WO2020204847A1 - A system for security of websites - Google Patents

A system for security of websites Download PDF

Info

Publication number
WO2020204847A1
WO2020204847A1 PCT/TR2019/050220 TR2019050220W WO2020204847A1 WO 2020204847 A1 WO2020204847 A1 WO 2020204847A1 TR 2019050220 W TR2019050220 W TR 2019050220W WO 2020204847 A1 WO2020204847 A1 WO 2020204847A1
Authority
WO
WIPO (PCT)
Prior art keywords
security
website
security system
user
short text
Prior art date
Application number
PCT/TR2019/050220
Other languages
French (fr)
Inventor
Fikri ACIMIŞ
Original Assignee
Cosmoscell Bi̇li̇şi̇m Ve Telekomüni̇kasyon Ti̇caret Li̇mi̇ted Şi̇rketi̇
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cosmoscell Bi̇li̇şi̇m Ve Telekomüni̇kasyon Ti̇caret Li̇mi̇ted Şi̇rketi̇ filed Critical Cosmoscell Bi̇li̇şi̇m Ve Telekomüni̇kasyon Ti̇caret Li̇mi̇ted Şi̇rketi̇
Priority to PCT/TR2019/050220 priority Critical patent/WO2020204847A1/en
Publication of WO2020204847A1 publication Critical patent/WO2020204847A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action

