Shape Security | Date: 2017-05-17
An API call filtering system filters responses to API call requests received, via a network, from UEs. The API call filtering system is configured to require personalized API call requests wherein each API call (except for some minor exceptions) includes a unique UE identifier (UEIN) of the UE making the request. Using the UEIN, the web service or other service protected by the API call filtering system can be secured against excessive request iterations from a set of rogue UEs while allowing for ordinary volumes of requests of requests the UEs, wherein one or more boundaries between what is deemed to be an ordinary volume of requests and what is deemed to be excessive request iterations are determined by predetermined criteria.
Shape Security | Date: 2017-03-27
A computer-implemented method for identifying abnormal computer behavior includes receiving, at a computer server subsystem, data that characterizes subsets of particular document object models for web pages rendered by particular client computers; identifying clusters from the data that characterize the subsets of the particular document object models; and using the clusters to identify alien content on the particular client computers, wherein the alien content comprises content in the document object models that is not the result of content that is the basis of the document object model served.
Shape Security | Date: 2016-08-08
A computer-implemented method includes identifying, in web code to be served to a client, presence of code for generating a form; generating additional, executable code to be run on the client device, the additional, executable code being arranged to identify user input on the client device and modify the form so that data from the user input is received into one or more alternative fields of the form other than a first field to which a user performing the input directed the input; receiving a request from the client device based on completion of input into the form; and converting data from the received request so that data for the one or more alternative fields of the form is directed to the first field of the form for processing by a web server system that initially generated the web code.
Shape Security | Date: 2017-06-28
Application programming interfaces (APIs) can be unintentionally exposed and allow for potentially undesirable use of corporate resources. An API call filtering system configured to monitor API call requests received via an endpoint and API call responses received via a supporting service of an API or web service. The API call filtering system enables enterprises to improve their security posture by identifying, studying, reporting, and securing their APIs within their enterprise network.
Shape Security | Date: 2016-05-06
A computer-implemented method for coordinating content transformation includes receiving, at a computer server subsystem and from a web server system, computer code to be served in response to a request from a computing client over the internet; modifying the computer code to obscure operation of the web server system that could be determined from the computer code; generating transformation information that is needed in order to reverse the modifications of the computer code to obscure the operation of the web server system; and serving to the computing client the modified code and the reverse transformation information.
Shape Security | Date: 2016-08-19
In an embodiment, a data processing system comprises one or more processors; script analysis logic coupled to the one or more processors and configured to obtain a particular electronic document from a server computer; script injection logic coupled to the one or more processors and configured to insert a set of script code into source code of the electronic document to result in producing a modified electronic document prior to providing the modified electronic document to a client computer; wherein the script code is configured to run upon loading in the client computer and to cause transforming, when running in the client computer, one or more values of one or more elements of the source code of the electronic document into obfuscated values of the one or more elements.
Shape Security | Date: 2016-02-25
Among other things, this document describes a computer-implemented security method such as for authenticated selection of security countermeasures and for reliable identification of computing devices. The method can include receiving, by a computing system, a request from a computing device for an electronic resource. The computing system can identify a security token received from the device that made the request. Based on the security token, particular security countermeasures can be selected that are to be applied to the electronic resource to be served in response to the request. The countermeasures can be operable to interfere with an ability of malware to interact with the served electronic resource when the served electronic resource is on the computing device. Portions of the electronic resource that are to be executed on the computing device can be re-coded using the selected particular security countermeasures.
Shape Security | Date: 2016-07-07
A computer-implemented method for securing a content server system is disclosed. The method includes identifying that a request has been made by a client computing device for serving of content from the content server system; serving, to the client computing device and for execution on the client computing device, reconnaissance code that is programmed to determine whether the client computing device is human-controlled or bot-controlled; receiving, from the reconnaissance code, data that indicates whether the client computing device is human-controlled or bot-controlled; and serving follow-up content to the client computing device, wherein the make-up of the follow-up content is selected based on a determination of whether the client computing device is human-controlled or bot-controlled.
Shape Security | Date: 2016-07-06
This document describes, among other things, a computer-implemented method for improving the security of one or more computing systems. The method can include receiving, at a computing system, first code that defines at least a portion of an electronic resource that is to be served to a client computing device. The method can include generating code that defines a challenge to be solved by the client computing device, in which the code is arranged to cause the client computing device to determine values for one or more parameters that comprise a solution to the challenge, and the values for the one or more parameters that comprise the solution to the challenge may be required for the client computing device to make valid requests to initiate one or more web-based transactions. The computing system can determine whether particular values for the parameters comprise a valid solution to the challenge.
Shape Security | Date: 2016-08-12
In one embodiment, a method of improving the security of a computing device comprises using a computing device that has received one or more messages that have been determined as unauthorized, obtaining a plurality of state data values from one or more of the computing device, the one or more messages, and a second computer; before admitting the one or more messages to a data communications network that the computing device is configured to protect: using the computing device and pseudo-random selection logic, based on the state data values, pseudo-randomly selecting a particular policy action from among a plurality of different stored policy actions; using the computing device, acting upon the one or more messages using the particular policy action; wherein the method is performed using one or more computing devices.