公开(公告)号：CA2712542C

公开(公告)日：2012-09-11

申请号：CA2712542

申请日：2010-08-25

Applicant: IBM CANADA

Inventor： ONUT IOSIF VIOREL ,  PODJARNY GUY ,  CONBOY CRAIG RONALD EARL ,  ALY HOSAM

IPC: H04L12/26 ,  G06F21/00

Abstract: An illustrative embodiment of a computer-implemented process for two-tier deep analysis of hypertext transport protocol data, monitors Web traffic, receives a packet of Web traffic from a network to form a received packet, wherein the received packet represents Web traffic, and stores the Web traffic temporarily to form stored Web traffic. The computer-implemented process further determines whether the Web traffic is suspicious using a first tier analysis and responsive to a determination that the Web traffic is suspicious, consumes the stored Web traffic using a deep analysis module. The computer-implemented process further determines whether the stored Web traffic is a case of misuse using a second tier analysis and responsive to a determination that the stored Web traffic is a case of misuse, feeding back data about a malicious connection to an intrusion protection system before returning to monitor the Web traffic.

公开(公告)号：CA2694326A1

公开(公告)日：2010-05-18

申请号：CA2694326

申请日：2010-03-10

Applicant: IBM CANADA

Inventor： PODJARNY GUY ,  AMIT YAIR ,  SHARABANI ADI

IPC: H04L9/32 ,  G06F21/00 ,  G06Q20/40

Abstract: A method and system for preventing Cross-Site Request Forgery (CSRF) security attacks on a server in a client-server environment. The method includes embedding a nonce and a script to all responses from the server to the client wherein when executed the script will add the nonce to each request from the client to the server; sending the response with the nonce and the script to the client; and verifying that each said request from the client includes the nonce sent by the server from the server to the client. The script modifies all objects, including dynamically generated objects, in a server response that may generate future requests to the server to add the nonce to the requests. The server verifies the nonce value in a request and confirms the request with the client if the value is not the same as the value previously sent by the server. Server-side aspects of the invention might be embodied in the server or a proxy between the server and the client.

公开(公告)号：CA2712542A1

公开(公告)日：2010-11-09

申请号：CA2712542

申请日：2010-08-25

Applicant: IBM CANADA

Inventor： ONUT IOSIF VIOREL ,  PODJARNY GUY ,  CONBOY CRAIG RONALD EARL ,  ALY HOSAM

IPC: H04L12/26 ,  G06F21/00

Abstract: An illustrative embodiment of a computer-implemented process for two-tier deep analysis of hypertext transport protocol data, monitors Web traffic, receives a packet of Web traffic from a network to form a received packet, wherein the received packet represents Web traffic, and stores the Web traffic temporarily to form stored Web traffic. The computer-implemented process further determines whether the Web traffic is suspicious using a first tier analysis and responsive to a determination that the Web traffic is suspicious, consumes the stored Web traffic using a deep analysis module. The computer-implemented process further determines whether the stored Web traffic is a case of misuse using a second tier analysis and responsive to a determination that the stored Web traffic is a case of misuse, feeding back data about a malicious connection to an intrusion protection system before returning to monitor the Web traffic.

公开(公告)号：CA2704863A1

公开(公告)日：2010-08-16

申请号：CA2704863

申请日：2010-06-10

Applicant: IBM CANADA

Inventor： PODJARNY GUY ,  SHARABANI ADI

IPC: H04L12/26 ,  H04L29/06

Abstract: A method for preventing malicious code being embedded within a scripting language of a web application accessed by a web browser (308), the method comprising: monitoring all incoming traffic (310), generated by the web browser, and outgoing traffic (326) generated by a server (318) to form monitored traffic; determining whether a unique element, defined in a configuration file, is matched with an input value of the monitored traffic to form a matched input value; responsive to a determination that the unique element is matched with an input value of the monitored traffic, saving the matched input value, determining whether an output contains the matched input value in an expected location; responsive to a determination that the output contains the matched input value in an expected location, encoding the matched input value using a respective definition from the configuration file; and returning the output (330) to the requester.

公开(公告)号：CA2680609A1

公开(公告)日：2009-12-23

申请号：CA2680609

申请日：2009-10-19

Applicant: IBM CANADA

Inventor： IONESCU PAUL ,  SHARABANI ADI ,  MIRMOVITCH GIL ,  SAKIN ARIEL ,  SEGAL ORI ,  PODJARNY GUY

IPC: G06F11/30 ,  G06F21/00 ,  H04L9/32

Abstract: A method of configuring a login session is provided. The method includes performing on a processor, obtaining login sequence data; selectively removing pages from the login sequence data; selectively tracking at least one of parameters and cookies of the log in sequence data; and modifying a login configuration used in a login session based on the modifie d login sequence data.