ATE540515T1 - Verfahren zur bereitstellung von webanwendungssicherheit - Google Patents
Verfahren zur bereitstellung von webanwendungssicherheitInfo
- Publication number
- ATE540515T1 ATE540515T1 AT07724163T AT07724163T ATE540515T1 AT E540515 T1 ATE540515 T1 AT E540515T1 AT 07724163 T AT07724163 T AT 07724163T AT 07724163 T AT07724163 T AT 07724163T AT E540515 T1 ATE540515 T1 AT E540515T1
- Authority
- AT
- Austria
- Prior art keywords
- http request
- remote client
- http
- web application
- application security
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1475—Passive attacks, e.g. eavesdropping or listening without modification of the traffic monitored
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Computer And Data Communications (AREA)
- Information Transfer Between Computers (AREA)
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| EP06007879 | 2006-04-13 | ||
| PCT/EP2007/003222 WO2007118657A1 (en) | 2006-04-13 | 2007-04-11 | Method for providing web application security |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| ATE540515T1 true ATE540515T1 (de) | 2012-01-15 |
Family
ID=38445977
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| AT07724163T ATE540515T1 (de) | 2006-04-13 | 2007-04-11 | Verfahren zur bereitstellung von webanwendungssicherheit |
Country Status (6)
| Country | Link |
|---|---|
| US (1) | US20090292925A1 (de) |
| EP (1) | EP2005698B1 (de) |
| AT (1) | ATE540515T1 (de) |
| CA (1) | CA2648997A1 (de) |
| IL (1) | IL193975A (de) |
| WO (1) | WO2007118657A1 (de) |
Families Citing this family (60)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7162035B1 (en) | 2000-05-24 | 2007-01-09 | Tracer Detection Technology Corp. | Authentication method and system |
| US8171567B1 (en) | 2002-09-04 | 2012-05-01 | Tracer Detection Technology Corp. | Authentication method and system |
| JP2007287124A (ja) * | 2006-04-18 | 2007-11-01 | Softrun Inc | インターネット接続サイトの分析を通じたフィッシング防止方法及びその方法を実現するためのコンピュータプログラムを記録した記録媒体 |
| US7827311B2 (en) * | 2007-05-09 | 2010-11-02 | Symantec Corporation | Client side protection against drive-by pharming via referrer checking |
| US8578166B2 (en) * | 2007-08-06 | 2013-11-05 | Morgamon SA | System and method for authentication, data transfer, and protection against phishing |
| US8315951B2 (en) * | 2007-11-01 | 2012-11-20 | Alcatel Lucent | Identity verification for secure e-commerce transactions |
| US8091118B2 (en) * | 2007-12-21 | 2012-01-03 | At & T Intellectual Property I, Lp | Method and system to optimize efficiency when managing lists of untrusted network sites |
| US7995196B1 (en) | 2008-04-23 | 2011-08-09 | Tracer Detection Technology Corp. | Authentication method and system |
| US9059979B2 (en) * | 2009-02-27 | 2015-06-16 | Blackberry Limited | Cookie verification methods and apparatus for use in providing application services to communication devices |
| US9049247B2 (en) | 2010-04-01 | 2015-06-02 | Cloudfare, Inc. | Internet-based proxy service for responding to server offline errors |
| US8370940B2 (en) | 2010-04-01 | 2013-02-05 | Cloudflare, Inc. | Methods and apparatuses for providing internet-based proxy services |
| US8448231B2 (en) * | 2010-10-05 | 2013-05-21 | Guest Tek Interactive Entertainment Ltd. | Walled garden system for providing access to one or more websites that incorporate content from other websites and method thereof |
| CN102480490B (zh) * | 2010-11-30 | 2014-09-24 | 国际商业机器公司 | 一种用于防止csrf攻击的方法和设备 |
| US8370914B2 (en) * | 2010-12-15 | 2013-02-05 | Microsoft Corporation | Transition from WS-Federation passive profile to active profile |
| EP2498206A1 (de) | 2011-03-10 | 2012-09-12 | Adalbert Gubo | Verfahren und Vorrichtung zur Kontrolle von Mehrschrittprozessen |
