)
Gundry, Stephen

Application Number

US14/894,912
Publication Number

US 20160119344A1
Time in Patent Office

1,418 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 40/143   Markup, e.g. Standard Gener...

H04L 63/0876   based on the identity of th...

H04L 63/1466   Active attacks involving in...

H04L 63/168   above the transport layer

System and method for web application security

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for web application security

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links