Method and apparatus for security validation of user input

摘要

According to embodiments of the present invention, a computing device provides a security rules subset of a server-side protection element to a pre-validation component deployed at a client side. The computing device validates the user input based on the security rules. The computing device determines, in response to detecting a user input violation and that a violated security rule has/or has not been provided to the pre-validation component, the user as a first or second class of users. The computing device performs different security protection actions to the first and second class of users. The computing device asynchronously performs a dynamic update to the security rule subset provided to the pre-validation component. The security rule subset is screened from the security rules of the server-side protection means. A policy for screening the security rule subset is selected.

主权项

1. A computer-implemented method for security validation of a user input in a computer network application, the method comprising:
providing a subset of security rules of a server-side protection means to a pre-validation component deployed at a client side, so as to enable security validation of a user input on the client side by the pre-validation component based on the provided security rule subset; validating the user input based on at least one of the security rules of the server-side protection means; determining, in response to detecting a user input violation and that a violated security rule has not been provided to the pre-validation component, the user as one of a first class of users; determining, in response to detecting the user input violation and that the violated security rule has been provided to the pre-validation component, the user as one of a second class of users; performing different security protection actions to the determined first class of users and the determined second class of users, wherein the step of performing different security protection actions to the determined first class of users and the determined second class of users comprises:
performing, to the second class of users, a security protection action as compulsorily blocking all subsequent requests, andperforming, to the first class of users, a security protection action which maintains access to the computer network application; asynchronously performing a dynamic update to the security rule subset provided to the pre-validation component; wherein the security rule subset is screened from the security rules of the server-side protection means in the step of providing the subset of the security rules of the server-side protection means to the pre-validation component and in the step of asynchronously performing the dynamic update to the security rule subset provided to the pre-validation component; and wherein a policy for screening the security rule subset is selected from the group consisting of:
selecting a security rule having a high violation ratio;excluding all negative rules in the security rules; andexcluding high-risk security rules in the security rule.