| US8285808B1 (en) | 2011-05-20 | 2012-10-09 | Cloudflare, Inc. | Loading of web resources |
| WO2013009713A2 (en) * | 2011-07-08 | 2013-01-17 | Uab Research Foundation | Syntactical fingerprinting |
| CN103729768B (zh) * | 2012-10-15 | 2018-10-19 | 北京京东尚科信息技术有限公司 | 一种电子交易信息处理方法和装置 |
| US8996855B2 (en) * | 2012-11-14 | 2015-03-31 | Blackberry Limited | HTTP layer countermeasures against blockwise chosen boundary attack |
| US9356948B2 (en) | 2013-02-08 | 2016-05-31 | PhishMe, Inc. | Collaborative phishing attack detection |
| US8966637B2 (en) | 2013-02-08 | 2015-02-24 | PhishMe, Inc. | Performance benchmarking for simulated phishing attacks |
| US9231951B2 (en) * | 2013-11-01 | 2016-01-05 | Google Inc. | Probabilistically expedited secure connections via connection parameter reuse |
| US9906539B2 (en) | 2015-04-10 | 2018-02-27 | PhishMe, Inc. | Suspicious message processing and incident response |
| US10893009B2 (en) * | 2017-02-16 | 2021-01-12 | eTorch Inc. | Email fraud prevention |
| CN107528811A (zh) * | 2016-06-21 | 2017-12-29 | 中兴通讯股份有限公司 | 请求的响应方法及装置 |
| RU2649793C2 (ru) | 2016-08-03 | 2018-04-04 | ООО "Группа АйБи" | Способ и система выявления удаленного подключения при работе на страницах веб-ресурса |
| US11316895B1 (en) * | 2016-10-20 | 2022-04-26 | United Services Automobile Association (Usaa) | Method of generating and using credentials to detect the source of account takeovers |
| RU2637477C1 (ru) | 2016-12-29 | 2017-12-04 | Общество с ограниченной ответственностью "Траст" | Система и способ обнаружения фишинговых веб-страниц |
| RU2671991C2 (ru) * | 2016-12-29 | 2018-11-08 | Общество с ограниченной ответственностью "Траст" | Система и способ сбора информации для обнаружения фишинга |
| RU2689816C2 (ru) | 2017-11-21 | 2019-05-29 | ООО "Группа АйБи" | Способ для классифицирования последовательности действий пользователя (варианты) |
| RU2677361C1 (ru) | 2018-01-17 | 2019-01-16 | Общество с ограниченной ответственностью "Траст" | Способ и система децентрализованной идентификации вредоносных программ |
| RU2677368C1 (ru) | 2018-01-17 | 2019-01-16 | Общество С Ограниченной Ответственностью "Группа Айби" | Способ и система для автоматического определения нечетких дубликатов видеоконтента |
| RU2676247C1 (ru) | 2018-01-17 | 2018-12-26 | Общество С Ограниченной Ответственностью "Группа Айби" | Способ и компьютерное устройство для кластеризации веб-ресурсов |
| RU2668710C1 (ru) | 2018-01-17 | 2018-10-02 | Общество с ограниченной ответственностью "Группа АйБи ТДС" | Вычислительное устройство и способ для обнаружения вредоносных доменных имен в сетевом трафике |
| RU2680736C1 (ru) | 2018-01-17 | 2019-02-26 | Общество с ограниченной ответственностью "Группа АйБи ТДС" | Сервер и способ для определения вредоносных файлов в сетевом трафике |
| RU2681699C1 (ru) | 2018-02-13 | 2019-03-12 | Общество с ограниченной ответственностью "Траст" | Способ и сервер для поиска связанных сетевых ресурсов |
| US10826935B2 (en) * | 2018-04-24 | 2020-11-03 | International Business Machines Corporation | Phishing detection through secure testing implementation |
| CN110557358A (zh) * | 2018-05-31 | 2019-12-10 | 武汉安天信息技术有限责任公司 | 蜜罐服务器通信方法、SSLStrip中间人攻击感知方法及相关装置 |
| US10992759B2 (en) | 2018-06-07 | 2021-04-27 | Sap Se | Web application session security with protected session identifiers |
| US10972481B2 (en) * | 2018-06-07 | 2021-04-06 | Sap Se | Web application session security |
| RU2708508C1 (ru) | 2018-12-17 | 2019-12-09 | Общество с ограниченной ответственностью "Траст" | Способ и вычислительное устройство для выявления подозрительных пользователей в системах обмена сообщениями |
