WO2020204847A1 - A system for security of websites - Google Patents
A system for security of websites Download PDFInfo
- Publication number
- WO2020204847A1 WO2020204847A1 PCT/TR2019/050220 TR2019050220W WO2020204847A1 WO 2020204847 A1 WO2020204847 A1 WO 2020204847A1 TR 2019050220 W TR2019050220 W TR 2019050220W WO 2020204847 A1 WO2020204847 A1 WO 2020204847A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- security
- website
- security system
- user
- short text
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
Definitions
- the invention is about a security system developed for the purpose of assuring security of website owners, websites and assuring notifications are delivered to them.
- WWW World Wide Web
- a website and pages on web are collections of documents that are composed of all pages offering information or service to the visitor in text, visual and animation formats.
- a website functions as a visual presentation to the visitor by assuring access to and display of necessary files.
- websites offer display of items over a special IP address although it is not being used very often, currently.
- a website can be static or dynamic.
- a static website is a site that is monotone or updated seldom. The contents are not changed frequently. Generally, these are sites that will not have any changes in a long period of time. Contribution of visitors or members is next to nothing. The site is entirely organized by the person setting up the site. Visitors are able to view on their browsers any visual document that is GIF, JPEG and PNG formats by using visual graphic editors such as Photoshop and FIREWORKS and using layouts. Static webpage/webpages offers information or visual presentation in the most recent format of configuration without any updates unless they are changed by the person setting up the pages.
- a dynamic website can be set up in a matter customized for each user or each visit.
- Each user around the world can have access to a content different from other users when s/he logins to a site with her/his username.
- This different content can be colors, theme, music of the websites and authority levels on the website etc.
- dynamic sites are the popular sites.
- There are different languages used all around the world for creating this dynamism. These software languages which allow these pages to be dynamic and to be updated continuously by the producer or visitor are improved by means of innovations introduced by developers of producer and software languages.
- ASP. Net and ASP developed by Microsoft Company are accepted and used by a certain segment, another scripting and programing language known as PHP and maybe used most commonly is also preferred frequently.
- Real time data flow languages such as JavaScript, Jquery, Flash and Silverlight, which assist these software languages used for dynamic contents on the pages and which even enable using all pages in a dynamic format, can also be used.
- Web 2.0 emerged at the beginning of 2008. This concept refers to the new generation website. Although speed and coding do not change that much, these sites are set up with combinations such as color coordination, more sophisticated transitions, round corners and use of contrast colors together.
- Security level of a website depends on files and codes uploaded to the servers where the site is registered and runs. However, there are a number of measures to be taken by the website owner for security. Several PHP applications might create files that are not common at the stage of installation. It is vital to monitor these files which are created on the server and seem to be suspicious. It is possible to eliminate the security vulnerabilities on the former CMS (content management system) by upgrading to the web application use to new versions. It is observed that hacker attacks targeting particularly word press and joomla websites frequently take advantage of software used but not updated. Account passwords with enabled remember me options can be stolen on FTP client by using cookies. Thus, users should manually type in the passwords each time rather than activating this feature.
- the current invention is about a system that meets the requirements mentioned above, eliminates all disadvantages and introduces some additional advantages as well as offering notifications and assuring website security.
- the purpose of this invention is to notify the website admin in case of incidents such as attacks on the website and searching for site vulnerabilities and to allow the website admin to take necessary measures immediately thanks to the security system designed.
- the purpose of the invention is to immediately inform the website admin about incidents causing a security risk since the security system designed can send short text messages in case of such incidents.
- Another purpose of the invention is to assure more effective protection since the security system informs the page under attach and the party attacking the page as well as notifying the risky situations.
- Another purpose of the invention is to assure that the site admin has instant information about the site since the security system notifies about a number of incidents related to the website such as subscribers, payments etc. as well as notifying the risky situations.
- Another purpose of the invention is to assure easy installation and use on all websites having different contents since the security system designed can be integrated on an existing website through api documentation.
- the short text message informs the admin about the page under attack, security vulnerability used and IP number of the person attacking the site thanks to the Api and functions used by the security system.
- API Application Programming Interface
- IP address Internet Protocol Address
- IP address Internet Protocol Address
- Each computer connecting to the internet is assigned with an IP address by the Internet Service Provider and other computers on the internet use this address to have access to this computer. Two different devices having an IP address can communicate with each other through the routers even they are not on the network at the same time.
- Another feature of the security system described herein is to give notifications about not only incidents risky in terms of security but also about other incidents related to the website.
- all actions on the user’s website are notified to the user via notifications. For example; new subscribers registering to e-commerce sites offering online shopping service, payments made by subscribers, orders received and all other actions on the site are notified to the user in short text message format.
- the user can customize the contents of notifications described herein and sent as short text message and select the incidents to be notified.
