PT3130123T - Deteção de manipulação de aplicações - Google Patents

Deteção de manipulação de aplicações

Info

Publication number
PT3130123T
PT3130123T PT15712379T PT15712379T PT3130123T PT 3130123 T PT3130123 T PT 3130123T PT 15712379 T PT15712379 T PT 15712379T PT 15712379 T PT15712379 T PT 15712379T PT 3130123 T PT3130123 T PT 3130123T
Authority
PT
Portugal
Prior art keywords
manipulation
applications
detection
Prior art date
Application number
PT15712379T
Other languages
English (en)
Original Assignee
Hdiv Security S L
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hdiv Security S L filed Critical Hdiv Security S L
Publication of PT3130123T publication Critical patent/PT3130123T/pt

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
PT15712379T 2014-04-11 2015-03-27 Deteção de manipulação de aplicações PT3130123T (pt)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP14382140 2014-04-11

Publications (1)

Publication Number Publication Date
PT3130123T true PT3130123T (pt) 2021-10-15

Family

ID=50624533

Family Applications (1)

Application Number Title Priority Date Filing Date
PT15712379T PT3130123T (pt) 2014-04-11 2015-03-27 Deteção de manipulação de aplicações

Country Status (6)

Country Link
US (1) US10581905B2 (pt)
EP (1) EP3130123B1 (pt)
DK (1) DK3130123T3 (pt)
ES (1) ES2892849T3 (pt)
PT (1) PT3130123T (pt)
WO (1) WO2015155028A1 (pt)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10129285B2 (en) * 2016-04-27 2018-11-13 Sap Se End-to-end taint tracking for detection and mitigation of injection vulnerabilities in web applications
CN115052037B (zh) * 2022-08-12 2022-12-27 北京搜狐新动力信息技术有限公司 客户端检测方法、装置、存储介质和设备

