| CPC H04L 63/1433 (2013.01) [H04L 63/1416 (2013.01); H04L 2463/146 (2013.01)] | 19 Claims |
|
1. A method of detecting a cross site scripting attack, the method comprising:
capturing a web request provided by a user, after the web request is decrypted and decoded, by capturing the web request at an entrance to a Hypertext Transfer Protocol (HTTP) pipeline;
capturing a response to the captured web request;
determining if one or more elements associated with the captured web request and one or more elements of the captured response, in combination, cause a malicious action, wherein the determining is based on (i) presence of interpreter syntax in user input, provided by the user, in the captured web request, and at least one of (ii) status of the user input being included in interpreter input, (iii) execution status of the interpreter, and (iv) presence of interpreter syntax in the captured response; and
declaring a cross site scripting attack in response to determining the one or more elements associated with the captured web request and the one or more elements of the captured response, in combination, cause a malicious action.
|