Abstract: A method and system for collecting information on responses and their interpretation on a client device that requests access to a server. A request to access the server is received. If there was a response by the server for this request, then the response is being intercepted and is being injected with a client side language script to be executed by the requesting client side device. Information is collected at the server side from the execution of the injected client side language script by the client device.

Abstract: Methods, non-transitory computer readable media, rendezvous gateway (RG) apparatuses, and network security systems that send an RG synchronization message (SYN) to an application in a secure domain following receipt, from a client, of a client SYN comprising an indication of the application. A rendezvous agent (RA) SYN is received, via a firewall coupled to the security domain and in response to the RG SYN, from an RA in the secure domain. A first RG synchronization-acknowledgement message (SYN+ACK) is sent to the client in response to the client SYN. A second RG SYN+ACK is sent, via the firewall, to the RA in response to the RA SYN. The RA is notified of receipt of a client acknowledgement message (ACK) from the client. An RA ACK is received, from the RA and via the firewall, in response to the notification, to thereby establish a full connection between the client and the application.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that obtain a dictionary comprising a plurality of credentials and populate a probabilistic data structure based on the dictionary. A login request is received from a client and one or more credentials are extracted from the received login request. A determination of when the probabilistic data structure indicates that the extracted credentials are included in the dictionary is made. A mitigation action is initiated with respect to the client, when the determination indicates that the probabilistic data structure indicates that the extracted credentials are included in the dictionary. This technology more efficiently and effectively detects and mitigates brute force credential stuffing attacks advantageously using a reduced amount of resources.

Abstract: The disclosed technology includes accessing a first network application programming interface exposed by a first cloud provider of the plurality of cloud providers to identify a first pricing profile, the first pricing profile associated with the first Cloud provider. Upon identifying the first pricing profile, accessing a second network application programming interface exposed by a second cloud provider of the plurality of cloud providers to identify a second pricing profile, the second pricing profile associated with the second Cloud provider. A load balancing decision is determined comparing the identified first pricing profile with the identified second pricing profile. Next, the determined load balancing decision is executed on a monitored computing-traffic.

Abstract: Methods, non-transitory computer readable media, session director apparatuses, and network traffic management systems that facilitate packet data network (PDN) service slicing with microsegmentation in an evolved packet core are disclosed. With this technology, a create session request (CSR) general packet radio service (GPRS) tunneling protocol (GTP) control (GTP-c) message is intercepted. A lookup key is then determined based on content of the intercepted CSR GTP-c message. A PDN gateway (PGW) identifier for a PGW is obtained using a slice name obtained using the lookup key. The intercepted CSR GTP-c message is modified to include the obtained PGW identifier. Subsequently, the modified CSR GTP-c message is steered based on the obtained PGW identifier, such as directly to the PGW or to a serving gateway (SGW) module associated with the PGW.

Abstract: Network traffic management apparatuses, systems, methods, and computer-readable media for automatically detecting attack signatures and generating attack signature identifications, involving: collecting a stable dataset during a stable time; determining whether a cyber-attack is detected; when a cyber-attack is detected, periodically generating attack signatures and updating an enforcer with the attack signatures, the attack signatures representing dynamic rules to be enforced; validating the dynamic rules via a long-time validation mechanism, validating involving considering behavior of each dynamic rule after the cyber-attack and during a new cyber-attack and ranking each dynamic rule using the stable dataset, thereby generating persistent rules having a dynamic rule; exporting the persistent rules to a security enforcer; introducing the persistent rules to a persistent rule revocater; determining whether export of an unrevoked persistent rule is requested; and if requested, exporting the unrevoked persiste

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that receives a client access request to access content at one or more server devices. Fingerprint attributes associated with the client device are collected and utilized to identify potential fingerprints. Potential fingerprints are identified based on the collected fingerprint attributes. Previously validated fingerprints stored in a database are utilized to determine when the one of the potential fingerprints matches with one of a previously validated fingerprints stored in the database. The client device is authorized to access content requested in the client access request when the determination indicates that the one of the potential fingerprints matches with one of the plurality of previously validated fingerprints stored in the database.

Abstract: A method, non-transitory computer readable medium, and device includes monitoring a session layer and transport layer network traffic data received from a plurality of client computing devices and plurality of servers. A plurality of network traffic anomaly threshold values and a plurality of server health anomaly threshold values for the monitored session layer and the transport layer network traffic data are estimated. Whether a plurality of current network traffic anomaly values and a plurality of current server health anomaly values for the monitored network traffic data exceeds each of the corresponding estimated plurality of network traffic anomaly threshold values and the estimated plurality of server health anomaly threshold values, and whether the current plurality of network traffic anomaly values and the current plurality of server health anomaly values are not a false anomaly is determined. A mitigation action is initiated based on the determination.