Family Cites Families (106)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0950968A4 (en) * 1997-08-13 2004-05-19 Matsushita Electric Ind Co Ltd MOBILE ELECTRONIC TRADING SYSTEM
US6112319A (en) * 1998-02-20 2000-08-29 Micron Electronics, Inc. Method and system for verifying the accuracy of stored data
US6877095B1 (en) * 2000-03-09 2005-04-05 Microsoft Corporation Session-state manager
US20020091991A1 (en) * 2000-05-11 2002-07-11 Castro Juan Carlos Unified real-time microprocessor computer
US6826443B2 (en) * 2001-11-29 2004-11-30 Agilent Technologies, Inc. Systems and methods for managing interaction with a presentation of a tree structure in a graphical user interface
US7664845B2 (en) * 2002-01-15 2010-02-16 Mcafee, Inc. System and method for network vulnerability detection and reporting
US7243148B2 (en) * 2002-01-15 2007-07-10 Mcafee, Inc. System and method for network vulnerability detection and reporting
US7152105B2 (en) * 2002-01-15 2006-12-19 Mcafee, Inc. System and method for network vulnerability detection and reporting
US7543056B2 (en) * 2002-01-15 2009-06-02 Mcafee, Inc. System and method for network vulnerability detection and reporting
US7257630B2 (en) * 2002-01-15 2007-08-14 Mcafee, Inc. System and method for network vulnerability detection and reporting
US7596804B2 (en) * 2002-07-02 2009-09-29 Aol Llc Seamless cross-site user authentication status detection and automatic login
US7472413B1 (en) * 2003-08-11 2008-12-30 F5 Networks, Inc. Security for WAP servers
US7032042B2 (en) * 2003-09-10 2006-04-18 Intel Corporation Request conversion
US7565538B2 (en) * 2004-04-05 2009-07-21 Microsoft Corporation Flow token
US7207065B2 (en) * 2004-06-04 2007-04-17 Fortify Software, Inc. Apparatus and method for developing secure software
JP4789933B2 (ja) * 2004-06-04 2011-10-12 フォーティファイ ソフトウェア, エルエルシー セキュアーソフトウェアを開発し、テストし、監視するための装置および方法
US8266676B2 (en) * 2004-11-29 2012-09-11 Harris Corporation Method to verify the integrity of components on a trusted platform using integrity database services
US20060123167A1 (en) * 2004-12-08 2006-06-08 Jeppsen Roger C Request conversion
US7757282B2 (en) * 2005-05-20 2010-07-13 Microsoft Corporation System and method for distinguishing safe and potentially unsafe data during runtime processing
US20060271917A1 (en) * 2005-05-31 2006-11-30 Microsoft Corporation State-based source code annotation
US20070157156A1 (en) * 2005-12-29 2007-07-05 Microsoft Corporation Information models and the application life cycle
US7788235B1 (en) * 2006-09-29 2010-08-31 Symantec Corporation Extrusion detection using taint analysis
WO2008047351A2 (en) * 2006-10-19 2008-04-24 Checkmarx Ltd. Locating security vulnerabilities in source code
US7895601B2 (en) * 2007-01-10 2011-02-22 International Business Machines Corporation Collective send operations on a system area network
US20080184208A1 (en) * 2007-01-30 2008-07-31 Sreedhar Vugranam C Method and apparatus for detecting vulnerabilities and bugs in software applications
US7870610B1 (en) * 2007-03-16 2011-01-11 The Board Of Directors Of The Leland Stanford Junior University Detection of malicious programs
US8051486B2 (en) * 2007-05-24 2011-11-01 Oracle International Corporation Indicating SQL injection attack vulnerability with a stored value
US8677141B2 (en) * 2007-11-23 2014-03-18 Microsoft Corporation Enhanced security and performance of web applications
US8045553B2 (en) * 2008-08-04 2011-10-25 Ciena Corporation Processing, forming, modifying, and comparing packet data structures
US8830845B2 (en) * 2008-08-04 2014-09-09 Ciena Corporation Packet switch modeling and using a packet switch model to test a packet switch
US20100037317A1 (en) * 2008-08-06 2010-02-11 Jeong Wook Oh Mehtod and system for security monitoring of the interface between a browser and an external browser module
US9264443B2 (en) * 2008-08-25 2016-02-16 International Business Machines Corporation Browser based method of assessing web application vulnerability
US8429633B2 (en) * 2008-11-21 2013-04-23 International Business Machines Corporation Managing memory to support large-scale interprocedural static analysis for security problems
US8347393B2 (en) * 2009-01-09 2013-01-01 Hewlett-Packard Development Company, L.P. Method and system for detecting a state of a web application using a signature
US8006140B2 (en) * 2009-05-05 2011-08-23 Oracle International Corporation Diagnostic solution for web service process flows
US8365290B2 (en) * 2009-05-15 2013-01-29 Frederick Young Web application vulnerability scanner
US8578342B2 (en) * 2009-07-14 2013-11-05 International Business Machines Corporation Fault detection and localization in dynamic software applications requiring user inputs and persistent states
US20110016456A1 (en) * 2009-07-14 2011-01-20 International Business Machines Corporation Generating additional user inputs for fault detection and localization in dynamic software applications
US8516449B2 (en) * 2009-07-14 2013-08-20 International Business Machines Corporation Detecting and localizing security vulnerabilities in client-server application
WO2011073982A1 (en) * 2009-12-15 2011-06-23 Seeker Security Ltd. Method and system of runtime analysis
US8640216B2 (en) * 2009-12-23 2014-01-28 Citrix Systems, Inc. Systems and methods for cross site forgery protection
US9210184B2 (en) * 2009-12-29 2015-12-08 International Business Machines Corporation Determining the vulnerability of computer software applications to attacks
US9058489B2 (en) * 2010-01-25 2015-06-16 Samsung Electronics Co., Ltd. Marking documents with executable text for processing by computing systems
US8997217B2 (en) * 2010-01-25 2015-03-31 Samsung Electronics Co., Ltd. Safely processing and presenting documents with executable text
US8615804B2 (en) * 2010-02-18 2013-12-24 Polytechnic Institute Of New York University Complementary character encoding for preventing input injection in web applications
US8850219B2 (en) * 2010-05-13 2014-09-30 Salesforce.Com, Inc. Secure communications
US8819637B2 (en) * 2010-06-03 2014-08-26 International Business Machines Corporation Fixing security vulnerability in a source code
US8914879B2 (en) * 2010-06-11 2014-12-16 Trustwave Holdings, Inc. System and method for improving coverage for web code
US8572574B2 (en) * 2010-07-16 2013-10-29 Fujitsu Limited Solving hybrid constraints to validate specification requirements of a software module
US20120017119A1 (en) * 2010-07-16 2012-01-19 Fujitsu Limited Solving Hybrid Constraints to Generate Test Cases for Validating a Software Module
US20120017200A1 (en) * 2010-07-16 2012-01-19 Fujitsu Limited Solving Hybrid Constraints to Validate a Security Software Module for Detecting Injection Attacks
US9021586B2 (en) * 2010-07-20 2015-04-28 At&T Intellectual Property I, L.P. Apparatus and methods for preventing cross-site request forgery
US10375107B2 (en) * 2010-07-22 2019-08-06 International Business Machines Corporation Method and apparatus for dynamic content marking to facilitate context-aware output escaping
