The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.
Computer fraud, such as credential stuffing, advanced application denial of service attacks, ratings manipulation, fake account creation, reserving rival goods attacks, ballot stuffing attacks, web site scraping attacks, vulnerability assessments, and stack fingerprinting attacks, is big business for fraudsters. As a specific example, fraud can be perpetrated by obtaining financial or personally identifying information that end users provide while using a browser to communicate with an application server computer. In an exploit commonly termed “Man in the Browser”, a user's computer can be infected with malicious code that collects data from legitimate communications, such as communications with the user's bank. After the communications have been decrypted, for example, by a web browser on the user's computer, the malicious code may gather data that is displayed in particular fields or sections in the decrypted web page and provide the data to a malicious user or computer. Malicious code may perform actions on a legitimate user's behalf, using already established trust communication channels and trusted browser environments.
Malicious code may also gather data that is entered by a user before the user's data is encrypted and sent to the intended recipient. For example, a user may enter account information into a web browser that is displaying a web page from the user's bank. The web page may be a login page to access the user's account information and funds. The malicious code may scan particular fields in the web page for the user's account information before the user's account information is encrypted and sent to the user's bank, and then send data obtained from those fields to a malicious user or computer. Web browsers were first developed and deployed in the early 1990's, and thus there has been a need to improve browser security, web server security, web-based application security, and data security at and/or between end points.