CN109426502A - A kind of method for protecting of front and back end separation architecture - Google Patents

A kind of method for protecting of front and back end separation architecture Download PDF

Info

Publication number
CN109426502A
CN109426502A CN201710539051.5A CN201710539051A CN109426502A CN 109426502 A CN109426502 A CN 109426502A CN 201710539051 A CN201710539051 A CN 201710539051A CN 109426502 A CN109426502 A CN 109426502A
Authority
CN
China
Prior art keywords
authority
client
request
code
backend services
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201710539051.5A
Other languages
Chinese (zh)
Inventor
马明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Potevio Information Technology Co Ltd
Putian Information Technology Co Ltd
Original Assignee
Putian Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Putian Information Technology Co Ltd filed Critical Putian Information Technology Co Ltd
Priority to CN201710539051.5A priority Critical patent/CN109426502A/en
Publication of CN109426502A publication Critical patent/CN109426502A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/41Compilation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment

Abstract

The present invention provides a kind of method for protecting of front and back end separation architecture, comprising: obtains key code and sensitive data;Key code and sensitive data are compiled by LLVM, obtain intermediate code;Intermediate code is compiled by LLVM, obtains object code, and generate file destination;File destination is linked together into generation executable file by linker, and is integrated into Black smoker;The present invention also provides the clients in a kind of front and back end separation architecture, comprising: several business modules and Black smoker.This method and client provided by the invention, by the way that the key code of client and sensitive data are compiled into object code, and generate file destination, finally it is integrated into Black smoker, it is mainly made of number and character using object code, stealer, which can not identify, is compiled into object code by key code and sensitive data, and can not analyze code logic by code crack tool, makes the key code of client and sensitive data that can not be stolen.