- the first requirement for installation of the security system described herein is integration of the system to the user’s site.
- the integration process is done on the security system with API documentation.
- the security system mentioned herein can be easily integrated on panels in PHP language.
- PHP language is a server-sided and general purpose scripting and programming language that is designed for the internet as well as offering a wide range of use options and being embedded in HTML. Using in other languages requires transformation into the programming language to be used.
- the security system shall be operational after integration.
- the security system mentioned herein has three notification systems; short text message, voice message and e-mail. These notifications are provided to the user simultaneously.
- This API system provided does not cause any security vulnerability but solely filters the data received and notifies about the harmful data. This enables eliminating the security risks that impact the user.
- the API designed for Security Notification System is delivered to the user.
- This API can be integrated into website directory or the entire software on website or pages also connected to the website’s database.
- the data sent after installing the security system enters into the filter system developed and the filter system sorts out the data received. If the sorted data successfully passes through the filter system, data is deleted on API; if any pirated or malicious software is detected, detailed notifications are sent to the website admin simultaneously through three different channels; short text message, voice message and e- mail. There will be no connection to the user’s database while integrating the security system mentioned herein on the website and thus there will be no access to the information. Thus, persons using this software are not exposed to any risk.
- the notifications sent by the security system are sent to the user as electronic mail rather than in short text message format. Users not preferring to use a mobile phone can monitor the notifications and list of actions on the website on a computer by logging onto their electronic mail account.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Transfer Between Computers (AREA)
Abstract
This invention relates to a security system designed to assure that website owner can ensure security of their sites and receive notifications. The security system described herein notifies the website admin via short text message (SMS) in case of any attack on the website or any attempt of attack.
Description
A SYSTEM FOR SECURITY OF WEBSITES
Technical Field
The invention is about a security system developed for the purpose of assuring security of website owners, websites and assuring notifications are delivered to them.
State of the Art
World Wide Web (briefly referred as WWW or Web) is an information system composed of hyper-text documents available on the Internet and connected to each other. Each of these documents are called a Webpage, and computer programs installed on the Internet user’s computer and known as Web browser are used to have access to these Webpages. A website and pages on web are collections of documents that are composed of all pages offering information or service to the visitor in text, visual and animation formats. A website functions as a visual presentation to the visitor by assuring access to and display of necessary files. Besides, websites offer display of items over a special IP address although it is not being used very often, currently.
A website can be static or dynamic. A static website is a site that is monotone or updated seldom. The contents are not changed frequently. Generally, these are sites that will not have any changes in a long period of time. Contribution of visitors or members is next to nothing. The site is entirely organized by the person setting up the site. Visitors are able to view on their browsers any visual document that is GIF, JPEG and PNG formats by using visual graphic editors such as Photoshop and FIREWORKS and using layouts. Static webpage/webpages offers information or visual presentation in the most recent format of configuration without any updates unless they are changed by the person setting up the pages. A dynamic website can be set up in a matter customized for each user or each visit. Each user around the world can have access to a content different from other users when s/he logins to a site with her/his username. This different content can be colors, theme, music of the websites and authority levels on the website etc. In today’s world of internet, dynamic sites are the popular sites. There are different languages used all around the world for creating this dynamism. These software languages which allow these pages to be dynamic and to be updated continuously by the producer or visitor are improved by means of innovations introduced by developers of producer and software languages. Although ASP. Net and ASP developed by Microsoft Company are accepted and used by a certain segment, another scripting and programing language known as PHP and maybe used most commonly is also preferred frequently. Real time data flow languages such as JavaScript,
Jquery, Flash and Silverlight, which assist these software languages used for dynamic contents on the pages and which even enable using all pages in a dynamic format, can also be used. A concept known as Web 2.0 emerged at the beginning of 2008. This concept refers to the new generation website. Although speed and coding do not change that much, these sites are set up with combinations such as color coordination, more sophisticated transitions, round corners and use of contrast colors together.
Security level of a website depends on files and codes uploaded to the servers where the site is registered and runs. However, there are a number of measures to be taken by the website owner for security. Several PHP applications might create files that are not common at the stage of installation. It is vital to monitor these files which are created on the server and seem to be suspicious. It is possible to eliminate the security vulnerabilities on the former CMS (content management system) by upgrading to the web application use to new versions. It is observed that hacker attacks targeting particularly word press and joomla websites frequently take advantage of software used but not updated. Account passwords with enabled remember me options can be stolen on FTP client by using cookies. Thus, users should manually type in the passwords each time rather than activating this feature. Hosting password on cPanel and, if a site with an admin panel such as joomla and wordpress is used, admin panel password should be changed with a complicated password. Database user password should be also changed with a difficult password. As a matter of fact, a simple database password and username obtained can be first used to connect to mysql database and then to upload to FTP directory by changing the admin panel password. Each database and web application uploaded to an account is a possible access point for hackers. It is possible to minimize the risk by removing the software which is not used for a long period of time thus is outdated and causes a potential threat. Disabling file upload option on the browser will be a significant security measure. One of the most significant security vulnerabilities in terms of internet site security is access to a website from an unsecure computer. Viruses, malware and keyloggers can cause a threat by secretly infecting the website files in the computer. The most practical method is to regularly scan any personal computer by using a reliable virus program.
