NTO input validation technique
First Claim
1. A validation and security server for validating and scanning data information between a client and a server application, comprising a user interface with a plurality of data input modules which comprise data input fields for inputting data relating to the object of web transaction, which user interface is operable for internet users by means of terminals electrically communicated with a network;
- stored data rules assigned to the data input fields and validation means for verifying data values input via the data input fields on the basis of the assigned data rules, for requesting corrections via the user interface on the basis of the assigned data rules and for generating a validation result, characterized by stored commercial rules assigned to one or more of the data input fields;
evaluation means for evaluating the data value input via the data input fields on the basis of the assigned commercial rules and for generating a corresponding evaluation result, a plurality of different determination processes for indicating a desired data via the user interface; and
control means for activating a first one of the data input modules, for activating the evaluation means in the case of a positive validation result, and for automatically selecting and activating further one of the data input modules in dependence on the evaluation result.
1 Assignment
0 Petitions
Accused Products
Abstract
This invention relates to an apparatus and method for an input validation and security server for validating and scanning data information between a client and a server application. Input validation mistakes are the heart of major web application security problems. In web applications the inputs are the GPC, which stands for GET, POST, and COOKIES. In this document, we will use PHP for the examples but the concept stands for all web application languages.
32 Citations
57 Claims
-
1. A validation and security server for validating and scanning data information between a client and a server application, comprising
a user interface with a plurality of data input modules which comprise data input fields for inputting data relating to the object of web transaction, which user interface is operable for internet users by means of terminals electrically communicated with a network; -
stored data rules assigned to the data input fields and validation means for verifying data values input via the data input fields on the basis of the assigned data rules, for requesting corrections via the user interface on the basis of the assigned data rules and for generating a validation result, characterized by stored commercial rules assigned to one or more of the data input fields;
evaluation means for evaluating the data value input via the data input fields on the basis of the assigned commercial rules and for generating a corresponding evaluation result, a plurality of different determination processes for indicating a desired data via the user interface; and
control means for activating a first one of the data input modules, for activating the evaluation means in the case of a positive validation result, and for automatically selecting and activating further one of the data input modules in dependence on the evaluation result. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
-
34. The validation and security network test embodied in at least one carrier wave comprising:
-
a plurality of first signal segments constituting scan modules for scanning executable programs on web server to learn vulnerabilities that the programs has to basic attack signatures; and
a second signal segment defining instructions for one of the scan modules to perform a scan of executable programs on web server and to produce an output based on the scan, and for producing an input for implementation by user interface based on the output.
-
-
35. The validation and security network test embodied in at least one carrier wave comprising:
-
a plurality of first signal segments constituting scan modules for scanning executable programs on web server to learn vulnerabilities that the programs has to basic attack signatures;
a second signal segment defining instructions for one of the scan modules to perform a scan of executable programs on web server and to produce an output based on the scan, and for producing an input for implementation by evaluation means based on the output; and
a third signal segment constituting instructions for formatting the output in the form of a data record having a plurality of data fields, and for formatting the input for implementation by evaluation means in the form of a second data record having a plurality of second data fields.
-
-
36. A method for validating and scanning data information between a client and a server application, the method comprising:
-
providing a user interface with a plurality of data input modules which comprise data input fields for inputting data relating to the object of web transaction, which user interface is operable for internet users by means of terminals electrically communicated with a network;
providing stored data rules assigned to the data input fields and validation means for verifying data values input via the data input fields on the basis of the assigned data rules, for requesting corrections via the user interface on the basis of the assigned data rules and for generating a validation result, characterized by stored commercial rules assigned to one or more of the data input fields;
providing evaluation means for evaluating the data value input via the data input fields on the basis of the assigned commercial rules and for generating a corresponding evaluation result, a plurality of different determination processes for indicating a desired data via the user interface; and
providing control means for activating a first one of the data input modules, for activating the evaluation means in the case of a positive validation result, and for automatically selecting and activating further one of the data input modules in dependence on the evaluation result. - View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 52, 53, 54, 55, 56, 57)
-
-
51. The method of claim 51, characterized in that geographic data, user identification data and/or product identification data are in each case assigned to the sets of rules, and that the control means are adapted to select the set of rules to be applied independence on a geographic data value input or a data value for user identification input, respectively, and/or a data value for product identification input.
Specification