Description

A kind of method for protecting of front and back end separation architecture
Technical field
The present invention relates to field of information security technology, more particularly, to a kind of safety guarantee of front and back end separation architecture Method.
Background technique
WEB (World Wide Web) i.e. global wide area network, also referred to as WWW, it is a kind of global, dynamic friendship Mutual, cross-platform distributed graphic information system.A kind of network service being built upon on Internet exists for viewer Information is searched and browsed on Internet provides patterned, easily accessed intuitive interface, document therein and super chain It connects and the information node on Internet is organized into an associated reticular structure each other.
In WEB project at this stage, the application of front and rear end (being often referred to client and server) separation architecture is very Generally, it is widely used in all kinds of engineerings such as single page surface model, cordova.Rear end is only responsible for providing data and calculating, and not responsible Show, and front end is then responsible for after receiving data, is organized organization data and is showed.Such front and back end separation architecture is clear in structure, respectively It is separated from emphasis, relatively independent and loose coupling can be become between front and back end.The first purpose of this front and rear end separation is Accomplish division of labor based on specialization, improve the quality and development efficiency of project, front end can also be reduced to the accordance with tolerance of rear end.
Currently, modes such as the front end of this front and back end separation architecture generally use JavaScript encryption, source code is obscured The source code and significant data for avoiding front end are stolen, but these methods are only reduction of the readability of source code, and can not It leans on, can still carry out the trace analysis of code such as Google's developer's tool using some client Commissioning Analysis tools, know The logic of source code, therefore the safety of front end source code and significant data can not be ensured completely.
Summary of the invention
In order to overcome the above problem or at least be partially solved the above problem, the present invention provides a kind of front and back end separator frame The method for protecting of structure.
According to an aspect of the present invention, a kind of method for protecting of front and back end separation architecture is provided, comprising: obtain and close Key code and sensitive data;Key code and sensitive data are compiled by LLVM, obtain intermediate code;Pass through LLVM pairs Intermediate code is compiled, and obtains object code, and generate file destination;File destination is linked together into life by linker At executable file, and it is integrated into Black smoker.
Wherein, key code and sensitive data are compiled by LLVM, after acquisition intermediate code, further includes: logical LLVM is crossed to optimize intermediate code.
Wherein, file destination is linked together by generation executable file by linker, and be integrated into Black smoker it Afterwards, further includes: generate front-end business request, the authority that Black smoker saves is added to front-end business request, generates rear end industry Business request;By backend services request be sent to server end, for server end according to backend services request carry authority into Row authentication.
Wherein, before generation front-end business request, further includes: when detecting that user logs in, generates authority generation and request, and It is sent to server end, returns to authority so that server end generates request according to authority;It receives authority and saves to Black smoker.
Another aspect of the present invention provides a kind of method for protecting of front and back end separation architecture, comprising: receives client The backend services of transmission are requested;Authentication is carried out according to the authority that backend services request carries.
Wherein, after according to the authority progress authentication of backend services request carrying, further includes: if authentication is logical It crosses, then backend services is requested to carry out safety certification;If passing through to the safety certification of backend services request, according to backend services Corresponding business processing is done in request.
Wherein, before the backend services request for receiving client transmission, further includes: receive the authority that client is sent and generate Request generates request to authority and carries out safety certification;If the safety certification for generating request to authority passes through, authority is generated;It will Authority is back to client, so that client saves authority to Black smoker.
Another aspect of the present invention provides the client in a kind of front and back end separation architecture, comprising: several business modules and Black smoker, Black smoker are integrated by file destination and are generated, and file destination is compiled by the key code and sensitive data of client It generates, Black smoker is stored in service request and carries out for preventing the key code of client and sensitive data to be stolen The authority of authentication.
Another aspect of the present invention provides a kind of computer program product, and the computer program product is non-including being stored in Computer program in transitory computer readable storage medium, the computer program include program instruction, when the program instruction quilt When computer executes, computer is made to execute above-mentioned method.
Another aspect of the present invention provides a kind of non-transient computer readable storage medium, and the non-transient computer is readable Storage medium stores computer program, which makes computer execute above-mentioned method.
The method for protecting of front and back end separation architecture provided by the invention, by by the key code and sensitivity of client Data compilation generates file destination at object code, is finally integrated into Black smoker, using object code mainly by number and Character composition, stealer, which can not identify, is compiled into object code by key code and sensitive data, and can not be broken by code Tool analysis code logic is solved, makes the key code of client and sensitive data that can not be stolen.
Detailed description of the invention
It, below will be to embodiment or the prior art in order to illustrate more clearly of the present invention or technical solution in the prior art Attached drawing needed in description is briefly described, it should be apparent that, the accompanying drawings in the following description is of the invention one A little embodiments for those of ordinary skill in the art without creative efforts, can also be according to these Attached drawing obtains other attached drawings.
Fig. 1 is the flow chart according to the method for protecting of the front and back end separation architecture of the embodiment of the present invention;
Fig. 2 is the schematic diagram according to the LLVM framework of the embodiment of the present invention;
Fig. 3 is the flow chart according to the client requested service of the embodiment of the present invention;
Fig. 4 is the flow chart generated according to the authority of the embodiment of the present invention;
Fig. 5 is the schematic diagram according to the client in the front and back end separation architecture of the embodiment of the present invention.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with attached in the embodiment of the present invention Figure, is clearly and completely described the technical solution in the present invention, it is clear that described embodiment is a part of the invention Embodiment, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not making wound Every other embodiment obtained under the premise of the property made labour, shall fall within the protection scope of the present invention.
In one embodiment of the invention, a kind of method for protecting of front and back end separation architecture is provided, comprising: S11, Obtain key code and sensitive data;S12 is compiled key code and sensitive data by LLVM, obtains intermediate code; S13 is compiled intermediate code by LLVM, obtains object code, and generate file destination;S14, by linker by mesh Mark file links together generation executable file, and is integrated into Black smoker.
