Patent application number | Description | Published |
20090119768 | Using Application Gateways to Protect Unauthorized Transmission of Confidential Data Via Web Applications - A security gateway receives messages transmitted between a server and a client device on a network and parses the messages into a plurality of data objects, such as strings and name-value pairs. The data objects may represent user personal identification information, such as user name, social security number, credit card number, patient code, driver's license number, and other personal identification information. The security gateway uses rules to recognize data objects and validate the data objects to determine whether the recognized data objects are appropriately included within the context. The security gateway may also perform an action on the data objects. Data objects that are not appropriately included in the context may be transformed, suppressed or disallowed. | 05-07-2009 |
20100017869 | Inferencing Data Types Of Message Components - A method of a device for filtering messages routing across a network includes extracting, by a filter configured on the device, a plurality of message components from messages received via a network. The plurality of message components is identified as having at least a field name in common, including a first field name. A learning engine configured on the device creates a list of data types for values of the first field name. The list includes one or more data types of a value of the first field name identified for each of the plurality of message components. The learning engine determines a most restrictive data type from the list of data types for the values of the first field name of the plurality of message components. | 01-21-2010 |
20100132029 | USING STATISTICAL ANALYSIS TO GENERATE EXCEPTION RULES THAT ALLOW LEGITIMATE MESSAGES TO PASS THROUGH APPLICATION PROXIES AND GATEWAYS - A security gateway receives messages rejected by a message filter based on a set of rules. The security gateway also receives attributes of the rejected messages that triggered the rules. The security gateway maintains frequencies with which the messages with a particular attribute were rejected by the rules. The security gateway finds rejected messages or attributes having a high frequency of occurrence. Since messages or attributes having a high frequency of occurrences are more likely to represent legitimate requests rather than malicious attacks, the security gateway generates exception rules, which would allow messages that have similar attributes to pass through the gateway. | 05-27-2010 |
20100269170 | RULE GENERALIZATION FOR WEB APPLICATION ENTRY POINT MODELING - A security gateway receives messages, such as URL requests, rejected by a message filter based on a set of rules. The security gateway maintains frequencies with which the messages were rejected by the rules. The security gateway finds rejected messages having a high frequency of occurrence. Since messages having a high frequency of occurrences are more likely to represent legitimate requests rather than malicious attacks, the security gateway generates exception rules, which would allow similar messages to pass through the gateway. | 10-21-2010 |
20100332617 | SYSTEMS AND METHODS FOR PROVIDING A VIRTUAL APPLIANCE IN AN APPLICATION DELIVERY FABRIC - The present disclosure is directed to systems and method for providing a virtual appliance. One or more application delivery controller appliances intermediary to a plurality of clients and a plurality of servers perform a plurality of application delivery control functions on network traffic communicated between the plurality of clients and the plurality of servers. A virtual application delivery controller is deployed on a device intermediary to the plurality of clients and the plurality of servers. The virtual application delivery controller executing on the device performs one or more of the plurality of application delivery control functions on network traffic communicated between the plurality of clients and the plurality of servers. | 12-30-2010 |
20110041053 | SCALABLE DERIVATIVE SERVICES - An efficient method for parsing HTML pages identifies pages containing a mix of static and dynamic content. The pages are parsed to form abstract syntax trees (ASTs), which are then cached along with the pages. When a later version of a page is retrieved, it is compared against the cached version, and only those portions of the AST that contain different content are reparsed. | 02-17-2011 |
20110154461 | SYSTEMS AND METHODS FOR MANAGEMENT OF COMMON APPLICATION FIREWALL SESSION DATA IN A MULTIPLE CORE SYSTEM - The present invention is directed towards systems and methods for efficiently an intermediary device processing strings in web pages across a plurality of user sessions. A device intermediary to a plurality of clients and a server identifies a plurality of strings in forms and uniform resource locators (URLs) of web pages traversing the device across a plurality of user sessions. The device stores each string of the plurality of strings to one or more allocation arenas shared among a plurality of user session. Each string is indexed using a hash key generated from the string. The device recognizes that a received string transmitted from a webpage of a session of a user is eligible to be shared among the plurality of user sessions. The device determines that a copy of the received string is stored in an allocation arena using a hash generated from the received string. The device uses the copy of the received string stored in the allocation arena in place of the string in the web page of the session of the user to process the web page. | 06-23-2011 |
20110154471 | SYSTEMS AND METHODS FOR PROCESSING APPLICATION FIREWALL SESSION INFORMATION ON OWNER CORE IN MULTIPLE CORE SYSTEM - The present invention is directed towards systems and methods for sharing session data among cores in a multi-core system. A first application firewall module executes on a core of a multi-core intermediary device which establishes a user session. The first application firewall module stores application firewall session data to memory accessible by the first core. A second application firewall module executes on a second core of the multi-core intermediary device. The second application firewall module receives a request from the user via the established user session. The request includes a session identifier identifying that the user session was established by the first core. The second application firewall module determines to perform one or more security checks on the request and communicates a portion of the request the first core. The second application firewall module receives and processes the security check results and instructions from the first core. | 06-23-2011 |
20120216274 | INFERENCING DATA TYPES OF MESSAGE COMPONENTS - A method of a device for filtering messages routing across a network includes extracting, by a filter configured on the device, a plurality of message components from messages received via a network. The plurality of message components is identified as having at least a field name in common, including a first field name. A learning engine configured on the device creates a list of data types for values of the first field name. The list includes one or more data types of a value of the first field name identified for each of the plurality of message components. The learning engine determines a most restrictive data type from the list of data types for the values of the first field name of the plurality of message components. | 08-23-2012 |