专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08495135B2 Preventing cross-site request forgery attacks on a server 有权
标题翻译：防止服务器上的跨站点请求伪造攻击
公开(公告)号：US08495135B2
公开(公告)日：2013-07-23
申请号：US12889300
申请日：2010-09-23
申请人： Yair Amit , Guy Podjarny , Adi Sharabani
发明人： Yair Amit , Guy Podjarny , Adi Sharabani
IPC分类号： G06F15/16
CPC分类号： G06F21/51 , G06F21/445 , G06F21/554 , G06F2221/2129 , G06Q20/382 , H04L63/08
摘要： Preventing Cross-Site Request Forgery (CSRF) security attacks on a server in a client-server environment comprises: embedding a nonce and a script in all responses from the server to the client, the script adapted for executing to add the nonce to each request from the client to the server; sending the response with the nonce and the script to the client; and verifying that each request from the client includes the nonce. The script preferably modifies all objects, including dynamically generated objects, in a server response that may generate future requests to the server to add the nonce to the requests. The server verifies the nonce value in a request and optionally confirms the request with the client if the value is not the same as the value previously sent by the server. Server-side aspects might be embodied in the server or a proxy between the server and the client.
摘要翻译：防止跨站点请求在客户端 - 服务器环境中的服务器上的伪造（CSRF）安全攻击包括：将随机数和脚本嵌入到从服务器到客户端的所有响应中，该脚本适用于执行以向每个请求添加随机数从客户端到服务器; 将随机数和脚本的响应发送给客户端; 并验证来自客户端的每个请求都包括该随机数。该脚本优选地在服务器响应中修改包括动态生成的对象的所有对象，该服务器响应可以向服务器生成将请求添加到请求中的未来请求。服务器验证请求中的随机值，并且如果值与以前由服务器发送的值不同，则可选地确认与客户端的请求。服务器端方面可能会体现在服务器或服务器和客户端之间的代理服务器端。

2. 发明申请

US20120180128A1 Preventing Cross-Site Request Forgery Attacks on a Server 有权
标题翻译：防止跨站点请求服务器上的伪造攻击
公开(公告)号：US20120180128A1
公开(公告)日：2012-07-12
申请号：US13411608
申请日：2012-03-04
申请人： Yair Amit , Guy Podjarny , Adi Sharabani
发明人： Yair Amit , Guy Podjarny , Adi Sharabani
IPC分类号： G06F21/00
CPC分类号： G06F21/51 , G06F21/445 , G06F21/554 , G06F2221/2129 , G06Q20/382 , H04L63/08
摘要： Preventing Cross-Site Request Forgery security attacks on a server in a client-server environment. In one aspect, this comprises embedding a nonce and a script in all responses from the server to the client wherein, when executed, the script adds the nonce to each request from the client to the server; sending the response with the nonce and the script to the client; and verifying that each request from the client includes the nonce sent by the server to the client. The script preferably modifies all objects, including dynamically generated objects, in a server response that may generate future requests to the server to add the nonce to the requests. The server verifies the nonce value in a request and optionally confirms the request with the client if the value differs from the value previously sent. Server-side aspects might be embodied in the server or a proxy.
摘要翻译：防止跨站点请求在客户端 - 服务器环境中对服务器进行伪造安全攻击。在一个方面，这包括在从服务器到客户端的所有响应中嵌入随机数和脚本，其中当执行时，脚本将随机数添加到从客户端到服务器的每个请求; 将随机数和脚本的响应发送给客户端; 并验证来自客户端的每个请求都包括服务器发送给客户端的随机数。该脚本优选地在服务器响应中修改包括动态生成的对象的所有对象，该服务器响应可以向服务器生成将请求添加到请求中的未来请求。服务器验证请求中的随机值，并且如果值与先前发送的值不同，则可选地确认该请求与客户端。服务器端方面可能会体现在服务器或代理中。

