Method and system for preventing cross-site attack

A user and website technology, applied in transmission systems, digital transmission systems, instruments, etc., can solve problems such as session integrity attacks and imperfect solutions

Active Publication Date: 2008-10-29
SAP AG
View PDF0 Cites 30 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

While traditional client-side and server-side techniques exist to protect against cross-site attacks, these solutions are often imperfect
For example, some of these typical schemes only target session theft attacks, which attack the integrity of the session

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for preventing cross-site attack
  • Method and system for preventing cross-site attack
  • Method and system for preventing cross-site attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

Efficient cross-site attack prevention, in which web pages are stored on a site, the web pages being organized into entry pages that do not accept input, and protected pages that are not entry pages. A request is received from a user application to receive a requested web page, the request including a referrer string indicative of a referring web page, and identification data. It is determined whether the requested web page is an entry page or a protected page, and it is further determined, if the requested web page is determined to be a protected page, if the user application is authorized based upon the identification data, and if the referring web page is stored on the site based upon the referrer string.; The requested web page is transmitted to the user application if the user application is determined to be authorized and if the referring web page is determined to be stored on the site, and the request is redirected to an entry page if the user application is determined to be not authorized or if the referring web page is determined to be not stored on the site.

Description

Method and system for preventing cross-site attacks technical field The present invention relates generally to protection against cross-site attacks, and at least one particular embodiment relates to protection against cross-site scripting and cross-site request forgery attacks. Background technique While web applications operate in virtual environments, some of them, including online auctions or banking applications, involve real-world currency transactions. Both web users and websites have a vested interest in securing these currency transactions, which provides an attractive target for hackers to manipulate. Malicious exploitation of key weaknesses in these security-critical web applications is continually being developed, with cross-site scripting and cross-site request forgery attacks particularly favored by hackers. The vanguard of these attacks are malicious links, infected with scripts or forged input, which are presented to legitimate users via electronic commun...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/36H04L29/06
CPCH04L63/10G06F21/6218G06F2221/2119H04L63/1441H04L63/168
Inventor 弗洛里安·克施鲍姆
Owner SAP AG
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap