79 results about "Application firewall" patented technology

Methods and systems provided herein include a cyber intelligence system, a unified application firewall, and a cloud security fabric that has enterprise APIs for connecting to the information technology infrastructure of an enterprise, developer APIs 102 for enabling developers to access capabilities of the fabric and connector APIs by which the fabric may discover information about entities relevant to the information security of the enterprise (such as events involving users, applications, and data of the enterprise occurring on a plurality of cloud-enabled platforms, including PaaS/IaaS platforms), with various modules that comprise services deployed in the cloud security fabric, such as a selective encryption module, a policy creation and automation module, a content classification as a service module, and user and entity behavior analytics modules.

A method for protecting a Web application running on a first local Web Server bases from hacker attacks, said Web Server being connectable to at least one client, the method comprising the following steps: —providing a plurality of preset rules on said Server, which correspond to specific characteristics of HTTP requests; —receiving an HTTP request on said server from the client, said HTTP request comprising a plurality of characteristics; —analyzing said characteristics of said received HTTP request in accordance with said rules provided on said server; —rejecting said HTTP request, if said rules identify said HTTP request as harmful request; —accepting said HTTP request, if said rules identify said HTTP request as trustable request; —classifying said HTTP request as doubtful request, if said rules identify said request neither as harmful request nor as trustable request; —evaluating the characteristics of said doubtful local request; —generating a learned rule on basis of the edge base evaluation.

Method and system for dynamically checking an access control list during the data transfers between a client web browser and a web server. The method and system allow checking of access control list by an application firewall, independent from the web application. The rules, upon which the checking is based, can be easily updated without affecting the web application.

User inputs and/or Uniform Resource Identifier (URI), historically and popularly referred to as Universal Resource Locator (URL), requests in a content description language are passed through a security service (Web application firewall or a reverse Web proxy server) that is placed in front of Web application servers in order to protect the servers from hacking attempts. For validating Webform user inputs and/or URI requests and parameters the content description language is enriched by the security service with additional security tokens that are dynamically created based on the content being transferred. The user receives the information and returns input with the security tokens. The security service can then verify all provided user input data against the constraints described in the corresponding security token. As a result, the method may block the HTTP request or create log messages or notification events in reaction to violations of the user input data compared to the constraints in the security token.

The invention discloses a next-generation application firewall system and a defense method. The defense method can comprise the following steps of: acquiring a data package in a data stream; carrying out analyzing and verifying on the data in the data package; and collecting and analyzing verified results, and carrying out processing according to a corresponding preset strategy. According to the next-generation application firewall system and the defense method, the shortages of traditional safety devices are holistically solved, and meanwhile, the performances of the devices can not degrade after all functions are started.

The invention relates to a virtual computing platform for providing subscribers of the virtual computing platform with means for running their applications on the platform instead of running the applications on their mobile devices. The virtual computing platform is adapted to route internal communication directed from a first application of the platform to a second application of the platform via a set of external security appliances. The set may include a firewall, a security gateway, an application layer firewall, a web shield, an anti-virus device and an anti-spam device.

A computer implemented method, information processing system, and computer program product manage web application firewall rule configuration. A web application is analyzed. A set of data elements within the web application is identified. Each data element in the set of data elements stores information that is sent from a web client to a web server. Each data element in the set of data elements is analyzed. A data type is associated with each data element in the set of data element. The data type describes a type of data stored by the data element. A web application firewall rule recommendation is automatically generated for each data element based at least on the data type associated therewith.

The present invention is directed towards systems and methods for efficiently an intermediary device processing strings in web pages across a plurality of user sessions. A device intermediary to a plurality of clients and a server identifies a plurality of strings in forms and uniform resource locators (URLs) of web pages traversing the device across a plurality of user sessions. The device stores each string of the plurality of strings to one or more allocation arenas shared among a plurality of user session. Each string is indexed using a hash key generated from the string. The device recognizes that a received string transmitted from a webpage of a session of a user is eligible to be shared among the plurality of user sessions. The device determines that a copy of the received string is stored in an allocation arena using a hash generated from the received string. The device uses the copy of the received string stored in the allocation arena in place of the string in the web page of the session of the user to process the web page.

The present invention is directed towards systems and methods for sharing session data among cores in a multi-core system. A first application firewall module executes on a core of a multi-core intermediary device which establishes a user session. The first application firewall module stores application firewall session data to memory accessible by the first core. A second application firewall module executes on a second core of the multi-core intermediary device. The second application firewall module receives a request from the user via the established user session. The request includes a session identifier identifying that the user session was established by the first core. The second application firewall module determines to perform one or more security checks on the request and communicates a portion of the request the first core. The second application firewall module receives and processes the security check results and instructions from the first core.

The invention provides a firewall security policy configuration method and a management unit. The method comprises the following steps of: obtaining attack prevention configuration information which includes maximum message rate, message size or an on-and-off parameter and is sent from the firewall; obtaining first filter rule information which includes an IP address, a port number, a network protocol and action attribute and is sent from the firewall; generating a policy package including security policy configuration information according to the attack prevention configuration information and the first filter rule information; and sending the security policy configuration information to the association firewall according to association firewall information corresponding to the security policy configuration information in the policy package. In the embodiment of the invention, the security policy of a single firewall is reversely reduced to the policy package, thus providing convenience for a user to conduct security policy configuration on the firewall.