3. 发明申请

US20110225234A1 Preventing Cross-Site Request Forgery Attacks on a Server 有权
标题翻译：防止跨站点请求服务器上的伪造攻击
公开(公告)号：US20110225234A1
公开(公告)日：2011-09-15
申请号：US12889300
申请日：2010-09-23
申请人： Yair Amit , Guy Podjarny , Adi Sharabani
发明人： Yair Amit , Guy Podjarny , Adi Sharabani
IPC分类号： G06F15/16
CPC分类号： G06F21/51 , G06F21/445 , G06F21/554 , G06F2221/2129 , G06Q20/382 , H04L63/08
摘要： Preventing Cross-Site Request Forgery (CSRF) security attacks on a server in a client-server environment. In one aspect, this comprises embedding a nonce and a script in all responses from the server to the client wherein, when executed, the script adds the nonce to each request from the client to the server; sending the response with the nonce and the script to the client; and verifying that each request from the client includes the nonce sent by the server from the server to the client. The script preferably modifies all objects, including dynamically generated objects, in a server response that may generate future requests to the server to add the nonce to the requests. The server verifies the nonce value in a request and optionally confirms the request with the client if the value is not the same as the value previously sent by the server. Server-side aspects might be embodied in the server or a proxy between the server and the client.
摘要翻译：防止在客户端 - 服务器环境中的服务器上的跨站点请求伪造（CSRF）安全攻击。在一个方面，这包括在从服务器到客户端的所有响应中嵌入随机数和脚本，其中当执行时，脚本将随机数添加到从客户端到服务器的每个请求; 将随机数和脚本的响应发送给客户端; 并且验证来自客户端的每个请求都包括服务器从服务器发送给客户端的随机数。该脚本优选地在服务器响应中修改包括动态生成的对象的所有对象，该服务器响应可以向服务器生成将请求添加到请求中的未来请求。服务器验证请求中的随机值，并且如果值与以前由服务器发送的值不相同，则可选地确认与客户端的请求。服务器端方面可能会体现在服务器或服务器和客户端之间的代理服务器端。

4. 发明授权

US08495137B2 Preventing cross-site request forgery attacks on a server 有权
标题翻译：防止服务器上的跨站点请求伪造攻击
公开(公告)号：US08495137B2
公开(公告)日：2013-07-23
申请号：US13411608
申请日：2012-03-04
申请人： Yair Amit , Guy Podjarny , Adi Sharabani
发明人： Yair Amit , Guy Podjarny , Adi Sharabani
IPC分类号： G06F15/16
CPC分类号： G06F21/51 , G06F21/445 , G06F21/554 , G06F2221/2129 , G06Q20/382 , H04L63/08
摘要： Preventing Cross-Site Request Forgery security attacks on a server in a client-server environment. In one aspect, this comprises embedding a nonce and a script in all responses from the server to the client wherein, when executed, the script adds the nonce to each request from the client to the server; sending the response with the nonce and the script to the client; and verifying that each request from the client includes the nonce sent by the server to the client. The script preferably modifies all objects, including dynamically generated objects, in a server response that may generate future requests to the server to add the nonce to the requests. The server verifies the nonce value in a request and optionally confirms the request with the client if the value differs from the value previously sent. Server-side aspects might be embodied in the server or a proxy.
摘要翻译：防止跨站点请求在客户端 - 服务器环境中对服务器进行伪造安全攻击。在一个方面，这包括在从服务器到客户端的所有响应中嵌入随机数和脚本，其中当执行时，脚本将随机数添加到从客户端到服务器的每个请求; 将随机数和脚本的响应发送给客户端; 并验证来自客户端的每个请求都包括服务器发送给客户端的随机数。该脚本优选地在服务器响应中修改包括动态生成的对象的所有对象，该服务器响应可以向服务器生成将请求添加到请求中的未来请求。服务器验证请求中的随机值，并且如果值与先前发送的值不同，则可选地确认该请求与客户端。服务器端方面可能会体现在服务器或代理中。

5. 发明授权

US08813237B2 Thwarting cross-site request forgery (CSRF) and clickjacking attacks 有权
标题翻译：阻止跨站点请求伪造（CSRF）和劫持攻击
公开(公告)号：US08813237B2
公开(公告)日：2014-08-19
申请号：US12825290
申请日：2010-06-28
申请人： Yair Amit , Roee Hay , Roi Saltzman , Adi Sharabani
发明人： Yair Amit , Roee Hay , Roi Saltzman , Adi Sharabani
IPC分类号： G06F21/00
CPC分类号： G06Q20/4016 , G06F21/31 , G06F21/64 , G06F2221/2119 , G06Q20/40 , H04L63/1466 , H04L63/1483 , H04L63/168
摘要： Embodiments of the invention generally relate to thwarting fraud perpetrated with a computer by receiving a request from a computer to perform a transaction. Embodiments of the invention may include receiving the request together with transaction data and a cookie, where the transaction data are separate from the cookie; determining in accordance with predefined validation criteria whether the cookie includes a valid representation of the transaction data; and performing the transaction only if the cookie includes a valid representation of the transaction data.
摘要翻译：本发明的实施例一般涉及通过接收来自计算机执行交易的请求来阻止通过计算机犯下的欺诈。本发明的实施例可以包括：将交易数据和cookie分开的交易数据和cookie接收; 根据预定义的验证标准来确定该cookie是否包括交易数据的有效表示; 并且只有在cookie包含交易数据的有效表示时才执行交易。