Specifically, client (Client) refers to corresponding with server end (Server), local service is provided for user, Other than some application programs in local runtime, some programs of client are typically mounted in common client computer, Need operation of working in coordination with server end.After development of Internet, more common client includes as WWW uses Web browser receives email client and the client software of instant messaging etc. when posting Email.For this Class application program needs to have corresponding server and service routine in network to provide corresponding service, such as database service, electricity Sub- mail service etc..In the separation architecture of front and back end, between client and server end, by establishing specific communication Connection, to guarantee the normal operation of application program.
Client is user oriented under normal conditions, and the source code or significant data of client are easy to be attacked, Client generallys use source code compression, the modes such as obscures and encrypt the source code of client and significant data is avoided to be stolen at present It takes or attacks, but these methods are only reduction of the readability of source code, and unreliable.
LLVM is the frame system of framework compiler (compiler), and structure chart is as shown in Fig. 2, LLVM core library provides Support relevant to compiler, can be used as multilingual (such as C, C++, Objective-C and Swift) compiler Backstage uses, and provides a kind of good intermediate code of the form of expression (IR), and LLVM core library can be realized program language Compiling optimization, link optimized, code building etc.;LLVM is a modularization and reusable compiler and tool Set.
It, will be in the software program of client before the program of client is installed to common client computer in the present embodiment The front end for needing key code and sensitive data to be protected to first pass through LLVM is compiled into intermediate code, then passes through intermediate code The rear end of LLVM is compiled into object code, and then at file destination, file destination is linked together generation by linker can File, such as unreadable JS file are executed, and is integrated into Black smoker, wherein further including passing through after obtaining intermediate code LLVM optimizes intermediate code.
Object code refers to that compiler or assembler handle code generated after source code in computer science, it is general It is made of machine code.File destination, that is, stored target code computer documents, it is often referred to as binary file.Target text Part includes the data that machine code and machine code use at runtime, such as relocation information, as linking or debugging Procedure sign additionally includes other Debugging message.
Machine code is also referred to as machine language, is an instruction system and the data that are directly understood by target machine, mainly It is made of number and character, code crack tool can not analyze its code logic, therefore key code and sensitive data are through above-mentioned After compilation process generates object code, it can not be stolen by way of analyzing code logic, after being integrated into Black smoker, user The content that need not yet know machine code is not needed, the business module of client calls certain in Black smoker by interface Function, crucial logic operation or operation are completed inside Black smoker.
Key code in the present embodiment includes the key code of business module and other needs code to be protected, wherein The key code of business module refers to the core code from each business module of client, other that code to be protected is needed to refer to It is not intended to user by checking that document code that web page source code is seen, needing to be protected, sensitive data refer to To the data of user's personal information.
The present embodiment generates target text by the way that the key code of client and sensitive data are compiled into object code Part is finally integrated into Black smoker, is mainly made of number and character using object code, stealer can not identify by crucial generation Code and sensitive data are compiled into object code, and can not analyze code logic by code crack tool, make the pass of client Key code and sensitive data can not be stolen.
Based on above embodiments, file destination is linked together by generation executable file by linker, and be integrated into After Black smoker, further includes: front-end business request is generated, the authority that Black smoker saves is added to front-end business request, Generate backend services request;Backend services request is sent to server end, so that server end is taken according to backend services request The authority of band carries out authentication.
Specifically, being based on front and back end separation architecture, if it is intended to obtaining information, palpus sends business by client and ask user It asks, server end receives ability customer in response end after request performs corresponding processing, in this process, the information meeting of user It, may be by other unknown network server access, if the personal secret letter of the information user of user by Internet communication Breath, it is possible to leaking data is caused, to cause the safety problem of network.
Most basic safeguard protection is that user has only passed through authentication could obtain desired letter from server end Breath, has referred here to the authentication at client and server end.The authentication of called customer terminal, refers to client-side program User is examined to input the legitimacy of information, such as some user logs in the personal website of oneself, in log-in interface, user must be by As requested inputs legal information, and information could be passed to server end, then proceed to be authenticated in server end by client.One As for, client certificate is mainly exactly to be filtered using VBS or JavaScript etc. to data before list is submitted, this is right It for most user is feasible, once user setting browser forbids Run Script code, then all clients Certification can all fail, and only authenticate in client to the information of user's typing, it turns out that this is very dangerous , it is therefore desirable to continue to authenticate in server end.
In the present embodiment, as shown in figure 3, the business module of client issues front-end business request, and Black smoker is called Interface, Black smoker handle front-end business request, the authority saved be added to front-end business request, generation backend services Request;Backend services request is sent to server end by client, since backend services request carries authority, service Device end can request the authority carried to carry out authentication according to backend services, avoid not to be deployed in due to front and back end in this way In one application server, when being communicated each other by cross-domain access, nothing is caused due to natural deletions session etc. Method carries out the case where authentication.
Wherein, the data during client requested service are transmitted by HTTPS exit passageway, HTTP Agreement sends content with clear-text way, the data encryption of any mode is not provided, if attacker has intercepted client and service Transmitting message between device end, so that it may directly understand information therein, therefore http protocol is not suitable for some sensitive letters of transmission Breath, such as credit number, password etc..HTTPS(Hyper Text Transfer Protocol over Secure Socket It Layer is) so that for the channel of target, it is widely used in the communication of security sensitive on WWW safely.In the present embodiment, client It holds the data during sending service request to server end to transmit by HTTPS exit passageway, can guarantee service request Data will not be intercepted by attacker, to ensure the safety of the data of the authority and service request during service request.
Based on above embodiments, before generation front-end business request, further includes: when detecting that user logs in, generate authority Request is generated, and is sent to server end, returns to authority so that server end generates request according to authority;It receives authority and saves To Black smoker.
