Injection attack mitigation using context sensitive encoding of injected input
US9009821B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jun 8, 2011 |
| Grant date | Apr 14, 2015 |
| Priority date | — |
| Expiry date | Sep 23, 2031 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L67/02
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method for preventing malicious code being embedded within a scripting language of a web application accessed by a web browser (308), the method comprising: monitoring all incoming traffic (310), generated by the web browser, and outgoing traffic (326) generated by a server (318) to form monitored traffic; determining whether a unique element, defined in a configuration file, is matched with an input value of the monitored traffic to form a matched input value; responsive to a determination that the unique element is matched with an input value of the monitored traffic, saving the matched input value, determining whether an output contains the matched input value in an expected location; responsive to a determination that the output contains the matched input value in an expected location, encoding the matched input value using a respective definition from the configuration file; and returning the output (330) to the requester.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.