Privacy management systems and methods
US-11403377-B2 · Aug 2, 2022 · US
Techniques for protecting applications from unsecure network exposure
US12212595B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12212595-B2 |
| Application number | US-202117505976-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 20, 2021 |
| Priority date | Oct 17, 2017 |
| Publication date | Jan 28, 2025 |
| Grant date | Jan 28, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method and system for protecting an application from unsecure network exposure. The method includes identifying an at-risk application, wherein identifying the at-risk application further comprises determining that the application is configured incorrectly; identifying at least one port through which the at-risk application is accessible when the at-risk application is determined to be configured incorrectly; and determining, based on the identified at least one port through which the at-risk application is accessible, whether an exposure vulnerability exists, wherein the exposure vulnerability is an unapproved exposure of at least one of the at least one port to external resources.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for protecting an application from unsecure network exposure, comprising: identifying an at-risk application, wherein identifying the at-risk application comprises determining that the application is configured incorrectly; based on determining that the application is configured incorrectly, identifying at least one or more ports through which the at-risk application is accessible; sending, to a test external resource, connection data for connecting to the at-risk application via the one or more ports, wherein the test external resource, attempts to connect to the at-risk application based on the connection data; and returns results of the attempt to connect to the at-risk application; and determining, based on the results of the attempt to connect to the at-risk application, whether an exposure vulnerability exists, wherein the exposure vulnerability comprises an unapproved exposure of at least one of the one or more ports to external resources. 2. The method of claim 1 , further comprising: performing at least one mitigation action when an exposure vulnerability exists. 3. The method of claim 1 , wherein the test external resource attempting to connect to the at-risk application comprises the test external resource attempting to connect to the at-risk application in an insecure manner. 4. The method of claim 1 , wherein identifying the at-risk application comprises identifying the at-risk application using a static configuration test. 5. The method of claim 1 , wherein identifying the one or more ports comprises identifying the one or more ports with dynamic testing at runtime of the at-risk application. 6. The method of claim 1 , wherein the at-risk application is deployed in a host device, wherein the test external resource is not included in the host device. 7. The method of claim 6 , wherein identifying the one or more ports further comprises: probing a plurality of ports of a host device, wherein the plurality of ports includes the one or more ports through which the application is accessible. 8. The method of claim 1 , further comprising: based on the test external resource successfully connecting to the at-risk application, determining that an exposure vulnerability exists. 9. A non-transitory computer readable medium having program code stored thereon, the program code comprising instructions to protect an application from unsecure network exposure, wherein the instructions to protect the application from unsecure network exposure comprise instructions to: identify an at-risk application, wherein the instructions to identify the at-risk application comprise instructions to determine that the application is configured incorrectly; based on determining that the application is configured incorrectly, identify one or more ports through which the at-risk application is accessible; send, to a test external resource, connection data for connecting to the at-risk application via the one or more ports, wherein the test external resource, attempts to connect to the at-risk application based on the connection data; and returns results of the attempt to connect to the at-risk application; and determine, based on the results of the attempt to connect to the at-risk application, whether an exposure vulnerability exists, wherein the exposure vulnerability comprises an unapproved exposure of at least one of the one or more ports to external resources. 10. A system for protecting an application from unsecure network exposure, comprising: a processing circuitry; and a computer readable medium having instructions stored thereon that are executable by the processing circuitry to cause the system to: identify an at-risk application, wherein the instructions to identify the at-risk application comprise instructions executable by the processing circuitry to cause the system to determine that the application is configured incorrectly; based on determining that the application is configured incorrectly, identify one or more ports through which the at-risk application is accessible; send, to a test external resource, connection data for connecting to the at-risk application via the one or more ports, wherein the test external resource, attempts to connect to the at-risk application based on the connection data; and returns results of the attempt to connect to the at-risk application; and determine, based on the results of the attempt to connect to the at-risk application, whether an exposure vulnerability exists, wherein the exposure vulnerability comprises an unapproved exposure of at least one of the one or more ports to external resources. 11. The system of claim 10 , wherein the computer readable medium further has stored thereon instructions executable by the processing circuitry to cause the system to: perform at least one mitigation action when an exposure vulnerability exists. 12. The system of claim 10 , wherein the test external resource attempting to connect to the at-risk application comprises the test external resource attempting to connect to the at-risk application in an insecure manner. 13. The system of claim 10 , wherein the instructions to identify the at-risk application comprise instructions executable by the processing circuitry to cause the system to identify the at-risk application using a static configuration test. 14. The system of claim 10 , wherein the instructions to identify the one or more ports comprise instructions executable by the processing circuitry to cause the system to identify the one or more ports using dynamic testing at runtime of the at-risk application. 15. The system of claim 10 , wherein the at-risk application is deployed in a host device, wherein the test external resource is not included in the host device. 16. The system of claim 15 , wherein the computer readable medium further has stored thereon instructions executable by the processing circuitry to cause the system to: probe a plurality of ports of a host device, wherein the plurality of ports includes the one or more ports through which the application is accessible. 17. The system of claim 10 , wherein the computer readable medium further has stored thereon instructions executable by the processing circuitry to cause the system to: determine that an exposure vulnerability exists when the test external resource successfully connects to the application. 18. The non-transitory computer readable medium of claim 9 , wherein the program code further comprises instructions to: perform at least one mitigation action when an exposure vulnerability exists. 19. The non-transitory computer readable medium of claim 9 , wherein the instructions to identify the at-risk application comprise instructions to identify the at-risk application using a static configuration test. 20. The non-transitory computer readable medium of claim 9 , wherein the instructions to identify the one or more ports comprise instructions to identify the one or more ports with dynamic testing at runtime of the at-risk application.
Assignees
Inventors
Classifications
Testing arrangements · CPC title
Network monitoring probes · CPC title
involving logical or physical relationship, e.g. grouping and hierarchies · CPC title
Checking the configuration · CPC title
where tasks reside in different layers, e.g. user- and kernel-space · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12212595B2 cover?
- A method and system for protecting an application from unsecure network exposure. The method includes identifying an at-risk application, wherein identifying the at-risk application further comprises determining that the application is configured incorrectly; identifying at least one port through which the at-risk application is accessible when the at-risk application is determined to be config…
- Who is the assignee on this patent?
- Palo Alto Networks Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1433. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jan 28 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).