Specifically, as shown in figure 4, user according to the account and password login client of registration after, registering service module tune Authority is generated with the interface of Black smoker and generates request, and the request is sent to server end, server by exit passageway The security authentication module at end receives the request, carries out safety certification;If safety certification is illegal, authority application failure, such as Fruit safety certification is legal, then security authentication module calls authority management module, and request generates authority, and authority management module will generate Authority return to security authentication module, security authentication module passes through exit passageway again and authority is passed to client, client Authority is passed into Black smoker, authority is taken care of by Black smoker, and is protected by Black smoker.
In yet another embodiment of the present invention, a kind of method for protecting of front and back end separation architecture is provided, comprising: connect Receive the backend services request that client is sent;Authentication is carried out according to the authority that backend services request carries;If authentication Pass through, then backend services is requested to carry out safety certification;If passing through to the safety certification of backend services request, according to rear end industry Corresponding business processing is done in business request.
Specifically, received server-side is requested and is carried out corresponding as shown in figure 3, user is by client request business After processing could customer in response end, in this process, user cross-domain is asked by client transmission one When asking, client business module calls a certain interface of Black smoker, and Black smoker responds business module and calls, and generates corresponding Front-end business requests and encrypts, encapsulates to front-end business request, conversion process is requested at backend services, wherein to front end Service request is encrypted, is encapsulated, including that authority is added to front-end business request in translation process;Backend services request quilt It is sent to server end, the request of received server-side backend services first passes through authentication module to backend services request and does body Part certification, filters out and pretends to be request, and to the backend services request by authentication, through safety certification module does safety certification Processing, guarantees data integrity, legitimacy, requests to decode and be sent to service response module to do to backend services after confirmation is legal Business processing;Wherein, if access, server end are refused in authentication failure or safety certification failure, the request of client To the business processing that begs off from doing.
The present embodiment is by being used for authentication for authority during client requested service, into one Step strengthens the safe transmission and operation of sensitive data between client and server under the separation architecture of front and back end.
Based on above embodiments, before the backend services request for receiving client transmission, further includes: receive client and send Authority generate request, to authority generate request carry out safety certification;If the safety certification for generating request to authority passes through, give birth to At authority;Authority is back to client, so that client saves authority to Black smoker.
Specifically, as shown in figure 4, the authority that received server-side client is sent generates request, the safety of server end Authentication module receives the request, carries out safety certification;If safety certification is illegal, authority application failure, if safety is recognized It is legal to demonstrate,prove, then security authentication module calls authority management module, and request generates authority, and authority management module returns the authority of generation Back to security authentication module, security authentication module passes through exit passageway again and authority is passed to client.
In yet another embodiment of the present invention, with reference to Fig. 5, the client in a kind of front and back end separation architecture, packet are provided Include: several business modules and Black smoker, Black smoker by file destination integrate generate, file destination by client crucial generation Code and sensitive data compiling generate, and Black smoker is saved for preventing the key code of client and sensitive data to be stolen The authority of authentication is carried out in service request.
Client includes several business modules, and business module user oriented responds the relevant operation of user, and executes correspondence Function;Client further includes Black smoker, and Black smoker is integrated by file destination and generated, file destination by client key Code and sensitive data compiling generate, and Black smoker is used to that the key code of client and sensitive data to be prevented to be stolen, and The authority of authentication is carried out during for being stored in client requested service, thus, client passes through Black smoker prevents the key code of client and sensitive data to be stolen, and also ensures the peace of the authority for authentication Entirely.
As another embodiment of the invention, a kind of computer program product is provided, which includes The computer program being stored in non-transient computer readable storage medium, the computer program include program instruction, work as program When instruction is computer-executed, computer is able to carry out method provided by above-mentioned each method embodiment, for example, obtains and closes Key code and sensitive data;Key code and sensitive data are compiled by LLVM, obtain intermediate code;Pass through LLVM pairs Intermediate code is compiled, and obtains object code, and generate file destination;File destination is linked together into life by linker At executable file, and it is integrated into Black smoker.
As another embodiment of the invention, a kind of non-transient computer readable storage medium is provided, the non-transient meter Calculation machine readable storage medium storing program for executing stores computer program, which propose the above-mentioned each method embodiment of computer execution The method of confession, for example, obtain key code and sensitive data;Key code and sensitive data are compiled by LLVM It translates, obtains intermediate code;Intermediate code is compiled by LLVM, obtains object code, and generate file destination;Pass through chain It connects device and file destination is linked together into generation executable file, and be integrated into Black smoker.
Those of ordinary skill in the art will appreciate that: realize that all or part of the steps of above method embodiment can pass through Computer program instructions relevant hardware is completed, and computer program above-mentioned can store to be situated between in a computer-readable storage In matter, which when being executed, executes step including the steps of the foregoing method embodiments;And storage medium above-mentioned includes: The various media that can store program code such as ROM, RAM, magnetic or disk.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can It realizes by means of software and necessary general hardware platform, naturally it is also possible to pass through hardware.Based on this understanding, on Stating technical solution, substantially the part that contributes to existing technology can be embodied in the form of software products in other words, should Computer software product may be stored in a computer readable storage medium, such as ROM/RAM, magnetic disk, CD, including several fingers It enables and using so that a computer equipment (can be personal computer, server or the network equipment etc.) executes each implementation Method described in certain parts of example or embodiment.
Finally, it is stated that: the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although ginseng According to previous embodiment, invention is explained in detail, those skilled in the art should understand that: it still can be with It modifies the technical solutions described in the foregoing embodiments or equivalent replacement of some of the technical features;And These are modified or replaceed, the spirit and model of technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution It encloses.

