A method and system for detecting client-side cross-site scripting exploitation attacks according to an embodiment are disclosed. The method includes downloading an access list from a remote server; capturing a request to access an external resource, wherein the request is initiated by a script executed over the web browser, wherein the external web resource is external to the web browser executed on a client device; determining, based on the access list, if the requested external web resource can be accessed; and applying a mitigation action on the request to access the external web resource when it is determined that the external web resource cannot be accessed.

The present disclosure relates to a system, a method, and a non-transitory computer readable storage medium for deep packet inspection scanning at an application layer of a computer. A method of the presently claimed invention may scan pieces of data received out of order without reassembly at an application layer from a first input state generating one or more output states for each piece of data. The method may then identify that the first input state includes one or more characters that are associated with malicious content. The method may then identify that the data set may include malicious content when the first input state combined with one or more output states matches a known piece of malicious content.

A system and method for participating in and operating a distributed computing pool are disclosed. Computing pools combine computational resources from a plurality of computing devices over a network by splitting jobs into smaller jobs and distributing those smaller jobs to the computing devices so that they can be solved in parallel with little or no overlap in the work performed. The computing devices attempt to find solutions to the smaller jobs. Solutions found are signed and submitted back to the pool. The pool uses the signature to confirm the true origin of the solution and that the solution has not been tampered with.

A system that has a plurality of controllers of a vehicle configured to execute functions of the vehicle as well as a gateway of the vehicle configured to secure communications between the plurality of controllers and resources of the controllers. To secure the communication, the gateway can be configured to generate links between the controllers and host devices having the resources according to a stored group of approved devices as well as establish, via the links, secured channels for communication between the controllers and the host devices. The system can also include a caching buffer, configured to hold data to be stored to and retrieved from data storage nodes of a distributed data storage system of the vehicle. The distributed data storage system can be configured to store data used by operations performed by the controllers and the gateway.

A system for facilitating a plurality of virtual transmission control protocol connections between a target application and a source application is provided. The system includes a server proxy, a client proxy, and a network protection interposed between the server proxy and the client proxy. The server proxy is configured to receive an open request from the client proxy via a stateless protocol, including a target identifier, the open request originating from the source application, open a connection between the server proxy and the target application based on the target identifier, provide a response to the client proxy indicating a status of the open request, the response including at least one of a session identifier or a sequence identifier, receive, a data request from the client proxy, including the session identifier and an incremented sequence identifier, and provide the data request to the target application.

A request for a confidential web page, and in response, can transmit an HTML code snippet to a browser running on a network device coupled to the data communication network to determine whether JavaScript is enabled locally at the network device. The confidential web page can be, for example, a log in, or other sensitive or personal data, vulnerable to browser-based intrusions. Responsive to detecting that JavaScript has been disabled, restricts subsequent communication by the network device, wherein the application firewall requires enabling of JavaScript to continue to the confidential web page. On the other hand, responsive to detecting that JavaScript has not been disabled, allowing the request for the confidential web page to proceed.

Various arrangements for performing secure domain name system (DNS) routing are presented. A secure signature may be generated using an internet protocol (IP) address of an authorized device. An encoded character string may be generated that comprises the IP address. The domain name server may receive a request for an IP address mapped to the hostname. The hostname may be validated using the secure signature. The IP address of the authorized device may be decoded from the encoded character string at least partially in response to the hostname being validated by the domain name server. The IP address decoded from the encoded character string may be transmitted at least partially based on the hostname being validated and the request for the IP address.

In an embodiment, process for providing a secure remote workspace includes accessing, via a first client application, a remote desktop application. The process includes activating, within the remote desktop, a second client application to provide access to a task. The process includes obtaining user input in connection with executing the task, and transmitting user input information associated with the execution of the task to a server.

Techniques are described for using a decentralized group of authentication server nodes to prevent singular dependence upon any given online platform for authenticating avatars. For each epoch duration of time, a consensus protocol operating on a blockchain is used to elect an authentication server node. The elected node can then act as an authentication server on behalf of the online platform for that fixed epoch duration of time. Within this epoch of time, a client device (e.g., used by a user to access an online platform) performs a periodic heartbeat authentication with the elected authentication server node using an efficient authentication protocol that relies on a keyed-hashing mechanism. A client device can use the described system and authentication methods concurrently with multiple different online platforms (e.g., separate metaverses or other virtual worlds).

A policy-controlled authorization system for managing tokens used to access services in a cloud based multi-tenant system. The policy-controlled authorization system includes a local application that executes on a client device, a policy component including a plurality of policies, and a mid-link server, coupled to the client device. A request for access to a service on a remote application running on a remote instance of a web server is provided by the local application. A token is required to access the service. A correlator correlates the token with the plurality of tokens for identifying a policy from the plurality of policies associated with the token. A token inspector authorizes the token for accessing the service based on the correlation. Based on the authorization, either the token is authorized for access to the service via the remote application, or the token is blocked when unauthorized to prevent access to the service.