公开(公告)号：JP2010157211A

公开(公告)日：2010-07-15

申请号：JP2009243103

申请日：2009-10-22

Applicant: Internatl Business Mach Corp ,  インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Maschines Corporation

Inventor： CONBOY CRAIG RONALD ,  TURNHAM JEFFREY CHARLES ,  PATEL ASHISH ,  CALENDINO ROBERT ,  PODJARNY GUY

IPC: G06F21/20 ,  G06F11/28

CPC classification number: H04L63/1433 ,  G06F21/577 ,  G06F2221/033 ,  G06F2221/2101

Abstract: PROBLEM TO BE SOLVED: To provide a computer implemented method, a data processing system, and a computer usable recordable-type medium making a computer usable program code monitor a black box web application security scan. SOLUTION: The black box scan of a web application is started. The black box scan sends a test to a plurality of web application inputs of the web application. runtime analysis is performed on the black box scan of the web application. Based on the runtime analysis of the black box scan, the black box scan is corrected. COPYRIGHT: (C)2010,JPO&INPIT

Abstract translation: 要解决的问题：提供计算机实现的方法，数据处理系统和使计算机可用程序代码监视黑盒子web应用程序安全扫描的计算机可用可记录型介质。

解决方案：Web应用程序的黑匣子扫描开始。 黑盒扫描将测试发送到web应用的多个web应用输入。 在Web应用程序的黑匣子扫描中执行运行时分析。 根据黑匣子扫描的运行时分析，黑匣子扫描得到纠正。 版权所有（C）2010，JPO＆INPIT

公开(公告)号：CA2712542C

公开(公告)日：2012-09-11

申请号：CA2712542

申请日：2010-08-25

Applicant: IBM CANADA

Inventor： ONUT IOSIF VIOREL ,  PODJARNY GUY ,  CONBOY CRAIG RONALD EARL ,  ALY HOSAM

IPC: H04L12/26 ,  G06F21/00

Abstract: An illustrative embodiment of a computer-implemented process for two-tier deep analysis of hypertext transport protocol data, monitors Web traffic, receives a packet of Web traffic from a network to form a received packet, wherein the received packet represents Web traffic, and stores the Web traffic temporarily to form stored Web traffic. The computer-implemented process further determines whether the Web traffic is suspicious using a first tier analysis and responsive to a determination that the Web traffic is suspicious, consumes the stored Web traffic using a deep analysis module. The computer-implemented process further determines whether the stored Web traffic is a case of misuse using a second tier analysis and responsive to a determination that the stored Web traffic is a case of misuse, feeding back data about a malicious connection to an intrusion protection system before returning to monitor the Web traffic.

公开(公告)号：CA2694326A1

公开(公告)日：2010-05-18

申请号：CA2694326

申请日：2010-03-10

Applicant: IBM CANADA

Inventor： PODJARNY GUY ,  AMIT YAIR ,  SHARABANI ADI

IPC: H04L9/32 ,  G06F21/00 ,  G06Q20/40

Abstract: A method and system for preventing Cross-Site Request Forgery (CSRF) security attacks on a server in a client-server environment. The method includes embedding a nonce and a script to all responses from the server to the client wherein when executed the script will add the nonce to each request from the client to the server; sending the response with the nonce and the script to the client; and verifying that each said request from the client includes the nonce sent by the server from the server to the client. The script modifies all objects, including dynamically generated objects, in a server response that may generate future requests to the server to add the nonce to the requests. The server verifies the nonce value in a request and confirms the request with the client if the value is not the same as the value previously sent by the server. Server-side aspects of the invention might be embodied in the server or a proxy between the server and the client.

公开(公告)号：DE112011101943T5

公开(公告)日：2013-07-18

申请号：DE112011101943

申请日：2011-06-08

Applicant: IBM

Inventor： PODJARNY GUY ,  SHARABANI ADI

IPC: G06F21/64 ,  G06F21/00

Abstract: Ein Verfahren, um zu verhindern, dass zerstörerischer Code innerhalb einer Skriptsprache einer Web-Anwendung eingebettet wird, auf die durch einen Web-Browser (308) zugegriffen wird, wobei das Verfahren Folgendes umfasst: Überwachen sämtlichen eingehenden Datenverkehrs (310), der durch den Web-Browser erzeugt wird, und ausgehenden Datenverkehrs (326), der durch einen Server (318) erzeugt wird, um einen überwachten Datenverkehr zu bilden; Ermitteln, ob ein eindeutiges Element, das in einer Konfigurationsdatei definiert ist, mit einem Eingabewert des überwachten Datenverkehrs übereinstimmt, um einen übereinstimmenden Eingabewert zu bilden; in Reaktion auf eine Ermittlung, dass das eindeutige Element mit einem Eingabewert des überwachten Datenverkehrs übereinstimmt, Speichern des übereinstimmenden Eingabewertes, wobei ermittelt wird, ob eine Ausgabe den übereinstimmenden Eingabewert an einer erwarteten Position enthält; in Reaktion auf eine Ermittlung, dass die Ausgabe den übereinstimmenden Eingabewert an einer erwarteten Position enthält, Codieren des übereinstimmenden Eingabewertes mithilfe einer jeweiligen Definition aus der Konfigurationsdatei; und Zurückgeben der Ausgabe (330) an den Anforderer.

