专利名称:Passive Web Application Firewall发明人:Robert C. Fruth,Viresh Ramdatmisier,Barry
Markey,Robert Fish,Erik Tayler,DragosBoia,Donald Ankney
申请号:US14864858申请日:20150924
公开号:US20170093795A1公开日:20170330
专利附图:
摘要:To protect network-based services, offering computer implementedfunctionality, from attacks, a passive web application firewall reactively identifies
vulnerabilities, enabling such vulnerabilities to be quickly ameliorated, without
intercepting communications or introducing other suboptimal aspects of traditional webapplication firewalls. Communications directed to the network-based services are loggedand such logs are scanned for entries evidencing attacks, such as based on
predetermined attack syntax. Further evaluation of the entries identified as evidencingattacks identifies a subset of those entries that correspond to likely successful attacks.Such further evaluation includes attacking the network-based service in an equivalentmanner. Attacks that are found to be successful identify vulnerabilities, and a notificationof such vulnerabilities is provided to facilitate amelioration of such vulnerabilities.Vulnerability amelioration can be automatic, such as by automatically adjusting thesettings corresponding to the implementation of the network-based services toameliorate identified vulnerabilities in a predetermined manner.
申请人:Microsoft Technology Licensing, LLC
地址:Redmond WA US
国籍:US
更多信息请下载全文后查看
因篇幅问题不能全部显示,请点此查看更多更全内容