DETECTION OF MANIPULATION OF APPLICATIONS

摘要

The present invention relates to a solution to improve the security of applications. Particularly, the invention relates to the control of the whole lifecycle of data traffic between a client and a server applying also internal data flow system within the server only for editable data. The invention presents a method for detection of manipulation of data (29) by a client (11, 15, 25) that performs a request to a server (13, 17, 27) and detection of vulnerabilities within source code. The invention also presents an application and a system for the detection of manipulation in applications. As a particular example, the invention presents a method for detection of manipulation of web pages in HTTP.

主权项

1. A method for detection of manipulation of data by a client that performs a request to a server and detection of vulnerabilities within source code, implemented on a system that comprises:
at least one client configured to
run requests to a server comprising editable data and non-editable data,receive responses from the server, at least one server configured to
receive said request, andsend said response,where the method comprises the following steps:
a) receiving, by either the server or an external entity, a request from the at least one client, if the request is an initial request go to step c), b) if the request is a non-initial request,
reading, by either the server or the external entity, a request identifier from the received request,detecting manipulation, by either the server or the external entity, and finishing the method if the request identifier is different from the request identifier of a previous request that has been added to a data structure created for each risk point of a response of a previous request in the same session, wherein the risk point,detecting manipulation, by either the server or the external entity, and finishing the method if the content received in the request is different from the content of the data structure corresponding to the received request identifier,detecting manipulation, by either the server or the external entity, and finishing the method if there is an additional parameter not included within the data structure,if the request comprises at least an editable parameter which has been edited or completed by the client, storing by the server the representation of the data comprised in these fields on the server in a second type of data structure, c) generating the response by the server, d) analysing, by the server, if during the generation of the response, at least one risk point is generated, if there is at least one risk point in the response,
creating, by the server, a first type of data structure for each risk point,generating and associating, by the server, a request identifier to the first type of data structure,if the risk point comprises at least one parameter, identifying the typology, editable or non-editable, of the at least one parameter of the risk point, f) performing a predetermined action if the request comprises at least one editable parameter comprising content which is used during the generation of the response by the server, preferably in SQL queries or writes known as sink point and sending, from the server, the response to the client or to the external entity, g) receiving the response susceptible to be modified by the client, h) continuing in step a) if the client sends another request to the server in a same session, using one of the request identifiers generated in the step e) of the current request, or a previous request inside the same session,the method being carried out applying at least one of known techniques adding an additional behaviour to a server or firewall, preferably these techniques comprised in a group comprising:
Compiled code transformation, APIs extension, Additional code.