Securing web page content
US-2018048671-A1 · Feb 15, 2018 · US
Securing web page content
US10033755B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10033755-B2 |
| Application number | US-201715791291-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 23, 2017 |
| Priority date | Sep 30, 2014 |
| Publication date | Jul 24, 2018 |
| Grant date | Jul 24, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Methods and apparatus are described for automatically modifying web page source code to address a variety of security vulnerabilities such as, for example, vulnerabilities that are exploited by mixed content attacks.
First claim
Opening claim text (preview).
What is claimed is: 1. A system comprising: a memory; and one or more physical processors coupled to the memory and configured to: receiving a source code that is requested by a client device; processing the source code to identify one or more security vulnerabilities including identification of an unsecure channel corresponding to a resource identified by the source code; wherein processing the source code includes identifying a first reference in the source code to the resource to retrieve the resource via the unsecure channel; determine whether one or more modifications to the source code would result in the resource being undeliverable to the client device; modifying, responsive to processing the source code, the source code thereby generating a modified code, to access the resource via a secure channel; wherein modifying the source code includes removing the first reference to the resource, adding a second reference to the resource specifying a security directive requiring use of the secure channel by a browser on the client device, and causing the resource to be hosted on a secure server or domain; transmitting the modified code to the client device. 2. The system of claim 1 , wherein the source code was received from a server computer. 3. The system of claim 1 , wherein the one or more physical processors are further configured to: receive one or more headers; and modify a header among the one or more headers based on the security directive. 4. The system of claim 1 , wherein the one or more physical processors are further configured to determine that the client device supports communication via the secure channel. 5. The system of claim 1 , wherein modifying the source code causes the modified code to include identify an executable script in the source code. 6. The system of claim 1 , wherein modifying the source code causes the modified code to include an executable script. 7. The system of claim 1 , wherein modifying the source code includes specifying an X-Frame options header, or inserting frame-breaking code in the modified code. 8. The system of claim 1 , wherein the security directive is for use by the browser on the client device. 9. A method comprising: receiving a source code that is requested by a client device; processing the source code to identify one or more security vulnerabilities including identification of an unsecure channel corresponding to a resource identified by the source code; wherein processing the source code includes identifying a first reference in the source code to the resource to retrieve the resource via the unsecure channel; modifying, responsive to processing the source code, the source code thereby generating a modified code, to access the resource via a secure channel; determining whether one or more modifications to the source code would result in the resource being undeliverable to the client device; wherein modifying the source code includes removing the first reference to the resource, adding a second reference to the resource specifying a security directive requiring use of the secure channel by a browser on the client device, and causing the resource to be hosted on a secure server or domain; executing the modified code on the client device; wherein the method is performed by one or more physical processors. 10. The method of claim 9 further comprising requesting the resource via the secure channel. 11. The method of claim 9 further comprising sending a request, to a server computer, based on the security directive. 12. The method of claim 9 further comprising determining that the client device supports communication via the secure channel. 13. The method of claim 9 , wherein modifying the source code causes the modified code to include identify an executable script in the source code. 14. The method of claim 9 , wherein modifying the source code causes the modified code to include an executable script. 15. The method of claim 9 further comprising specifying an X-Frame options header, or inserting frame-breaking code in the modified code. 16. The method of claim 9 , wherein the security directive is for use by the browser on the client device.
Assignees
Inventors
Classifications
Computer malware detection or handling, e.g. anti-virus arrangements · CPC title
Test or assess software · CPC title
Just-in-time application of countermeasures, e.g., on-the-fly decryption, just-in-time obfuscation or de-obfuscation · CPC title
Assessing vulnerabilities and evaluating computer system security · CPC title
Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10033755B2 cover?
- Methods and apparatus are described for automatically modifying web page source code to address a variety of security vulnerabilities such as, for example, vulnerabilities that are exploited by mixed content attacks.
- Who is the assignee on this patent?
- Shape Security Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1433. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jul 24 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).