In conclusion, the need for a website security system that eliminates disadvantages on the existing technology and insufficiency of the current solutions require improving the related technical area.
Object of the Invention
The current invention is about a system that meets the requirements mentioned above, eliminates all disadvantages and introduces some additional advantages as well as offering notifications and assuring website security.
Based on the state of art, the purpose of this invention is to notify the website admin in case of incidents such as attacks on the website and searching for site vulnerabilities and to allow the website admin to take necessary measures immediately thanks to the security system designed.
The purpose of the invention is to immediately inform the website admin about incidents causing a security risk since the security system designed can send short text messages in case of such incidents.
Another purpose of the invention is to assure more effective protection since the security system informs the page under attach and the party attacking the page as well as notifying the risky situations.
Another purpose of the invention is to assure that the site admin has instant information about the site since the security system notifies about a number of incidents related to the website such as subscribers, payments etc. as well as notifying the risky situations.
Another purpose of the invention is to assure easy installation and use on all websites having different contents since the security system designed can be integrated on an existing website through api documentation.
Structural and characteristic features of the invention and all its advantages can be clearly understood from the detailed description given below and thus the assessment should be made by taking into consideration these detailed explanations.
Detailed Description of the Invention
This detailed description explains the subject matter of invention, which is the security system designed to enable website owners to assure site security and receive notifications, and this explanation is only provided as an example for clarifying the subject matter without restricting it in any way.
Today, almost all of the websites come up against with attacks and site vulnerability searches. Failing to take immediate action on websites can lead to incidents such as theft and fraud. The security system mentioned herein is designed to prevent such incidents that put the site owners on spot. The security system mentioned herein notifies the website admin with a short text message (SMS) in case of any attack on the website or any attempted attack on the website.
The short text message informs the admin about the page under attack, security vulnerability used and IP number of the person attacking the site thanks to the Api and functions used by the security system. API (Application Programming Interface) is an interface offered by the application sharing its capabilities for the purpose of making available its capabilities to another application. IP address (Internet Protocol Address) is the address used by devices connected to other packet switching networks using internet or TCP/IP protocol for exchanging data with each other over the network. Each computer connecting to the internet is assigned with an IP address by the Internet Service Provider and other computers on the internet use this address to have access to this computer. Two different devices having an IP address can communicate with each other through the routers even they are not on the network at the same time.
Another feature of the security system described herein is to give notifications about not only incidents risky in terms of security but also about other incidents related to the website. After integrating and starting to use the security system described herein, all actions on the user’s website are notified to the user via notifications. For example; new subscribers registering to e-commerce sites offering online shopping service, payments made by subscribers, orders received and all other actions on the site are notified to the user in short text message format. On the other hand, the user can customize the contents of notifications described herein and sent as short text message and select the incidents to be notified.
The first requirement for installation of the security system described herein is integration of the system to the user’s site. The integration process is done on the security system with API documentation. The security system mentioned herein can be easily integrated on panels in PHP language. PHP language is a server-sided and general purpose scripting and programming language that is designed for the internet as well as offering a wide range of use options and being embedded in HTML. Using in other languages requires transformation into the programming language to be used. The security system shall be operational after integration.
The security system mentioned herein has three notification systems; short text message, voice message and e-mail. These notifications are provided to the user simultaneously. This API system provided does not cause any security vulnerability but solely filters the data received and notifies about the harmful data. This enables eliminating the security risks that impact the user. The API designed for Security Notification System is delivered to the user. This API can be integrated into website directory or the entire software on website or pages also connected to the website’s database. The data sent after installing the security system enters into the filter system developed and the filter system sorts out the data received. If the sorted data successfully passes through the filter system, data is deleted on API; if any pirated or malicious software is detected, detailed notifications are sent to the website admin simultaneously through three different channels; short text message, voice message and e- mail. There will be no connection to the user’s database while integrating the security system mentioned herein on the website and thus there will be no access to the information. Thus, persons using this software are not exposed to any risk.
In a preferred application of the invention, the notifications sent by the security system are sent to the user as electronic mail rather than in short text message format. Users not preferring to use a mobile phone can monitor the notifications and list of actions on the website on a computer by logging onto their electronic mail account.