| RU2701040C1 (ru) | 2018-12-28 | 2019-09-24 | Общество с ограниченной ответственностью "Траст" | Способ и вычислительное устройство для информирования о вредоносных веб-ресурсах |
| WO2020176005A1 (ru) | 2019-02-27 | 2020-09-03 | Общество С Ограниченной Ответственностью "Группа Айби" | Способ и система идентификации пользователя по клавиатурному почерку |
| US11017064B2 (en) | 2019-05-14 | 2021-05-25 | Bank Of America Corporation | Authentication using interprogram communication |
| RU2728497C1 (ru) | 2019-12-05 | 2020-07-29 | Общество с ограниченной ответственностью "Группа АйБи ТДС" | Способ и система определения принадлежности программного обеспечения по его машинному коду |
| RU2728498C1 (ru) | 2019-12-05 | 2020-07-29 | Общество с ограниченной ответственностью "Группа АйБи ТДС" | Способ и система определения принадлежности программного обеспечения по его исходному коду |
| RU2743974C1 (ru) | 2019-12-19 | 2021-03-01 | Общество с ограниченной ответственностью "Группа АйБи ТДС" | Система и способ сканирования защищенности элементов сетевой архитектуры |
| SG10202001963TA (en) | 2020-03-04 | 2021-10-28 | Group Ib Global Private Ltd | System and method for brand protection based on the search results |
| US11475090B2 (en) | 2020-07-15 | 2022-10-18 | Group-Ib Global Private Limited | Method and system for identifying clusters of affiliated web resources |
| RU2743619C1 (ru) | 2020-08-06 | 2021-02-20 | Общество с ограниченной ответственностью "Группа АйБи ТДС" | Способ и система генерации списка индикаторов компрометации |
| US11582223B2 (en) | 2021-01-07 | 2023-02-14 | Bank Of America Corporation | Browser extension for validating communications |
| US11314841B1 (en) | 2021-01-07 | 2022-04-26 | Bank Of America Corporation | Web browser communication validation extension |
| US11947572B2 (en) | 2021-03-29 | 2024-04-02 | Group IB TDS, Ltd | Method and system for clustering executable files |
| NL2030861B1 (en) | 2021-06-01 | 2023-03-14 | Trust Ltd | System and method for external monitoring a cyberattack surface |
| RU2769075C1 (ru) | 2021-06-10 | 2022-03-28 | Общество с ограниченной ответственностью "Группа АйБи ТДС" | Система и способ активного обнаружения вредоносных сетевых ресурсов |
| US20230247081A1 (en) * | 2022-01-31 | 2023-08-03 | Salesforce.Com, Inc. | Declarative rendering of hypertext transfer protocol headers |
| US11991207B2 (en) * | 2022-03-14 | 2024-05-21 | Bank Of America Corporation | Anti-phish, personalized, security token for use with electronic communications |
| US11991172B2 (en) | 2022-03-29 | 2024-05-21 | Bank Of America Corporation | Double anti-phish, personalized, security token for use with electronic communications |
| US12003646B2 (en) | 2022-04-18 | 2024-06-04 | Bank Of America Corporation | Storage locations for anti-phish, personalized, security tokens for use with electronic communications |
| US20230336587A1 (en) * | 2022-04-18 | 2023-10-19 | Bank Of America Corporation | Anti-phish network for securing electronic communications |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7954144B1 (en) * | 2000-01-18 | 2011-05-31 | Novell, Inc. | Brokering state information and identity among user agents, origin servers, and proxies |
| US8005965B2 (en) * | 2001-06-30 | 2011-08-23 | International Business Machines Corporation | Method and system for secure server-based session management using single-use HTTP cookies |
| US20040054898A1 (en) * | 2002-08-28 | 2004-03-18 | International Business Machines Corporation | Authenticating and communicating verifiable authorization between disparate network domains |
| US8578462B2 (en) * | 2003-12-12 | 2013-11-05 | Avaya Inc. | Method and system for secure session management in a web farm |