US10372899B2 (en) * 2010-07-22 2019-08-06 International Business Machines Corporation Method and apparatus for context-aware output escaping using dynamic content marking
US8656496B2 (en) * 2010-11-22 2014-02-18 International Business Machines Corporations Global variable security analysis
US8898776B2 (en) * 2010-12-28 2014-11-25 Microsoft Corporation Automatic context-sensitive sanitization
US8646088B2 (en) * 2011-01-03 2014-02-04 International Business Machines Corporation Runtime enforcement of security checks
US20120192280A1 (en) * 2011-01-20 2012-07-26 Board Of Trustees Of The University Of Illinois Apparatus for enhancing web application security and method therefor
US8627465B2 (en) * 2011-04-18 2014-01-07 International Business Machines Corporation Automatic inference of whitelist-based validation as part of static analysis for security
US8949992B2 (en) * 2011-05-31 2015-02-03 International Business Machines Corporation Detecting persistent vulnerabilities in web applications
US8931102B2 (en) * 2011-06-01 2015-01-06 International Business Machines Corporation Testing web applications for file upload vulnerabilities
US9032528B2 (en) * 2011-06-28 2015-05-12 International Business Machines Corporation Black-box testing of web applications with client-side code evaluation
US20130019314A1 (en) * 2011-07-14 2013-01-17 International Business Machines Corporation Interactive virtual patching using a web application server firewall
US8955111B2 (en) * 2011-09-24 2015-02-10 Elwha Llc Instruction set adapted for security risk monitoring
US9460290B2 (en) * 2011-07-19 2016-10-04 Elwha Llc Conditional security response using taint vector monitoring
US9298918B2 (en) * 2011-11-30 2016-03-29 Elwha Llc Taint injection and tracking
US9443085B2 (en) * 2011-07-19 2016-09-13 Elwha Llc Intrusion detection using taint accumulation
US9118713B2 (en) * 2011-09-26 2015-08-25 The Board Of Trustees Of The University Of Illinois System and a method for automatically detecting security vulnerabilities in client-server applications
US8572750B2 (en) * 2011-09-30 2013-10-29 International Business Machines Corporation Web application exploit mitigation in an information technology environment
US9032529B2 (en) * 2011-11-30 2015-05-12 International Business Machines Corporation Detecting vulnerabilities in web applications
US20130160132A1 (en) * 2011-12-14 2013-06-20 Polina Genova Cross-site request forgery protection
US20130179863A1 (en) * 2012-01-11 2013-07-11 Microsoft Corporation Bug variant detection using program analysis and pattern identification
US9191285B1 (en) * 2012-03-14 2015-11-17 Domo, Inc. Automatic web service monitoring
US9015831B2 (en) * 2012-08-08 2015-04-21 Synopsys, Inc Method and apparatus for static taint analysis of computer program code
US9256511B2 (en) * 2012-09-04 2016-02-09 International Business Machines Corporation Computer software application self-testing
US9141807B2 (en) * 2012-09-28 2015-09-22 Synopsys, Inc. Security remediation
US9292693B2 (en) * 2012-10-09 2016-03-22 International Business Machines Corporation Remediation of security vulnerabilities in computer software
US8850581B2 (en) * 2012-11-07 2014-09-30 Microsoft Corporation Identification of malware detection signature candidate code
WO2014076773A1 (ja) * 2012-11-13 2014-05-22 富士通株式会社 ネットワークのフィルタリング装置、及びフィルタリング方法
US9635033B2 (en) * 2012-11-14 2017-04-25 University Of Virginia Patent Foundation Methods, systems and computer readable media for detecting command injection attacks
US20140157419A1 (en) * 2012-12-05 2014-06-05 International Business Machines Corporation Discovery of application vulnerabilities involving multiple execution flows
US9171150B2 (en) * 2012-12-14 2015-10-27 Salesforce.Com, Inc. System and method for dynamic analysis tracking objects for application dataflow
US9171169B2 (en) * 2012-12-14 2015-10-27 Salesforce.Com, Inc. System and method for dynamic analysis wrapper objects for application dataflow
US9177137B2 (en) * 2012-12-14 2015-11-03 Salesforce.Com, Inc. System and method for dynamic analysis tracking object associations for application dataflow
US9170908B2 (en) * 2012-12-14 2015-10-27 Salesforce.Com, Inc. System and method for dynamic analysis bytecode injection for application dataflow
US20140208428A1 (en) * 2013-01-23 2014-07-24 International Business Machines Corporation Mitigating security risks via code movement
US9507943B1 (en) * 2013-02-19 2016-11-29 Amazon Technologies, Inc. Analysis tool for data security
US9384354B2 (en) * 2013-02-20 2016-07-05 International Business Machines Corporation Rule matching in the presence of languages with no types or as an adjunct to current analyses for security vulnerability analysis
US9471533B1 (en) * 2013-03-06 2016-10-18 Amazon Technologies, Inc. Defenses against use of tainted cache
US9405915B2 (en) * 2013-03-14 2016-08-02 Whitehat Security, Inc. Techniques for correlating vulnerabilities across an evolving codebase
US9569334B2 (en) * 2013-03-14 2017-02-14 Whitehat Security, Inc. Techniques for traversing representations of source code
US9178908B2 (en) * 2013-03-15 2015-11-03 Shape Security, Inc. Protecting against the introduction of alien content
US10630714B2 (en) * 2013-05-29 2020-04-21 Lucent Sky Corporation Method, system, and computer program product for automatically mitigating vulnerabilities in source code
US9158922B2 (en) * 2013-05-29 2015-10-13 Lucent Sky Corporation Method, system, and computer-readable medium for automatically mitigating vulnerabilities in source code
CN105164690A (zh) * 2013-07-12 2015-12-16 惠普发展公司,有限责任合伙企业 分析目标软件的安全漏洞
WO2015011827A1 (ja) * 2013-07-26 2015-01-29 富士通株式会社 情報処理装置、フィルタリングシステム、フィルタリング方法、及びフィルタリングプログラム
US10129284B2 (en) * 2013-09-25 2018-11-13 Veracode, Inc. System and method for automated configuration of application firewalls
GB2519159A (en) * 2013-10-14 2015-04-15 Ibm Security testing of web applications with specialised payloads
US9152796B2 (en) * 2013-10-30 2015-10-06 Salesforce.Com, Inc. Dynamic analysis interpreter modification for application dataflow
US20150121532A1 (en) * 2013-10-31 2015-04-30 Comsec Consulting Ltd Systems and methods for defending against cyber attacks at the software level
US20150156209A1 (en) * 2013-12-04 2015-06-04 Karen Heart Process Using Universal Sanitization to Prevent Injection Attacks
US9356955B2 (en) * 2014-03-15 2016-05-31 Kenneth F. Belva Methods for determining cross-site scripting and related vulnerabilities in applications
US9485268B2 (en) * 2014-04-04 2016-11-01 International Business Machines Corporation System, method and apparatus to visually configure an analysis of a program
US9454659B1 (en) * 2014-08-15 2016-09-27 Securisea, Inc. Software vulnerabilities detection system and methods
US9824214B2 (en) * 2014-08-15 2017-11-21 Securisea, Inc. High performance software vulnerabilities detection system and methods
US9805203B2 (en) * 2015-04-21 2017-10-31 Sap Se Cooperative static and dynamic analysis of web application code for finding security vulnerabilities