The protection scope of this application is specified on the claims section and the example provided above does not restrict the generality of those in any way. It is clear that a person specialized in this technique can execute the innovation explained herein by also using similar structures and / or apply this structure on other areas with similar purposes used in the technique. Thus, it is clear that such structures will lack the criteria of innovation and exceeding the limits of the state of art, particularly if we take into consideration existence of our application.
Claims
1. A security system designed to assure that website owners ensure security of their sites and receive notifications, characterized in that, it includes the following process steps:
Integration with existing website through API documentation,
- Sending instant notifications to the user in case of risks situations such as attack on the website or search for security vulnerabilities on the site,
- Notification sent to the user for activities such as subscription and payment on the website.
2. A security system according to Claim 1 and it is characterized with offering process step of instantly notifying the user via short text message in case of risky incidents such as attack on site and search for security vulnerabilities.
3. A security system according to Claim 1 and it is characterized with offering process step of instantly notifying the user about the page under attack, security vulnerability searched and IP number of the attacker via the short text message mentioned above.
4. A security system according to Claim 1 and the security system described herein is characterized with its triple notification system; namely short text message, voice message and e-mail.
5. A security system according to Claim 1 and the security system described herein is characterized with a filter system designed to receive data after installation of the system and process step of sorting out data on the filter system after such data enters into the filter system.
6. A security system according to Claim 1 and it is characterized with the process step of deleting the sorted data on API after successfully passing through the filter system and notifying the website admin in detail and simultaneously using three different channels, namely short text message, voice message and e-mail if pirated or malicious software is detected.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/TR2019/050220 WO2020204847A1 (en) | 2019-04-04 | 2019-04-04 | A system for security of websites |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/TR2019/050220 WO2020204847A1 (en) | 2019-04-04 | 2019-04-04 | A system for security of websites |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2020204847A1 true WO2020204847A1 (en) | 2020-10-08 |
Family
ID=72667254
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/TR2019/050220 WO2020204847A1 (en) | 2019-04-04 | 2019-04-04 | A system for security of websites |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2020204847A1 (en) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160127408A1 (en) * | 2014-10-31 | 2016-05-05 | NxLabs Limited | Determining vulnerability of a website to security threats |
CN107800670A (en) * | 2016-09-05 | 2018-03-13 | 百度在线网络技术(北京)有限公司 | Method and apparatus for early warning web portal security |
-
2019
- 2019-04-04 WO PCT/TR2019/050220 patent/WO2020204847A1/en active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160127408A1 (en) * | 2014-10-31 | 2016-05-05 | NxLabs Limited | Determining vulnerability of a website to security threats |
CN107800670A (en) * | 2016-09-05 | 2018-03-13 | 百度在线网络技术(北京)有限公司 | Method and apparatus for early warning web portal security |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Alabdan | Phishing attacks survey: Types, vectors, and technical approaches | |
Chiew et al. | A survey of phishing attacks: Their types, vectors and technical approaches | |
US10164988B2 (en) | External link processing | |
US10460002B2 (en) | Identifying webpages accessible by unauthorized users via URL guessing or network sniffing | |
US11838320B2 (en) | Proxy server and navigation code injection to prevent malicious messaging attacks | |
Soni et al. | A phishing analysis of web based systems | |
US11044228B2 (en) | Computer security system and method based on user-intended final destination | |
US20090216795A1 (en) | System and method for detecting and blocking phishing attacks | |
Hassan et al. | Digital Privacy and Security Using Windows: A Practical Guide | |
US10474810B2 (en) | Controlling access to web resources | |
US20210234832A1 (en) | Computer Security System and Method Based on User-Intended Final Destination | |
Yaworski | Real-world bug hunting: a field guide to web hacking | |
WO2020204847A1 (en) | A system for security of websites | |
Harshavardan et al. | Secure practices to prevent cyber attacks in e-commerce sites | |
WO2019089418A1 (en) | Computer security system and method based on user-intended final destination | |
JP2020135693A (en) | Transmission control method, transmission program, and terminal | |
PÎRNĂU | General Aspects of Some Causes of Web Application Vulnerabilities | |
Aryaman et al. | Detecting and predicting countermeasures against clickjacking | |
Dhurandhar et al. | Hybrid Method on Clickjacking Detection and Prevention in Modern Advertisements | |
Malik et al. | 21. SECURITY FEATURES ON THE INTERNET | |
Chouhan | All You Need to Know about Spear Phishing | |
Hon | Webpages, HTTP, cookies and related issues | |
Vispute | Threats and Defense for Social Networking in Current Era–An Eye Opener | |
Zhenfang | Analysis of Information Security in Social Network Sites and their Solutions | |
Kan | Mr. Alan Lam Mr. Bernard Kan Mr. SC Leung |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 19922559 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 19922559 Country of ref document: EP Kind code of ref document: A1 |