Definitions

  • the invention is about a security system developed for the purpose of assuring security of website owners, websites and assuring notifications are delivered to them.
  • WWW World Wide Web
  • a website and pages on web are collections of documents that are composed of all pages offering information or service to the visitor in text, visual and animation formats.
  • a website functions as a visual presentation to the visitor by assuring access to and display of necessary files.
  • websites offer display of items over a special IP address although it is not being used very often, currently.
  • a website can be static or dynamic.
  • a static website is a site that is monotone or updated seldom. The contents are not changed frequently. Generally, these are sites that will not have any changes in a long period of time. Contribution of visitors or members is next to nothing. The site is entirely organized by the person setting up the site. Visitors are able to view on their browsers any visual document that is GIF, JPEG and PNG formats by using visual graphic editors such as Photoshop and FIREWORKS and using layouts. Static webpage/webpages offers information or visual presentation in the most recent format of configuration without any updates unless they are changed by the person setting up the pages.
  • a dynamic website can be set up in a matter customized for each user or each visit.
  • Each user around the world can have access to a content different from other users when s/he logins to a site with her/his username.
  • This different content can be colors, theme, music of the websites and authority levels on the website etc.
  • dynamic sites are the popular sites.
  • There are different languages used all around the world for creating this dynamism. These software languages which allow these pages to be dynamic and to be updated continuously by the producer or visitor are improved by means of innovations introduced by developers of producer and software languages.
  • ASP. Net and ASP developed by Microsoft Company are accepted and used by a certain segment, another scripting and programing language known as PHP and maybe used most commonly is also preferred frequently.
  • Real time data flow languages such as JavaScript, Jquery, Flash and Silverlight, which assist these software languages used for dynamic contents on the pages and which even enable using all pages in a dynamic format, can also be used.
  • Web 2.0 emerged at the beginning of 2008. This concept refers to the new generation website. Although speed and coding do not change that much, these sites are set up with combinations such as color coordination, more sophisticated transitions, round corners and use of contrast colors together.
  • Security level of a website depends on files and codes uploaded to the servers where the site is registered and runs. However, there are a number of measures to be taken by the website owner for security. Several PHP applications might create files that are not common at the stage of installation. It is vital to monitor these files which are created on the server and seem to be suspicious. It is possible to eliminate the security vulnerabilities on the former CMS (content management system) by upgrading to the web application use to new versions. It is observed that hacker attacks targeting particularly word press and joomla websites frequently take advantage of software used but not updated. Account passwords with enabled remember me options can be stolen on FTP client by using cookies. Thus, users should manually type in the passwords each time rather than activating this feature.
  • the current invention is about a system that meets the requirements mentioned above, eliminates all disadvantages and introduces some additional advantages as well as offering notifications and assuring website security.
  • the purpose of this invention is to notify the website admin in case of incidents such as attacks on the website and searching for site vulnerabilities and to allow the website admin to take necessary measures immediately thanks to the security system designed.
  • the purpose of the invention is to immediately inform the website admin about incidents causing a security risk since the security system designed can send short text messages in case of such incidents.
  • Another purpose of the invention is to assure more effective protection since the security system informs the page under attach and the party attacking the page as well as notifying the risky situations.
  • Another purpose of the invention is to assure that the site admin has instant information about the site since the security system notifies about a number of incidents related to the website such as subscribers, payments etc. as well as notifying the risky situations.
  • Another purpose of the invention is to assure easy installation and use on all websites having different contents since the security system designed can be integrated on an existing website through api documentation.
  • the short text message informs the admin about the page under attack, security vulnerability used and IP number of the person attacking the site thanks to the Api and functions used by the security system.
  • API Application Programming Interface
  • IP address Internet Protocol Address
  • IP address Internet Protocol Address
  • Each computer connecting to the internet is assigned with an IP address by the Internet Service Provider and other computers on the internet use this address to have access to this computer. Two different devices having an IP address can communicate with each other through the routers even they are not on the network at the same time.
  • Another feature of the security system described herein is to give notifications about not only incidents risky in terms of security but also about other incidents related to the website.
  • all actions on the user’s website are notified to the user via notifications. For example; new subscribers registering to e-commerce sites offering online shopping service, payments made by subscribers, orders received and all other actions on the site are notified to the user in short text message format.
  • the user can customize the contents of notifications described herein and sent as short text message and select the incidents to be notified.
  • the first requirement for installation of the security system described herein is integration of the system to the user’s site.
  • the integration process is done on the security system with API documentation.
  • the security system mentioned herein can be easily integrated on panels in PHP language.
  • PHP language is a server-sided and general purpose scripting and programming language that is designed for the internet as well as offering a wide range of use options and being embedded in HTML. Using in other languages requires transformation into the programming language to be used.
  • the security system shall be operational after integration.
  • the security system mentioned herein has three notification systems; short text message, voice message and e-mail. These notifications are provided to the user simultaneously.
  • This API system provided does not cause any security vulnerability but solely filters the data received and notifies about the harmful data. This enables eliminating the security risks that impact the user.
  • the API designed for Security Notification System is delivered to the user.
  • This API can be integrated into website directory or the entire software on website or pages also connected to the website’s database.
  • the data sent after installing the security system enters into the filter system developed and the filter system sorts out the data received. If the sorted data successfully passes through the filter system, data is deleted on API; if any pirated or malicious software is detected, detailed notifications are sent to the website admin simultaneously through three different channels; short text message, voice message and e- mail. There will be no connection to the user’s database while integrating the security system mentioned herein on the website and thus there will be no access to the information. Thus, persons using this software are not exposed to any risk.
  • the notifications sent by the security system are sent to the user as electronic mail rather than in short text message format. Users not preferring to use a mobile phone can monitor the notifications and list of actions on the website on a computer by logging onto their electronic mail account.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

This invention relates to a security system designed to assure that website owner can ensure security of their sites and receive notifications. The security system described herein notifies the website admin via short text message (SMS) in case of any attack on the website or any attempt of attack.