Claims (10)

1. a kind of method for protecting of front and back end separation architecture characterized by comprising
Obtain key code and sensitive data;
The key code and sensitive data are compiled by LLVM, obtain intermediate code;
The intermediate code is compiled by the LLVM, obtains object code, and generate file destination;
The file destination is linked together into generation executable file by linker, and is integrated into Black smoker.
2. the method for protecting of front and back end separation architecture according to claim 1, which is characterized in that described by described LLVM is compiled the key code and sensitive data, after acquisition intermediate code, further includes:
The intermediate code is optimized by the LLVM.
3. the method for protecting of front and back end separation architecture according to claim 1, which is characterized in that described to pass through link The file destination is linked together generation executable file by device, and is integrated into after Black smoker, further includes:
Front-end business request is generated, the authority that the Black smoker is saved is added to the front-end business request, generates Backend services request;
Backend services request is sent to the server end, so that the server end is requested according to the backend services The authority carried carries out authentication.
4. the method for protecting of front and back end separation architecture according to claim 3, which is characterized in that the generation front end Before service request, further includes:
When detecting that user logs in, generates authority and generate request, and be sent to server end, so that the server end is according to institute It states authority and generates the request return authority;
It receives the authority and saves to the Black smoker.
5. a kind of method for protecting of front and back end separation architecture characterized by comprising
Receive the backend services request that client is sent;
Authentication is carried out according to the authority that backend services request carries.
6. the method for protecting of front and back end separation architecture according to claim 5, which is characterized in that described according to The authority that backend services request carries carries out after authentication, further includes:
If the authentication passes through, the backend services are requested to carry out safety certification;
If passing through to the safety certification of backend services request, done at corresponding business according to backend services request Reason.
7. the method for protecting of front and back end separation architecture according to claim 5, which is characterized in that the reception client Before the backend services request that end is sent, further includes:
It receives the authority that the client is sent and generates request, request is generated to the authority and carries out safety certification;
If the safety certification for generating request to the authority passes through, authority is generated;
The authority is back to the client, so that the client saves the authority to the Black smoker.
8. the client in a kind of front and back end separation architecture characterized by comprising several business modules and Black smoker, institute It states Black smoker and generation is integrated by file destination, the file destination compiles life by the key code and sensitive data of client At the Black smoker is stored in service request for preventing the key code of the client and sensitive data to be stolen The middle authority for carrying out authentication.
9. a kind of computer program product, which is characterized in that the computer program product includes being stored in non-transient computer Computer program on readable storage medium storing program for executing, the computer program include program instruction, when described program is instructed by computer When execution, the computer is made to execute the method as described in claim 1 to 7 is any.
10. a kind of non-transient computer readable storage medium, which is characterized in that the non-transient computer readable storage medium is deposited Computer program is stored up, the computer program makes the computer execute the method as described in claim 1 to 7 is any.
CN201710539051.5A 2017-07-04 2017-07-04 A kind of method for protecting of front and back end separation architecture Withdrawn CN109426502A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710539051.5A CN109426502A (en) 2017-07-04 2017-07-04 A kind of method for protecting of front and back end separation architecture