| US20060080735A1 (en) * | 2004-09-30 | 2006-04-13 | Usa Revco, Llc | Methods and systems for phishing detection and notification |
| US8132242B1 (en) * | 2006-02-13 | 2012-03-06 | Juniper Networks, Inc. | Automated authentication of software applications using a limited-use token |
-
2007
- 2007-04-11 US US12/296,062 patent/US20090292925A1/en not_active Abandoned
- 2007-04-11 WO PCT/EP2007/003222 patent/WO2007118657A1/en active Application Filing
- 2007-04-11 AT AT07724163T patent/ATE540515T1/de active
- 2007-04-11 EP EP07724163A patent/EP2005698B1/de active Active
- 2007-04-11 CA CA002648997A patent/CA2648997A1/en not_active Abandoned
-
2008
- 2008-09-09 IL IL193975A patent/IL193975A/en not_active IP Right Cessation
Also Published As
| Publication number | Publication date |
|---|---|
| CA2648997A1 (en) | 2007-10-25 |
| EP2005698A1 (de) | 2008-12-24 |
| IL193975A (en) | 2013-11-28 |
| WO2007118657A1 (en) | 2007-10-25 |
| EP2005698B1 (de) | 2012-01-04 |
| US20090292925A1 (en) | 2009-11-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| ATE540515T1 (de) | Verfahren zur bereitstellung von webanwendungssicherheit | |
| DE602007001336D1 (de) | Abhängigkeitsmeldung | |
| WO2007138423A3 (en) | Method and system for providing remote access to applications | |
| WO2014190337A3 (en) | Requesting proximate resources by learning devices | |
| RU2014140732A (ru) | Способ и система для обеспечения удаленного доступа к состоянию прикладной программы | |
| WO2006068969A3 (en) | Method and device for publishing cross-network user behavioral data | |
| WO2010014544A3 (en) | Client device, information processing system and associated methodology of accessing networked sevices | |
| TR201905420T4 (tr) | Bir cihazın ve buna karşılık gelen cihazın uzaktan yönetim yöntemi. | |
| WO2008106361A3 (en) | Hierarchical temporal memory (htm) system deployed as web service | |
| WO2012121846A3 (en) | Automatic entry of calendar events | |
| EP2472829A8 (de) | Verfahren, Systeme und Vorrichtungen zum horizontal skalierbaren, hochverfügbaren dynamischen inhaltsbasierten Routing | |
| WO2008016694A3 (en) | Improved distribution of content on a network | |
| MX2009003549A (es) | Ejecucion fuera de linea de aplicaciones basadas en web. | |
| DE602005021550D1 (de) | Verfahren und einrichtung zur ermöglichung des zugriffs auf geschützte informationen für einen benutzer einer internet-anwendung | |
| WO2007076074A3 (en) | System and method for cross-domain social networking | |
| WO2009108732A3 (en) | Electronic profile development, storage, use and systems for taking action based thereon | |
| ATE537652T1 (de) | Gemeinsame benutzung von multimedia-inhalt in einer peer-to-peer-konfiguration | |
| CL2007001510A1 (es) | Metodos y dispositivos de computacion cliente que permiten delegar credenciales de usuario desde el dispositivo de computacion cliente a un dispositivo de computacion seridor en una red de computacion, eventualmente en una sola conexion, y obtener seguro a recursos del servidor. | |
| WO2013032515A3 (en) | Systems and methods for application identification | |
| EP1909462A3 (de) | Verfahren zur unterteilten Bereitstellung eines elektronischen Dienstes | |
| FI20115168L (fi) | Menetelmä ja laitejärjestely kiinteistöjen etähallinnan toteuttamiseksi | |
| BR112013004094A2 (pt) | isim transferível por download. | |
| WO2008135620A8 (es) | Acceso desde un terminal remoto a la información de un terminal móvil | |
| JP2018514102A5 (de) | ||
| ATE540519T1 (de) | Verfahren und vorrichtung zur gemeinsamen nutzung von verbindungen von gemeinsamem interesse zwischen kommunikationsgeräten |