The accessibility and convenience of the Internet rapidly changed the way people access information. The World Wide Web (“WWW”), usually referred to as “the Web”, is the most popular means for retrieving information available through the Internet. The Web gives users access to a vast number of resources from locations around the world. In addition, the Web allows enterprises and organizations to expose their business information and functionality on the Web through software applications, usually referred to as “Web applications”.
A significant problem facing enterprises is the vulnerability of Web applications, databases and Web sites to attacks from malicious, irresponsible, or criminally minded individuals or organizations. As many web applications today utilize command scripts to perform a variety of tasks the number of client-side script attacks in web-applications has been rapidly increasing. A command script, or script code, typically is a computer file containing a sequence of text commands and arguments that conform to a particular scripting language. Examples for two recent harmful client-side script attacks include JavaScript (JS) hijacking and cross-site request forgery (CSRF).
The AJAX technology allows asynchronous and on-demand loading of dynamically generated content. For example, a piece of dynamically generated HTML content or XML document can be loaded in response to a user action. This technology, on one hand, can improve the responsiveness of web applications and enhance the end user experience, and on the other hand, a malicious web site can easily hijack pages from other web sites.
FIG. 1 provides an example for a JS hijacking attack in which an attacker server 110 retrieves confidential information from a trusted server 120 through a client 130. The trusted server 120 runs a web-application compliant with the AJAX technology. The client 130 and server 120 use Javascript to communicate with each other. For example, to get credit card information from a URL in the trusted server 120, the client 130 executes a function (e.g., XMLHttpRequest) that queries server 120 using a HTTP GET request. The server 120 responds with the credit card information in the form of Javascript code. The Javascript code contains a call to a client side function, which upon its execution presents the credit card information. The HTTP GET requests are responded to only during a valid session between the trusted server 120 and client 130.
The attacker creates a web page that contains a script element with a source (src) pointing to the URL that includes the credit card information. In addition, the attacker overrides the function that presents the credit card information with a new function that sends the credit card details to the attacker server 110. In order to get the credit card information, the attacker needs to lure web users to visit the attacker's web page (e.g., using spam emails). When a user follows the link to the attacker's site in server 110 and there is a valid session with the trusted server 120, the client 130 sends the information from the trusted server 120 to the attacker server 110 (using the overridden display function).
CSRF is another type of security vulnerability detected in web-based applications. Such vulnerability is generated by loading into a client's browser, e.g., client 130, HTML elements or Javascript code that generate an authenticated HTTP request to a target site in the trusted server 120. The CSRF allows modifying information stored by the trusted server 120.
Prior art solutions for preventing scripting attacks have not been sufficiently effective. Such solutions include changing the functionality of web-applications. In most cases this is a very costly task that also cannot be applied to any type of software (e.g., third party modules). Other solutions include static analysis of a script programs or validating the results of a script program. These solutions are disclosed in US patent applications 2007/0113282 and 2007/0107057, each of which is incorporated herein by reference for its useful background descriptions of the state of the art heretofore.
In the view of the shortcoming of prior art approaches it would be advantageous to provide an efficient solution for preventing scripting attacks of web applications.