Title:
SECURITY DEVICE USING TRANSACTION INFORMATION COLLECTED FROM WEB APPLICATION SERVER OR WEB SERVER
Document Type and Number:
WIPO Patent Application WO/2017/171188
Kind Code:
A1
Abstract:
A security device using transaction information collected from a web application server or a web server of the present invention may comprise a management server which receives transaction information from a WAS plug-in agent installed in the web application server or a WEB plug-in agent installed in the web server, analyzes whether the transaction information is normal transaction information or abnormal transaction information, generates detection information according to the analysis result, and transmits a blocking command for the abnormal transaction to the WAS plug-in agent. According to the present invention, it is possible to detect attacks encrypted with SSL/TSL through an analysis of decrypted transaction information, and to respond to web hacking attacks at a session stage after normal login. In addition, according to the present invention, it is possible to collect various kinds of information decrypted in a memory of the web application server or the web server, and thus the present invention has the advantage of being able to perform various forms of statistical analysis.
Inventors:
LEE SEOK WOO (KR)
Application Number:
PCT/KR2016/013134
Publication Date:
October 05, 2017
Filing Date:
November 15, 2016
Export Citation:
Assignee:
ELEVISOR CO LTD (KR)
International Classes:
H04L29/06; G06F17/30; G06F21/55; H04L29/08
Foreign References:
KR20110081103A | 2011-07-13 | |||
KR20050036010A | 2005-04-20 | |||
KR101282297B1 | 2013-07-10 | |||
KR20100071747A | 2010-06-29 | |||
JP2015519776A | 2015-07-09 |
Attorney, Agent or Firm:
CHOI, Hoon Sik (KR)
Download PDF: