首页> 外国专利> Systems and methods for protecting web based applications from cross site request forgery attacks

Systems and methods for protecting web based applications from cross site request forgery attacks

机译：用于保护基于Web的应用程序免受跨站点请求伪造攻击的系统和方法

页面导航

摘要
著录项
相似文献

摘要

Computer implemented methods (200) for protecting web based applications (110, 114) from Cross Site Request Forgery (CSRF) attacks. The methods involve (204) classifying each resource offered by a web server application as a CSRF-protected resource or a not-CSRF-protected resource. The methods also involve (214, . . . , 222) performing a user authentication, (224) initializing an authentication-token, and (226) initializing a CSRF protection secret that is used to validate CSRF protection parameters contained in resource identifiers for the resources. The methods further involve (228) performing a server-side rewriting process (300) to add the CSRF protection parameter to the resource identifiers for the resources and/or (230) performing a client-side rewriting process to add the CSRF protection parameter to a resource identifier for a second resource (e.g., a resource created at a client computer (102)).

机译：计算机保护的方法（ 200 ），用于保护基于Web的应用程序（ 110、114 ）免受跨站点请求伪造（CSRF）攻击。这些方法涉及（ 204 ）将Web服务器应用程序提供的每个资源分类为CSRF保护的资源或非CSRF保护的资源。这些方法还涉及（ 214，...，222 ）执行用户身份验证，（ 224 ）初始化身份验证令牌和（ 226 >）初始化CSRF保护密码，该密码用于验证资源的资源标识符中包含的CSRF保护参数。该方法还涉及（ 228 ）执行服务器端重写过程（ 300 ），以将CSRF保护参数添加到资源的资源标识符和/或（ 230 ）执行客户端重写过程，以将CSRF保护参数添加到第二资源（例如，在客户端计算机（ 102 ）创建的资源）的资源标识符中。 展开▼

著录项

公开/公告号US8020193B2

专利类型

公开/公告日2011-09-13

原文格式PDF

申请/专利权人 SUMEER K. BHOLA;TODD E. KAPLINGER;MICHAEL STEINER;
展开▼

申请/专利号US20080254494

发明设计人 MICHAEL STEINER;TODD E. KAPLINGER;SUMEER K. BHOLA;
展开▼

申请日2008-10-20

分类号G06F17/00;G06F7/04;G06F15/16;G06F17/30;H04L29/06;H04N7/16;

国家 US

入库时间 2022-08-21 18:10:14

相似文献

专利

外文文献

中文文献

1. 一种防止跨站请求伪造攻击的方法及系统 [P] . 中国专利： CN105100084B . 2018.03.30

2. 一种防止跨站请求伪造攻击的方法及系统 [P] . 中国专利： CN105100084A . 2015-11-25

3. SYSTEMS AND METHODS FOR PROTECTING WEB BASED APPLICATIONS FROM CROSS SITE REQUEST FORGERY ATTACKS [P] . 美国专利： US2010100927A1 . 2010-04-22

机译：用于从跨站点请求伪造攻击中保护基于Web的应用程序的系统和方法

4. Dynamic cross-site request forgery protection in a web-based client application [P] . 美国专利： US9191405B2 . 2015-11-17

机译：基于Web的客户端应用程序中的动态跨站点请求伪造保护

5. DYNAMIC CROSS-SITE REQUEST FORGERY PROTECTION IN A WEB-BASED CLIENT APPLICATION [P] . 美国专利： US2013198294A1 . 2013-08-01

机译：基于Web的客户端应用程序中的动态跨站点请求伪造保护

1. Information Security Controls against Cross-Site Request Forgery Attacks on Software Applications of Automated Systems [J] . A V Barabanov, A S Markov, V L Tsirlov Journal of Physics: Conference Series . 2018,第4期

2. Information Security Controls against Cross-Site Request Forgery Attacks on Software Applications of Automated Systems [J] . A V Barabanov, A S Markov, V L Tsirlov Journal of Physics: Conference Series . 2018,第4期

3. A Study On Cross-Site Request Forgery Attack And Its Prevention Measures [J] . Puneet Kour International Journal of Advanced Networking and Applications . 2020,第2期

4. An effective defense system against cross-site request forgery attacks [C] . Yang Min, Xu Hexin, Zhu Dingju, IEEE international conference on signal processing systems . 2011

5. Cross-site request forgery attacks against Linksys wireless routers. [D] . Poyar, Ryan Lewis. 2010

6. Toward Exposing Timing-Based Probing Attacks in Web Applications [O] . Jian Mao, Yue Chen, Futian Shi, 2017

7. Defeating cross-site request forgery attacks with browser-enforced authenticity protection [O] . Ziqing Mao, Ninghui Li, Ian Molloy 2014

1. A Fast Two-Stage Black-Box Deep Learning Network Attacking Method Based on Cross-Correlation [J] . Deyin Li ,Mingzhi Cheng ,Yu Yang . 计算机、材料和连续体(英文) . 2020,第7期

2. Web-Based Information Systems and Applications: A Survey [J] . XUBao-wen ,XULei ,MENGXiao-feng . 武汉大学自然科学学报：英文版 . 2004,第5期

3. Evaluation Method of Web Site Structure Based on Web Structure Mining [J] . Li June 1 Zhou Dongu 2 1. Computer CenterWuhan University Wuhan 430072 Hubei China ,2. School of ComputerWuhan University Wuhan 430072 HubeiChina . 武汉大学自然科学学报：英文版 . 2003,第03A期

4. An Application Expert System for Evaluating Effective Factors on Trust in B2C WebsitesTrust, Security, ANFIS, Fuzzy Logic, Rule Based Systems, Electronic Commerce [J] . Mehrbakhsh Nilashi ,Karamollah Bagherifard ,Othman Ibrahim . 工程（英文）（1947-3931） . 2011,第11期

5. Application of Risk-based Flexibility Assessment Methods to Evaluate System Expansion Plans [J] . Baorong Zhou ,Pei Zhang ,Jianbin Chen . 能源与动力工程（英文） . 2013,第4期

6. 基于客流的历史保护区轨道站点周边步行系统研究——以北京雍和宫站点为例 [C] . WU Fengwen ,武凤文 ,LIANG Wenfang . 2014（第九届）城市发展与规划大会 . 2014

7. 跨站点网上自主学习时间记录查询系统设计及思考 [A] . 赵明庆 . 2009