US 11,997,118 B1
Scripting attack detection and mitigation using content security policy violation reports
Siddhesh Yawalkar, Sunnyvale, CA (US); Hemant Puri, Fremont, CA (US); Swapnil Bhalode, Fremont, CA (US); Sandeep Bhatkar, Sunnyvale, CA (US); Anant Agrawal, Indore (IN); Sangam Shankar, Mysore (IN); Gabe Gallagher, San Diego, CA (US); and Erick Lee, San Jose, CA (US)
Assigned to Intuit, Inc., Mountain View, CA (US)
Filed by Intuit, Inc., Mountain View, CA (US)
Filed on Jul. 24, 2023, as Appl. No. 18/225,671.
Int. Cl. H04L 29/06 (2006.01); H04L 9/40 (2022.01)
CPC H04L 63/1416 (2013.01) [H04L 63/1466 (2013.01); H04L 63/20 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method for scripting attack detection and mitigation, comprising:
receiving a first report indicating a first violation for a first security policy applied to a first web application;
identifying a first plurality of features associated with the first violation, the first plurality of features comprising a uniform resource locator (URL) of a resource that was prevented from loading on a browser where the first violation occurred and is included in the first report;
determining a first domain associated with the URL;
determining a second domain associated with the URL by performing a sequence of domain name system (DNS) and reverse DNS lookups;
determining whether the first domain and the second domain are equal, wherein the first plurality of features further comprises the determination whether the first domain and the second domain are equal;
classifying the first violation as a first scripting attack based on the first plurality of features; and
taking action to mitigate the first scripting attack on the first web application.