Also Published As

Publication number Publication date
DK3130123T3 (da) 2021-10-04
EP3130123B1 (en) 2021-07-07
US10581905B2 (en) 2020-03-03
ES2892849T3 (es) 2022-02-07
WO2015155028A1 (en) 2015-10-15
US20170041340A1 (en) 2017-02-09
EP3130123A1 (en) 2017-02-15

Similar Documents

Publication Publication Date Title
HK1231471A1 (zh) -雜芳氧基-和 芳氧基-喹啉- -甲酰胺及其用途
SG11201609265RA (en) Characterizing states of subject
IL240153B (en) Line of block detection
GB2537553B (en) Proximity detection
IL251988A0 (en) Compounds acting on glycans and methods of using them
PL3152226T3 (pl) Modyfikowane cyklopentapeptydy i ich zastosowania
HUE050761T2 (hu) Vegyületek és alkalmazási eljárások
SI3845221T1 (sl) Trdne oblike sofosbuvirja
IL246979A0 (en) Crystalline forms of sofosbuvir
IL247919A0 (en) A device for detecting disease states and its applications
GB201417384D0 (en) Detection of polymyxins
SG11201610430QA (en) Growth-independent detection of cells
GB201411568D0 (en) Detection
GB201402316D0 (en) Provision of predetermined fluid
PT3130123T (pt) Deteção de manipulação de aplicações
GB2544217B (en) Chlorination of sucrose-6-esters
GB201406694D0 (en) Detection of microscopic objects
GB201403697D0 (en) Compounds and methods of use
IL249332A0 (en) Crystalline forms of sofosbuvir
GB2531867B (en) Multiplication of three numbers
GB201514623D0 (en) Detection of microorganisms
GB201414267D0 (en) Chlorination of sucrose-6-esters
GB201418230D0 (en) Construction of surfaces
GB201412124D0 (en) Rapid detection of medical conditions
GB201501010D0 (en) An item of wootwear