6. 发明授权

US08510842B2 Pinpointing security vulnerabilities in computer software applications 有权
标题翻译：确定计算机软件应用程序中的安全漏洞
公开(公告)号：US08510842B2
公开(公告)日：2013-08-13
申请号：US13085902
申请日：2011-04-13
申请人： Yair Amit , Roee Hay , Roi Saltzman , Adi Sharabani
发明人： Yair Amit , Roee Hay , Roi Saltzman , Adi Sharabani
IPC分类号： G06F12/14 , G06F11/30 , G06F9/44
CPC分类号： G06F21/52 , G06F21/55 , G06F2221/033
摘要： A build process management system can acquire data pertaining to a software build process that is currently being executed by an automated software build system. The software build process can include executable process steps, metadata, and/or environmental parameter values. An executable process step can utilize a build artifact, representing an electronic document that supports the software build process. The acquired data can then be synthesized into an immutable baseline build process and associated baseline artifact library. The baseline artifact library can store copies of the build artifacts. The immutable baseline build process can include baseline objects that represent data values and dependencies indicated in the software build process. In response to a user-specified command, an operation can be performed upon the baseline build process and associated baseline artifact library.
摘要翻译：构建过程管理系统可以获取与当前由自动化软件构建系统执行的软件构建过程有关的数据。软件构建过程可以包括可执行过程步骤，元数据和/或环境参数值。可执行过程步骤可以利用构建工件，代表支持软件构建过程的电子文档。然后，获取的数据可以被合成为不可变的基线构建过程和相关联的基线工件库。基线工件库可以存储构建工件的副本。不可变的基线构建过程可以包括表示软件构建过程中指示的数据值和依赖性的基线对象。响应于用户指定的命令，可以在基线构建过程和相关联的基线工件库上执行操作。

7. 发明授权

US08370945B2 Identifying security breaches caused by web-enabled software applications 有权
标题翻译：识别由启用Web的软件应用程序引起的安全漏洞
公开(公告)号：US08370945B2
公开(公告)日：2013-02-05
申请号：US12469404
申请日：2009-05-20
申请人： Yair Amit , Roee Hay , Adi Sharabani
发明人： Yair Amit , Roee Hay , Adi Sharabani
IPC分类号： G06F21/00
CPC分类号： H04L63/14 , G06F21/53 , G06F2221/2119
摘要： Identifying a security breach caused when a computer-based software application uses a computer-based web browser application, including identifying at least one function within a computer-based software application that causes a computer-based web browser application to access data from a source that is external to the software application, at least partially replacing the data with malicious content that is configured to cause a predefined action to occur when the malicious content is accessed by the web browser application, where the predefined action is associated with a known security breach when the predefined action occurs subsequent to the malicious content being accessed by the web browser application, causing the software application to perform the function, and determining whether the predefined action is performed.
摘要翻译：识别在基于计算机的软件应用程序使用基于计算机的Web浏览器应用程序时引起的安全漏洞，包括识别基于计算机的软件应用程序中的至少一个功能，导致基于计算机的Web浏览器应用程序访问源的数据，在软件应用程序的外部，至少部分地用恶意内容替换数据，该恶意内容被配置为当Web浏览器应用程序访问恶意内容时发生预定义的动作，其中预定义的动作与已知的安全漏洞相关联，预定义的动作在恶意内容被web浏览器应用程序访问之后发生，导致软件应用程序执行该功能，并确定是否执行了预定义的动作。