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710539051.5A CN109426502A (en) 2017-07-04 2017-07-04 A kind of method for protecting of front and back end separation architecture

Publications (1)

Publication Number Publication Date
CN109426502A true CN109426502A (en) 2019-03-05

Family

ID=65497630

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710539051.5A Withdrawn CN109426502A (en) 2017-07-04 2017-07-04 A kind of method for protecting of front and back end separation architecture

Country Status (1)

Country Link
CN (1) CN109426502A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103888410A (en) * 2012-12-19 2014-06-25 卓望数码技术(深圳)有限公司 Application authentication method and system
CN104881611A (en) * 2014-02-28 2015-09-02 国际商业机器公司 Method and apparatus for protecting sensitive data in software product
CN105912381A (en) * 2016-04-27 2016-08-31 华中科技大学 Compile-time code security detection method based on rule base

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103888410A (en) * 2012-12-19 2014-06-25 卓望数码技术(深圳)有限公司 Application authentication method and system
CN104881611A (en) * 2014-02-28 2015-09-02 国际商业机器公司 Method and apparatus for protecting sensitive data in software product
CN105912381A (en) * 2016-04-27 2016-08-31 华中科技大学 Compile-time code security detection method based on rule base

Similar Documents

Publication Publication Date Title
JP6527590B2 (en) System and method for detecting covert channel network intrusion based on offline network traffic
US9118720B1 (en) Selective removal of protected content from web requests sent to an interactive website
EP2976709B1 (en) Systems and methods for intercepting, processing, and protecting user data through web application pattern detection
US9836612B2 (en) Protecting data
US8838951B1 (en) Automated workflow generation
CN104067561A (en) Dynamically scanning a WEB application through use of WEB traffic information
CN103329129A (en) Multi-tenant audit awareness in support of cloud environments
US20130019314A1 (en) Interactive virtual patching using a web application server firewall
US9032519B1 (en) Protecting websites from cross-site scripting
US8103607B2 (en) System comprising a proxy server including a rules engine, a remote application server, and an aspect server for executing aspect services remotely
Serketzis et al. Actionable threat intelligence for digital forensics readiness
WO2018018699A1 (en) Website scripting attack prevention method and device
Vasileios Grammatopoulos et al. A web tool for analyzing FIDO2/WebAuthn Requests and Responses
CN110581841A (en) Back-end anti-crawler method
US11240210B2 (en) Methods, apparatuses, and systems for acquiring local information
Brinhosa et al. Proposal and development of the web services input validation model
Zhao et al. Dynamic taint tracking of web application based on static code analysis
US20090313276A1 (en) Process and device for data conversion, and computer-readable recording medium storing data conversion program
CN106888200A (en) Mark correlating method, method for sending information and device
CN109426502A (en) A kind of method for protecting of front and back end separation architecture
Goldsteen et al. Application-screen masking: a hybrid approach
US20220237314A1 (en) Reinforcing SQL transactions dynamically to prevent injection attacks
US8180854B2 (en) Aspect services
Mathas Secure coding practices for web applications
Mangla Securing CI/CD Pipeline: Automating the detection of misconfigurations and integrating security tools

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20190305

WW01 Invention patent application withdrawn after publication