Shape Security | Date: 2017-05-17
An API call filtering system filters responses to API call requests received, via a network, from UEs. The API call filtering system is configured to require personalized API call requests wherein each API call (except for some minor exceptions) includes a unique UE identifier (UEIN) of the UE making the request. Using the UEIN, the web service or other service protected by the API call filtering system can be secured against excessive request iterations from a set of rogue UEs while allowing for ordinary volumes of requests of requests the UEs, wherein one or more boundaries between what is deemed to be an ordinary volume of requests and what is deemed to be excessive request iterations are determined by predetermined criteria.
Shape Security | Date: 2017-06-28
Application programming interfaces (APIs) can be unintentionally exposed and allow for potentially undesirable use of corporate resources. An API call filtering system configured to monitor API call requests received via an endpoint and API call responses received via a supporting service of an API or web service. The API call filtering system enables enterprises to improve their security posture by identifying, studying, reporting, and securing their APIs within their enterprise network.
Shape Security | Date: 2016-05-06
A computer-implemented method for coordinating content transformation includes receiving, at a computer server subsystem and from a web server system, computer code to be served in response to a request from a computing client over the internet; modifying the computer code to obscure operation of the web server system that could be determined from the computer code; generating transformation information that is needed in order to reverse the modifications of the computer code to obscure the operation of the web server system; and serving to the computing client the modified code and the reverse transformation information.
Shape Security | Date: 2016-08-19
In an embodiment, a data processing system comprises one or more processors; script analysis logic coupled to the one or more processors and configured to obtain a particular electronic document from a server computer; script injection logic coupled to the one or more processors and configured to insert a set of script code into source code of the electronic document to result in producing a modified electronic document prior to providing the modified electronic document to a client computer; wherein the script code is configured to run upon loading in the client computer and to cause transforming, when running in the client computer, one or more values of one or more elements of the source code of the electronic document into obfuscated values of the one or more elements.
Shape Security | Date: 2016-02-25
Among other things, this document describes a computer-implemented security method such as for authenticated selection of security countermeasures and for reliable identification of computing devices. The method can include receiving, by a computing system, a request from a computing device for an electronic resource. The computing system can identify a security token received from the device that made the request. Based on the security token, particular security countermeasures can be selected that are to be applied to the electronic resource to be served in response to the request. The countermeasures can be operable to interfere with an ability of malware to interact with the served electronic resource when the served electronic resource is on the computing device. Portions of the electronic resource that are to be executed on the computing device can be re-coded using the selected particular security countermeasures.
Shape Security | Date: 2016-07-07
A computer-implemented method for securing a content server system is disclosed. The method includes identifying that a request has been made by a client computing device for serving of content from the content server system; serving, to the client computing device and for execution on the client computing device, reconnaissance code that is programmed to determine whether the client computing device is human-controlled or bot-controlled; receiving, from the reconnaissance code, data that indicates whether the client computing device is human-controlled or bot-controlled; and serving follow-up content to the client computing device, wherein the make-up of the follow-up content is selected based on a determination of whether the client computing device is human-controlled or bot-controlled.
Shape Security | Date: 2016-07-06
This document describes, among other things, a computer-implemented method for improving the security of one or more computing systems. The method can include receiving, at a computing system, first code that defines at least a portion of an electronic resource that is to be served to a client computing device. The method can include generating code that defines a challenge to be solved by the client computing device, in which the code is arranged to cause the client computing device to determine values for one or more parameters that comprise a solution to the challenge, and the values for the one or more parameters that comprise the solution to the challenge may be required for the client computing device to make valid requests to initiate one or more web-based transactions. The computing system can determine whether particular values for the parameters comprise a valid solution to the challenge.
Shape Security | Date: 2016-08-12
In one embodiment, a method of improving the security of a computing device comprises using a computing device that has received one or more messages that have been determined as unauthorized, obtaining a plurality of state data values from one or more of the computing device, the one or more messages, and a second computer; before admitting the one or more messages to a data communications network that the computing device is configured to protect: using the computing device and pseudo-random selection logic, based on the state data values, pseudo-randomly selecting a particular policy action from among a plurality of different stored policy actions; using the computing device, acting upon the one or more messages using the particular policy action; wherein the method is performed using one or more computing devices.
Shape Security | Date: 2016-05-18
In an embodiment, a method comprises intercepting a first set of instructions from a server computer that define one or more objects and one or more original operations that are based, at least in part, on the one or more objects; modifying the first set of instructions by adding one or more supervisor operations that are based, at least in part, on the one or more objects; transforming the one or more original operations to produce one or more transformed operations that are based, at least in part, on the one or more supervisor operations; rendering a second set of instructions which define the one or more supervisor operations and the one or more transformed operations; sending the second set of instructions to a remote client computer.
Shape Security | Date: 2016-08-01
The automated, real-time detection of specific blocks of code within a larger body of source code is described. Specific implementations relate to the detection of known code libraries in web page code to improve the efficiency of the generation of polymorphic transformations of the web page code for the purpose of impeding automated cyber-attacks.