8. 发明申请

US20100299754A1 Identifying Security Breaches Caused by Web-Enabled Software Applications 有权
标题翻译：识别由Web启用的软件应用程序导致的安全漏洞
公开(公告)号：US20100299754A1
公开(公告)日：2010-11-25
申请号：US12469404
申请日：2009-05-20
申请人： Yair Amit , Roee Hay , Adi Sharabani
发明人： Yair Amit , Roee Hay , Adi Sharabani
IPC分类号： G06F21/00 , G06F12/14 , G06F3/048 , G06G7/62
CPC分类号： H04L63/14 , G06F21/53 , G06F2221/2119
摘要： Identifying a security breach caused when a computer-based software application uses a computer-based web browser application, including identifying at least one function within a computer-based software application that causes a computer-based web browser application to access data from a source that is external to the software application, at least partially replacing the data with malicious content that is configured to cause a predefined action to occur when the malicious content is accessed by the web browser application, where the predefined action is associated with a known security breach when the predefined action occurs subsequent to the malicious content being accessed by the web browser application, causing the software application to perform the function, and determining whether the predefined action is performed.
摘要翻译：识别在基于计算机的软件应用程序使用基于计算机的Web浏览器应用程序时引起的安全漏洞，包括识别基于计算机的软件应用程序中的至少一个功能，导致基于计算机的Web浏览器应用程序访问源的数据，在软件应用程序的外部，至少部分地用恶意内容替换数据，该恶意内容被配置为当Web浏览器应用程序访问恶意内容时发生预定义的动作，其中预定义的动作与已知的安全漏洞相关联，预定义的动作在恶意内容被web浏览器应用程序访问之后发生，导致软件应用程序执行该功能，并确定是否执行了预定义的动作。

9. 发明申请

US20120266248A1 PINPOINTING SECURITY VULNERABILITIES IN COMPUTER SOFTWARE APPLICATIONS 有权
标题翻译：在计算机软件应用程序中确定安全漏洞
公开(公告)号：US20120266248A1
公开(公告)日：2012-10-18
申请号：US13411083
申请日：2012-03-02
申请人： Yair Amit , Roee Hay , Roi Saltzman , Adi Sharabani
发明人： Yair Amit , Roee Hay , Roi Saltzman , Adi Sharabani
IPC分类号： G06F21/00
CPC分类号： G06F21/52 , G06F21/55 , G06F2221/033
摘要： A build process management system can acquire data pertaining to a software build process that is currently being executed by an automated software build system. The software build process can include executable process steps, metadata, and/or environmental parameter values. An executable process step can utilize a build artifact, representing an electronic document that supports the software build process. The acquired data can then be synthesized into an immutable baseline build process and associated baseline artifact library. The baseline artifact library can store copies of the build artifacts. The immutable baseline build process can include baseline objects that represent data values and dependencies indicated in the software build process. In response to a user-specified command, an operation can be performed upon the baseline build process and associated baseline artifact library.
摘要翻译：构建过程管理系统可以获取与当前由自动化软件构建系统执行的软件构建过程有关的数据。软件构建过程可以包括可执行过程步骤，元数据和/或环境参数值。可执行过程步骤可以利用构建工件，代表支持软件构建过程的电子文档。然后，获取的数据可以被合成为不可变的基线构建过程和相关联的基线工件库。基线工件库可以存储构建工件的副本。不可变的基线构建过程可以包括表示软件构建过程中指示的数据值和依赖性的基线对象。响应于用户指定的命令，可以在基线构建过程和相关联的基线工件库上执行操作。

10. 发明授权

US08752182B2 Pinpointing security vulnerabilities in computer software applications 有权
标题翻译：确定计算机软件应用程序中的安全漏洞
公开(公告)号：US08752182B2
公开(公告)日：2014-06-10
申请号：US13411083
申请日：2012-03-02
申请人： Yair Amit , Roee Hay , Roi Saltzman , Adi Sharabani
发明人： Yair Amit , Roee Hay , Roi Saltzman , Adi Sharabani
IPC分类号： G06F12/14 , G06F11/30 , G06F9/44
CPC分类号： G06F21/52 , G06F21/55 , G06F2221/033
摘要： A build process management system can acquire data pertaining to a software build process that is currently being executed by an automated software build system. The software build process can include executable process steps, metadata, and/or environmental parameter values. An executable process step can utilize a build artifact, representing an electronic document that supports the software build process. The acquired data can then be synthesized into an immutable baseline build process and associated baseline artifact library. The baseline artifact library can store copies of the build artifacts. The immutable baseline build process can include baseline objects that represent data values and dependencies indicated in the software build process. In response to a user-specified command, an operation can be performed upon the baseline build process and associated baseline artifact library.
摘要翻译：构建过程管理系统可以获取与当前由自动化软件构建系统执行的软件构建过程有关的数据。软件构建过程可以包括可执行过程步骤，元数据和/或环境参数值。可执行过程步骤可以利用构建工件，代表支持软件构建过程的电子文档。然后，获取的数据可以被合成为不可变的基线构建过程和相关联的基线工件库。基线工件库可以存储构建工件的副本。不可变的基线构建过程可以包括表示软件构建过程中指示的数据值和依赖性的基线对象。响应于用户指定的命令，可以在基线构建过程和相关联的基线工件库上执行操作。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式