Client/server security by executing instructions and rendering client application instructions
US-2018077160-A1 · Mar 15, 2018 · US
Mitigating security vulnerabilities in web content
US10397265B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10397265-B2 |
| Application number | US-201816042891-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 23, 2018 |
| Priority date | Sep 30, 2014 |
| Publication date | Aug 27, 2019 |
| Grant date | Aug 27, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Methods and apparatus are described for automatically modifying web page source code to address a variety of security vulnerabilities such as, for example, vulnerabilities that are exploited by mixed content attacks.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer system comprising: one or more hardware processors; at least one memory coupled to the one or more hardware processors and storing one or more instructions which, when executed by the one or more hardware processors, cause the one or more hardware processors to: receive source code corresponding to a web page requested by a client device from a server device; process the source code to identify one or more specified resources that are accessed by the source code; determine that a particular resource of the one or more specified resources is subject to a mixed content vulnerability, the mixed content vulnerability comprising the source code allowing use of an unsecure channel with respect to the particular resource; in response to determining that the particular resource is subject to the mixed content vulnerability, modify the source code to specify a security directive instructing a browser on the client device to enforce the security directive when the source code is executed on the client device; cause transmission of the modified source code to the client device. 2. The computer system of claim 1 , wherein the mixed content vulnerability that the particular resource is subject to involves the source code accessing the particular resource via the unsecure channel. 3. The computer system of claim 1 , wherein the mixed content vulnerability that the particular resource is subject to involves the source code loading a second web page in an invisible frame and sending user interactions to the invisible frame corresponding to the second web page. 4. The computer system of claim 1 , wherein the mixed content vulnerability that the particular resource is subject to involves vulnerability in how SSL is applied with respect to compression. 5. The computer system of claim 1 , wherein the security directive enforces use of a TCP connection. 6. The computer system of claim 1 , wherein the security directive requires that cookies be sent only over a secure channel. 7. The computer system of claim 1 , wherein the security directive requires use of HTTPS Strict Transport Security. 8. The computer system of claim 1 , wherein the security directive enforces a source list of origins for scripts and styles based on processing the source code. 9. The computer system of claim 1 , wherein the one or more instructions, when executed by the one or more hardware processors, cause the one or more processors to: maintain security data comprising a plurality of security vulnerabilities that includes the mixed content vulnerability and a plurality of security countermeasures corresponding to the plurality of security vulnerabilities; wherein determining that the particular resource is subject to the mixed content vulnerability includes checking the particular resource for the plurality of security vulnerabilities; wherein modifying the source code includes applying a security countermeasure of the plurality of security countermeasures corresponding to the mixed content vulnerability. 10. The computer system of claim 9 , wherein the one or more instructions, when executed by the one or more hardware processors, cause the one or more processors to: receive data describing a new security vulnerability and a new security countermeasure corresponding to the new security vulnerability; add the new security vulnerability to the plurality of security vulnerabilities; wherein one or more resources are checked for the new security vulnerability after the new security vulnerability is added to the plurality of security vulnerabilities. 11. A method, comprising: receiving source code corresponding to a web page requested by a client device from a server device; processing the source code to identify one or more specified resources that are accessed by the source code; determining that a particular resource of the one or more specified resources is subject to a mixed content vulnerability, the mixed content vulnerability comprising the source code allowing use of an unsecure channel with respect to the particular resource; in response to determining that the particular resource is subject to the mixed content vulnerability, modifying the source code to specify a security directive instructing a browser on the client device to enforce the security directive when the source code is executed on the client device; causing transmission of the modified source code to the client device; wherein the method is performed by one or more physical processors. 12. The method of claim 11 , wherein the mixed content vulnerability that the particular resource is subject to involves the source code accessing the particular resource via the unsecure channel. 13. The method of claim 11 , wherein the mixed content vulnerability that the particular resource is subject to involves the source code loading a second web page in an invisible frame and sending user interactions to the invisible frame corresponding to the second web page. 14. The method of claim 11 , wherein the mixed content vulnerability that the particular resource is subject to involves vulnerability in how SSL is applied with respect to compression. 15. The method of claim 11 , wherein the security directive enforces use of a TCP connection. 16. The method of claim 11 , wherein the security directive requires that cookies be sent only over a secure channel. 17. The method of claim 11 , wherein the security directive requires use of HTTPS Strict Transport Security. 18. The computer system of claim 11 , wherein the security directive enforces a source list of origins for scripts and styles based on processing the source code. 19. The method of claim 11 , further comprising: maintaining security data comprising a plurality of security vulnerabilities that includes the mixed content vulnerability and a plurality of security countermeasures corresponding to the plurality of security vulnerabilities; wherein determining that the particular resource is subject to the mixed content vulnerability includes checking the particular resource for the plurality of security vulnerabilities; wherein modifying the source code includes applying a security countermeasure of the plurality of security countermeasures corresponding to the mixed content vulnerability. 20. The method of claim 19 , further comprising: receiving data describing a new security vulnerability and a new security countermeasure corresponding to the new security vulnerability; adding the new security vulnerability to the plurality of security vulnerabilities; wherein one or more resources are checked for the new security vulnerability after the new security vulnerability is added to the plurality of security vulnerabilities.
Assignees
Inventors
Classifications
Test or assess software · CPC title
eliminating virus, restoring damaged files · CPC title
Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking · CPC title
Computer malware detection or handling, e.g. anti-virus arrangements · CPC title
Assessing vulnerabilities and evaluating computer system security · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10397265B2 cover?
- Methods and apparatus are described for automatically modifying web page source code to address a variety of security vulnerabilities such as, for example, vulnerabilities that are exploited by mixed content attacks.
- Who is the assignee on this patent?
- Shape Security Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1433. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 27 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).