公开(公告)号：GB2491059A

公开(公告)日：2012-11-21

申请号：GB201214630

申请日：2011-06-08

Applicant: IBM

Inventor： PODJARNY GUY ,  SHARABANI ADI

IPC: H04L29/06

Abstract: A method for preventing malicious code being embedded within a scripting language of a web application accessed by a web browser (308), the method comprising: monitoring all incoming traffic (310), generated by the web browser, and outgoing traffic (326) generated by a server (318) to form monitored traffic; determining whether a unique element, defined in a configuration file, is matched with an input value of the monitored traffic to form a matched input value; responsive to a determination that the unique element is matched with an input value of the monitored traffic, saving the matched input value, determining whether an output contains the matched input value in an expected location; responsive to a determination that the output contains the matched input value in an expected location, encoding the matched input value using a respective definition from the configuration file; and returning the output (330) to the requester.

公开(公告)号：CA2712542A1

公开(公告)日：2010-11-09

申请号：CA2712542

申请日：2010-08-25

Applicant: IBM CANADA

Inventor： ONUT IOSIF VIOREL ,  PODJARNY GUY ,  CONBOY CRAIG RONALD EARL ,  ALY HOSAM

IPC: H04L12/26 ,  G06F21/00

Abstract: An illustrative embodiment of a computer-implemented process for two-tier deep analysis of hypertext transport protocol data, monitors Web traffic, receives a packet of Web traffic from a network to form a received packet, wherein the received packet represents Web traffic, and stores the Web traffic temporarily to form stored Web traffic. The computer-implemented process further determines whether the Web traffic is suspicious using a first tier analysis and responsive to a determination that the Web traffic is suspicious, consumes the stored Web traffic using a deep analysis module. The computer-implemented process further determines whether the stored Web traffic is a case of misuse using a second tier analysis and responsive to a determination that the stored Web traffic is a case of misuse, feeding back data about a malicious connection to an intrusion protection system before returning to monitor the Web traffic.

公开(公告)号：DE112010003979T5

公开(公告)日：2013-04-25

申请号：DE112010003979

申请日：2010-07-30

Applicant: IBM

Inventor： HAY ROEE ,  PODJARNY GUY ,  SHARABANI ADI ,  TRIPP OMER ,  WEISMAN OMRI ,  HAVIV YINNON ,  PISTOIA MARCO ,  TATEISHI TAKAAKI

IPC: G06F9/44

Abstract: Ein System und ein Verfahren zum statischen Erkennen und Kategorisieren von Herabstufungseinrichtung des Informationsflusses enthalten das Transformieren (502) eines Programms, das in einer Speichereinheit gespeichert ist, durch statisches Analysieren von Programmvariablen, um eine einzige Zuweisung zu jeder Variable in einer Befehlsmenge zu erreichen. Die Befehlsmenge wird in Produktionsregeln mit Zeichenfolgenoperationen übersetzt (504). Eine kontextfreie Grammatik wird aus den Produktionsregeln erzeugt (508), um eine endliche Menge von Zeichenfolgen zu erkennen. Eine Funktion der Herabstufungseinrichtung des Informationsflusses wird durch Vergleichen der endlichen Menge von Zeichenfolgen mit einer oder mehreren Funktionsbeschreibungen erkannt (510).

公开(公告)号：GB2491059B

公开(公告)日：2013-01-09

申请号：GB201214630

申请日：2011-06-08

Applicant: IBM

Inventor： PODJARNY GUY ,  SHARABANI ADI

IPC: H04L29/06

Abstract: A method for preventing malicious code being embedded within a scripting language of a web application accessed by a web browser (308), the method comprising: monitoring all incoming traffic (310), generated by the web browser, and outgoing traffic (326) generated by a server (318) to form monitored traffic; determining whether a unique element, defined in a configuration file, is matched with an input value of the monitored traffic to form a matched input value; responsive to a determination that the unique element is matched with an input value of the monitored traffic, saving the matched input value, determining whether an output contains the matched input value in an expected location; responsive to a determination that the output contains the matched input value in an expected location, encoding the matched input value using a respective definition from the configuration file; and returning the output (330) to the requester.

公开(公告)号：GB2486864A

公开(公告)日：2012-06-27

申请号：GB201207223

申请日：2010-07-30

Applicant: IBM

Inventor： HAVIV YINNON ,  HAY ROEE ,  PISTOIA MARCO ,  PODJARNY GUY ,  SHARABANI ADI ,  TATEISHI TAKAAKI ,  OMER TRIPP ,  OMRI WEISMAN

IPC: G06F11/36 ,  G06F21/00

Abstract: A system and method for static detection and categorization of information-flow downgraders includes transforming (502) a program stored in a memory device by statically analyzing program variables to yield a single assignment to each variable in an instruction set. The instruction set is translated (504) to production rules with string operations. A context-free grammar is generated (508) from the production rules to identify a finite set of strings. An information-flow downgrader function is identified (510) by checking the finite set of strings against one or more function specifications.

公开(公告)号：CA2704863A1

公开(公告)日：2010-08-16

申请号：CA2704863

申请日：2010-06-10

Applicant: IBM CANADA

Inventor： PODJARNY GUY ,  SHARABANI ADI

IPC: H04L12/26 ,  H04L29/06

Abstract: A method for preventing malicious code being embedded within a scripting language of a web application accessed by a web browser (308), the method comprising: monitoring all incoming traffic (310), generated by the web browser, and outgoing traffic (326) generated by a server (318) to form monitored traffic; determining whether a unique element, defined in a configuration file, is matched with an input value of the monitored traffic to form a matched input value; responsive to a determination that the unique element is matched with an input value of the monitored traffic, saving the matched input value, determining whether an output contains the matched input value in an expected location; responsive to a determination that the output contains the matched input value in an expected location, encoding the matched input value using a respective definition from the configuration file; and returning the output (330) to the requester.