Description

A SYSTEM FOR SECURITY OF WEBSITES
Technical Field
The invention is about a security system developed for the purpose of assuring security of website owners, websites and assuring notifications are delivered to them.
State of the Art
World Wide Web (briefly referred as WWW or Web) is an information system composed of hyper-text documents available on the Internet and connected to each other. Each of these documents are called a Webpage, and computer programs installed on the Internet user’s computer and known as Web browser are used to have access to these Webpages. A website and pages on web are collections of documents that are composed of all pages offering information or service to the visitor in text, visual and animation formats. A website functions as a visual presentation to the visitor by assuring access to and display of necessary files. Besides, websites offer display of items over a special IP address although it is not being used very often, currently.
A website can be static or dynamic. A static website is a site that is monotone or updated seldom. The contents are not changed frequently. Generally, these are sites that will not have any changes in a long period of time. Contribution of visitors or members is next to nothing. The site is entirely organized by the person setting up the site. Visitors are able to view on their browsers any visual document that is GIF, JPEG and PNG formats by using visual graphic editors such as Photoshop and FIREWORKS and using layouts. Static webpage/webpages offers information or visual presentation in the most recent format of configuration without any updates unless they are changed by the person setting up the pages. A dynamic website can be set up in a matter customized for each user or each visit. Each user around the world can have access to a content different from other users when s/he logins to a site with her/his username. This different content can be colors, theme, music of the websites and authority levels on the website etc. In today’s world of internet, dynamic sites are the popular sites. There are different languages used all around the world for creating this dynamism. These software languages which allow these pages to be dynamic and to be updated continuously by the producer or visitor are improved by means of innovations introduced by developers of producer and software languages. Although ASP. Net and ASP developed by Microsoft Company are accepted and used by a certain segment, another scripting and programing language known as PHP and maybe used most commonly is also preferred frequently. Real time data flow languages such as JavaScript, Jquery, Flash and Silverlight, which assist these software languages used for dynamic contents on the pages and which even enable using all pages in a dynamic format, can also be used. A concept known as Web 2.0 emerged at the beginning of 2008. This concept refers to the new generation website. Although speed and coding do not change that much, these sites are set up with combinations such as color coordination, more sophisticated transitions, round corners and use of contrast colors together.
Security level of a website depends on files and codes uploaded to the servers where the site is registered and runs. However, there are a number of measures to be taken by the website owner for security. Several PHP applications might create files that are not common at the stage of installation. It is vital to monitor these files which are created on the server and seem to be suspicious. It is possible to eliminate the security vulnerabilities on the former CMS (content management system) by upgrading to the web application use to new versions. It is observed that hacker attacks targeting particularly word press and joomla websites frequently take advantage of software used but not updated. Account passwords with enabled remember me options can be stolen on FTP client by using cookies. Thus, users should manually type in the passwords each time rather than activating this feature. Hosting password on cPanel and, if a site with an admin panel such as joomla and wordpress is used, admin panel password should be changed with a complicated password. Database user password should be also changed with a difficult password. As a matter of fact, a simple database password and username obtained can be first used to connect to mysql database and then to upload to FTP directory by changing the admin panel password. Each database and web application uploaded to an account is a possible access point for hackers. It is possible to minimize the risk by removing the software which is not used for a long period of time thus is outdated and causes a potential threat. Disabling file upload option on the browser will be a significant security measure. One of the most significant security vulnerabilities in terms of internet site security is access to a website from an unsecure computer. Viruses, malware and keyloggers can cause a threat by secretly infecting the website files in the computer. The most practical method is to regularly scan any personal computer by using a reliable virus program.
In conclusion, the need for a website security system that eliminates disadvantages on the existing technology and insufficiency of the current solutions require improving the related technical area. Object of the Invention
The current invention is about a system that meets the requirements mentioned above, eliminates all disadvantages and introduces some additional advantages as well as offering notifications and assuring website security.
Based on the state of art, the purpose of this invention is to notify the website admin in case of incidents such as attacks on the website and searching for site vulnerabilities and to allow the website admin to take necessary measures immediately thanks to the security system designed.
The purpose of the invention is to immediately inform the website admin about incidents causing a security risk since the security system designed can send short text messages in case of such incidents.
