A method of packet management for restricting access to a resource of a computer system. The method includes identifying client parameters and network parameters, as a packet management information, used to determine access to the resource, negotiating a session key between client and server devices, generating a session ID based on at least the negotiated session key, inserting the packet management information and the session ID into each information packet sent from the client device to the server device, monitoring packet management information in each information packet from the client device, and filtering out respective information packets sent to the server device from the client device when the monitored packet management information indicates that access to the resource is restricted.

Systems and methods may provide for receiving web content and determining a trust level associated with the web content. Additionally, the web content may be mapped to an execution environment based at least in part on the trust level. In one example, the web content is stored to a trust level specific data container.

The application relates in particular to a method for authentication of a secure electronic device (BNK_SRV) from a non-secured electronic device (PC, SP) comprising an input peripheral (KBD, MS, TS, CAM), an output peripheral (SCR, SPK, PRN) and a secure electronic circuit (TPM). The application also relates to a secure electronic circuit (TPM), a computer program and a storage medium arranged to implement such a method.

The disclosed computer-implemented method for protecting against misleading clicks on websites may include (i) detecting a user click event on a uniform resource locator (URL) for navigating to a website during a web browsing session, (ii) analyzing the user click event to identify expected domain behavior associated with navigating to the website based on the URL, (iii) determining, based on the analysis, that the user click event deviates from the expected domain behavior associated with navigating to the website based on the URL, and (iv) performing a security action that protects against potentially malicious activity caused by the user click event deviating from the expected domain behavior associated with navigating to the website based on the URL. Various other methods, systems, and computer-readable media are also disclosed.

A web page automated testing method and apparatus. In the web page automated testing method, target network interaction data sent by a browser to a server is obtained using a network proxy server. Then, a web page automated testing tool validates the target network interaction data, thereby implementing validation on network interaction data between the browser or a web page and the server. A network request in the target network interaction data is validated, which improves a capability of finding a web page defect, and a response message returned by the server is validated, which improves accuracy of a web page display validation result.

Provided are a harmful site collection device and method for determining a harmful site by analyzing a connection between harmful sites. The harmful site collection device extracts a URL linked to a web page of a harmful site; checks a link circulation on the basis of link information on a web page of the URL linked to the harmful site to determine whether the web page of the URL linked to the harmful site is a harmful site; and, when a URL of a prestored non-harmful site is extracted while the link circulation is checked, stops checking the link circulation that includes the URL of the non-harmful site. Accordingly, the harmful site collection device can more easily determine a harmful site merely with information on a URL linked to a web page and can reduce the amount of computation using information on a URL of a prestored non-harmful site.

Disclosed are a method, device and system for intercepting a web address. The method comprises: triggering an interception program pre-injected in a browser process; the interception program obtaining web address information of a network connection upon detecting a network connection operation, and determining whether the web address information is malicious web address information; and if the web address information is malicious web address information, the interception program instructing the browser process to stop accessing the malicious web address information. The present disclosure can interrupt a connection of a malicious URL in time.

Disclosed herein are techniques for protecting web applications from untrusted endpoints using remote browser isolation. In an example scenario, a browser isolation system receives a request from a client browser executing on a client device to connect with a remote application accessible via a private network. A surrogate browser is provided to facilitate communications between the client browser and the remote application. A security policy is enforced against the communications.

Methods, systems, and apparatuses for detecting a presence of a malicious application are disclosed. In an example, a method includes determining a prediction for human user interaction with webpage content of a website by identifying webpage elements in the webpage content, where the webpage elements are for human user interaction, and determining at least one of spatial density of cursor movements or cursor velocity vectors relative to the webpage elements that are indicative of human user interaction with the webpage content. The method further includes using the prediction for human user interaction with the webpage content to determine if received webpage interaction information from a client device is indicative of a presence of a malicious application. The method provides an indication of the presence of the malicious application if the received interaction information is indicative of the presence of a malicious application.

A device control system is associated with individual devices connected through a network control point to a gateway and thereby to the Internet. The gateway inserts an EDNS0 pseudo resource record into an additional data section in each DNS query initiated by an individual device, the EDNS0 pseudo resource record identifying the initiating device. A dynamic policy enforcement engine in front of the DNS engine intercepts the DNS query, identifies the initiating device, and selects a policy that applies to the device. The dynamic policy enforcement engine may provide parental control and security service to the individual device by blocking the DNS query or passing it to the DNS engine according to the policy. A component that intercepts DNS queries may provide several additional types of services to the individual devices, including advertising, messaging, mobile device tracking, individual device application control, and delivery of individualized content.