The invention discloses a web application firewall and a web application safety protection method. The web application firewall comprises a center firewall node and a plurality of auxiliary firewall nodes, wherein the center firewall node receives a request sent by a network user to a protection target website and transmits the request to one of the plurality of the auxiliary firewall nodes according to a certain rule, and the auxiliary firewall nodes conduct safety detection to the received request to prevent or allow the visitation of the request to the protection target website. The web application safety protection method comprises that the center firewall node receives the request sent by the network user to the protection target website and transmits the request to one of the plurality of the auxiliary firewall nodes according to the certain rule, and the auxiliary firewall nodes conduct safety detection to the received request to prevent or allow the visitation of the request to the protection target website. According to the technical scheme, the problem of service interrupt caused by single node error can be prevented.

A security inspection system verifying a security system of electronic equipment may include an inspector having: a communicator connecting wireless diagnostic communication with the electronic equipment entering a process line; a KMS inspection portion inspecting a management state of generation and destruction of encryption key of a key management system device included in the electronic equipment; an application firewall inspection portion inspecting security policy of an application firewall disposed in a gateway of the electronic equipment; a version inspection portion updating at least one of a patch program and a firmware of the security system included in the electronic equipment; a database storing a program and data for a security inspection of the electronic equipment; and a controller performing diagnostic test of a firewall installation state, an encryption key management state, a transmission/reception state of an encrypted message, or blocking of abnormal data of the security system.

A system and methods for protecting a serverless application, the system including: (a) a serverless application firewall configured to inspect input of the serverless function so as to ascertain whether the input contains malicious, suspicious or abnormal data; and (b) a behavioral protection engine configured to monitor behaviors and actions of the serverless functions during execution thereof.

Content management systems, methods, and media using an application level firewall are provided. In accordance with some embodiments of the disclosed subject matter, the system for managing advertisement adjacencies comprises: a firewall component in an application layer comprising a processor and a memory, wherein the firewall component is configured to operate in an advertisement call stack of the application layer and wherein the processor is programmed to: receive an advertisement call for publishing an advertisement in an advertisement server on a web page, wherein a verification tag is inserted in the advertisement call that redirects the advertisement call to the firewall component prior to transmission to the advertisement server; determine whether the web page associated with the advertisement call contains objectionable content; and, in response to determining that the web page does not contain objectionable content, transmit the advertisement call to the advertisement server for publishing the advertisement on the web page.

The invention discloses a network application firewall system and its realization method. The system includes: a client subsystem, which runs on an Internet portal server, and is used to receive user requests from the external network, and compare user request characteristics with locally stored black and white List comparison: when the user is in the whitelist, skip the follow-up logic directly and forward the user request to the backend application server; when the user is in the blacklist, interrupt the user request; the service subsystem is used to realize real-time data Analysis and storage: By sending data to the client subsystem, real-time statistical analysis is performed according to the predefined analysis logic, and the analysis results are stored; when the analysis results reach the preset threshold, the blacklist logic is automatically triggered. By adopting the present invention, complex client logic can be realized and customizability can be improved, so that it is suitable for network video and live broadcast services.

The invention provides a Web application security protection method and a WAF system. The WAF system comprises a Web server and an nginx server. The method comprises the following steps of building the Web server by adopting a python tornado framework; detecting whether the access request transmitted by the nginx server is an abnormal request or not by utilizing the Web server to obtain a detection result; using the Web server to send a detection result to the lua script in the nginx server; reading a detection result of the input lua script by using the nginx server to determine whether the access request is an abnormal request or not; if the access request is an abnormal request, intercepting the access request by using a lua script; and otherwise, forwarding the access request to the corresponding service line source station by using the nginx server. According to the WAF system, when Web application security protection is realized, excessive server resources are not occupied, and the occupancy rate of the WAF system on the server resources is reduced.

The invention discloses a processing method and system of a denial of service attack, a Web application firewall (WAF), and a router, is mainly applied to a CC attack process, and relates to the technical field of Internet, mainly for the purpose of solving the problem of threatening security of a target website when the target website is attacked in a time interval of cloud protection performed by a cloud server in the prior art. The method provided by the technical scheme comprises the following steps: a WAF obtaining access information of the target website; performing superposing processing on the access information and performing real-time monitoring on the superposed access information; and if it is monitored that the superposed access information exceeds a preset access threshold, performing interception processing on the access information.

The invention provides a warning association method and device. The problems that the real attack intention of an attacker cannot be easily discovered since the existing network attack frequently combines multiple tools and methods to implement multistep attack in a certain time and space span, but the WAF warning only aims at the single attack behavior is solved. The method comprises the following steps: obtaining attack behavior information according to a WAF warning log of an application firewall; acquiring attack mode information of the attacker according to the attack behavior information, wherein the attack mode information comprises attack type information corresponding to each attack behavior in an attack process of the attacker; associating the different attackers according to the similarity between the attack mode information of different attackers. By use of the warning association method provided by the invention, multiple disperse fine-grained attack behaviors in a logic relation are combined as a coarse-grained attack process, thereby providing basis and convenience for eliminating redundant warning, reappearing an attack scene, analyzing the attack intention of the attacker and other related works.