Another purpose of the invention is to assure more effective protection since the security system informs the page under attach and the party attacking the page as well as notifying the risky situations.
Another purpose of the invention is to assure that the site admin has instant information about the site since the security system notifies about a number of incidents related to the website such as subscribers, payments etc. as well as notifying the risky situations.
Another purpose of the invention is to assure easy installation and use on all websites having different contents since the security system designed can be integrated on an existing website through api documentation.
Structural and characteristic features of the invention and all its advantages can be clearly understood from the detailed description given below and thus the assessment should be made by taking into consideration these detailed explanations.
Detailed Description of the Invention
This detailed description explains the subject matter of invention, which is the security system designed to enable website owners to assure site security and receive notifications, and this explanation is only provided as an example for clarifying the subject matter without restricting it in any way. Today, almost all of the websites come up against with attacks and site vulnerability searches. Failing to take immediate action on websites can lead to incidents such as theft and fraud. The security system mentioned herein is designed to prevent such incidents that put the site owners on spot. The security system mentioned herein notifies the website admin with a short text message (SMS) in case of any attack on the website or any attempted attack on the website.
The short text message informs the admin about the page under attack, security vulnerability used and IP number of the person attacking the site thanks to the Api and functions used by the security system. API (Application Programming Interface) is an interface offered by the application sharing its capabilities for the purpose of making available its capabilities to another application. IP address (Internet Protocol Address) is the address used by devices connected to other packet switching networks using internet or TCP/IP protocol for exchanging data with each other over the network. Each computer connecting to the internet is assigned with an IP address by the Internet Service Provider and other computers on the internet use this address to have access to this computer. Two different devices having an IP address can communicate with each other through the routers even they are not on the network at the same time.
Another feature of the security system described herein is to give notifications about not only incidents risky in terms of security but also about other incidents related to the website. After integrating and starting to use the security system described herein, all actions on the user’s website are notified to the user via notifications. For example; new subscribers registering to e-commerce sites offering online shopping service, payments made by subscribers, orders received and all other actions on the site are notified to the user in short text message format. On the other hand, the user can customize the contents of notifications described herein and sent as short text message and select the incidents to be notified.
The first requirement for installation of the security system described herein is integration of the system to the user’s site. The integration process is done on the security system with API documentation. The security system mentioned herein can be easily integrated on panels in PHP language. PHP language is a server-sided and general purpose scripting and programming language that is designed for the internet as well as offering a wide range of use options and being embedded in HTML. Using in other languages requires transformation into the programming language to be used. The security system shall be operational after integration. The security system mentioned herein has three notification systems; short text message, voice message and e-mail. These notifications are provided to the user simultaneously. This API system provided does not cause any security vulnerability but solely filters the data received and notifies about the harmful data. This enables eliminating the security risks that impact the user. The API designed for Security Notification System is delivered to the user. This API can be integrated into website directory or the entire software on website or pages also connected to the website’s database. The data sent after installing the security system enters into the filter system developed and the filter system sorts out the data received. If the sorted data successfully passes through the filter system, data is deleted on API; if any pirated or malicious software is detected, detailed notifications are sent to the website admin simultaneously through three different channels; short text message, voice message and e- mail. There will be no connection to the user’s database while integrating the security system mentioned herein on the website and thus there will be no access to the information. Thus, persons using this software are not exposed to any risk.
In a preferred application of the invention, the notifications sent by the security system are sent to the user as electronic mail rather than in short text message format. Users not preferring to use a mobile phone can monitor the notifications and list of actions on the website on a computer by logging onto their electronic mail account.
The protection scope of this application is specified on the claims section and the example provided above does not restrict the generality of those in any way. It is clear that a person specialized in this technique can execute the innovation explained herein by also using similar structures and / or apply this structure on other areas with similar purposes used in the technique. Thus, it is clear that such structures will lack the criteria of innovation and exceeding the limits of the state of art, particularly if we take into consideration existence of our application.

Claims

1. A security system designed to assure that website owners ensure security of their sites and receive notifications, characterized in that, it includes the following process steps:
Integration with existing website through API documentation,
- Sending instant notifications to the user in case of risks situations such as attack on the website or search for security vulnerabilities on the site,
- Notification sent to the user for activities such as subscription and payment on the website.
2. A security system according to Claim 1 and it is characterized with offering process step of instantly notifying the user via short text message in case of risky incidents such as attack on site and search for security vulnerabilities.
3. A security system according to Claim 1 and it is characterized with offering process step of instantly notifying the user about the page under attack, security vulnerability searched and IP number of the attacker via the short text message mentioned above.
4. A security system according to Claim 1 and the security system described herein is characterized with its triple notification system; namely short text message, voice message and e-mail.
5. A security system according to Claim 1 and the security system described herein is characterized with a filter system designed to receive data after installation of the system and process step of sorting out data on the filter system after such data enters into the filter system.
6. A security system according to Claim 1 and it is characterized with the process step of deleting the sorted data on API after successfully passing through the filter system and notifying the website admin in detail and simultaneously using three different channels, namely short text message, voice message and e-mail if pirated or malicious software is detected.
PCT/TR2019/050220 2019-04-04 2019-04-04 A system for security of websites WO2020204847A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/TR2019/050220 WO2020204847A1 (en) 2019-04-04 2019-04-04 A system for security of websites

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/TR2019/050220 WO2020204847A1 (en) 2019-04-04 2019-04-04 A system for security of websites

Publications (1)

Publication Number Publication Date
WO2020204847A1 true WO2020204847A1 (en) 2020-10-08

Family

ID=72667254

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/TR2019/050220 WO2020204847A1 (en) 2019-04-04 2019-04-04 A system for security of websites

Country Status (1)

Country Link
WO (1) WO2020204847A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160127408A1 (en) * 2014-10-31 2016-05-05 NxLabs Limited Determining vulnerability of a website to security threats
CN107800670A (en) * 2016-09-05 2018-03-13 百度在线网络技术(北京)有限公司 Method and apparatus for early warning web portal security

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160127408A1 (en) * 2014-10-31 2016-05-05 NxLabs Limited Determining vulnerability of a website to security threats
CN107800670A (en) * 2016-09-05 2018-03-13 百度在线网络技术(北京)有限公司 Method and apparatus for early warning web portal security

Similar Documents

Publication Publication Date Title
Alabdan Phishing attacks survey: Types, vectors, and technical approaches
Chiew et al. A survey of phishing attacks: Their types, vectors and technical approaches
US10164988B2 (en) External link processing
US10460002B2 (en) Identifying webpages accessible by unauthorized users via URL guessing or network sniffing
US11838320B2 (en) Proxy server and navigation code injection to prevent malicious messaging attacks
Soni et al. A phishing analysis of web based systems
US11044228B2 (en) Computer security system and method based on user-intended final destination
US20090216795A1 (en) System and method for detecting and blocking phishing attacks
Hassan et al. Digital Privacy and Security Using Windows: A Practical Guide
US10474810B2 (en) Controlling access to web resources
US20210234832A1 (en) Computer Security System and Method Based on User-Intended Final Destination
Yaworski Real-world bug hunting: a field guide to web hacking
WO2020204847A1 (en) A system for security of websites
Harshavardan et al. Secure practices to prevent cyber attacks in e-commerce sites
WO2019089418A1 (en) Computer security system and method based on user-intended final destination
JP2020135693A (en) Transmission control method, transmission program, and terminal
PÎRNĂU General Aspects of Some Causes of Web Application Vulnerabilities
Aryaman et al. Detecting and predicting countermeasures against clickjacking
Dhurandhar et al. Hybrid Method on Clickjacking Detection and Prevention in Modern Advertisements
Malik et al. 21. SECURITY FEATURES ON THE INTERNET
Chouhan All You Need to Know about Spear Phishing
Hon Webpages, HTTP, cookies and related issues
Vispute Threats and Defense for Social Networking in Current Era–An Eye Opener
Zhenfang Analysis of Information Security in Social Network Sites and their Solutions
Kan Mr. Alan Lam Mr. Bernard Kan Mr. SC Leung

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19922559

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19922559

Country of ref document: EP

Kind code of ref document: A1