Abstract: A method, non-transitory computer readable medium, and device that assists with SSL protected NTLM reauthentication includes receiving a connection reset message from a web application server. The received connection reset message is forwarded to the client computing device. A recent request including connection data to access a web application is received on a new connection as a response to the forwarded connection reset message from the client computing device. Next, it is determined whether the received recent request to access the web application including the connection data is identical to a stored connection data. The client computing device is re-authenticated and granted access to the requested web application to when the connection data is determined to be identical to the stored connection data.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that send a server response to a client request from a requesting client device to a service chaining device. A modified server response from the service chaining device is received based on a correlation of the server response to one or more service policies. A determination is made on whether the modified server response requires additional processing by one or more additional service chaining devices based on the modified server response. The processed server response is received from the one or more additional service chaining devices when the determination indicated processing was required. The processed server response is transmitted to the requesting client device.

Abstract: Methods, non-transitory computer readable media, and network traffic manager apparatus that assists managing security tokens based on security violations includes monitoring network traffic data between a client and a web application server. Next, the monitored network traffic data is determined for at least one security violation. One or more access tokens associated with the client is modified when the at least one security violation is detected in the monitored network traffic data. The client is restricted from accessing one or more web applications based on the modified one or more access tokens.

Abstract: Methods, non-transitory computer readable media, and mobile application manager apparatus that assists secured SCEP enrollment of client devices includes receiving a certificate signing request and an encrypted device key from an enrolled mobile device. The received certificate signing request is forwarded to a simple certificate enrollment protocol server upon determining a validity of the received encrypted device key. A signed device certificate is received from the simple certificate enrollment protocol server as a response to the forwarded certificate signing request. The secured simple certificate enrollment protocol enrollment is completed forwarding the signed device certificate to the enrolled mobile device.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that obtain an assigned Internet Protocol (IP) address from a DHCP server in response to an address request received from a client. One of a plurality of processing cores, on which a traffic management process is executing, is identified. The assigned IP address is modified based on the identified processing core. The modified IP address is sent to the client in response to the received address request. With this technology, connections associated with a same subscriber can advantageously be disaggregated to the same traffic management process.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that receive a request from a client to log into an application hosted by an application server. A determination is made when the client is authenticated in response to the request. Attribute(s) are extracted from the request, when the determining indicates that the client is authenticated. A first password is generated for the client. A record for the client stored at a global catalog server is identified based on the extracted attributes and the generated first password is injected into the identified record. Credential(s) including at least the generated first password are sent to the application hosted by the application server.

Abstract: Embodiments are directed to stateless communication using a stateful protocol. One or more NTMAs may establish a connection with a client computer based on data exchanged with a the client computer using the stateful protocol. The exchanged data may include validation information provided by the one or more NTMAs. The exchanged data and other information associated with the connection may be discarded from one or more memories of the one or more NTMAs. A network packet communicated over the network using the stateful protocol may be obtained. Verification information and candidate validation information may be generated based on one or more characteristics of the network packet. The network packet may be validated based on a comparison of the verification information and the candidate validation information. A reply that adheres to the stateful protocol may be provided to the client computer based on the validated network packet.

Abstract: Embodiments are directed towards managing communication over a network with a traffic management computer (TMC). If a network protocol associated with a network traffic is unknown, additional actions may be performed. Constant value recognition actions may be selected for one or more complex protocols. The one or more complex protocols may be the Teredo protocol, or another tunneling protocol. If constant value recognition conditions may be satisfied still further actions may be performed to determine the complex protocol. If a sufficient number of the action results are affirmative, one or more operations on the network traffic may be performed based on the complex protocol. And, the network traffic may be sent to a client or a server. Performing the operations on the network traffic may include providing an identity of another network protocol that may be encapsulated in the complex protocol.

Abstract: Methods, non-transitory computer readable media, and mobile application manager apparatus that assists with enhancing enforcement on compliance based on security violations includes obtaining security violation data associated with a plurality of enrolled mobile devices and identifying one or more of the plurality of enrolled mobile devices causing one or more security violations based on the obtained security violation data. One or more compliance policies are updated based on the obtained security violation data. A compliance check is performed on the identified one or more enrolled mobile devices causing the one or more security violations based on the updated one or more policies and initiating one or more compliance correction actions on the identified one or more enrolled mobile devices causing the one or more security violations.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that provide parameterized sub-policy evaluation for fine grain access control implemented by determining when there is a result for one of the plurality of sub-policies being evaluated for a received request for a resource during a session. The result for evaluation of the one of the plurality of sub-policies for the received request is used when the determination indicates the result is stored for the session. The one of the plurality of sub-policies is executed on the received request to obtain the result when the determination indicates the result is not stored for the session. The result for the one of the plurality of sub-policies from this execution is stored for the session.

Abstract: A method and system for improving the security and control of internet/network web application processes, such as web applications. The invention enables validation of requests from web clients before the request reaches a web application server. Incoming web client requests are compared to an application model that may include an allowed navigation path within an underlying web application. Requests inconsistent with the application model are blocked before reaching the application server. The invention may also verify that application state data sent to application servers has not been inappropriately modified. Furthermore, the invention enables application models to be automatically generated by employing, for example, a web crawler to probe target applications. Once a preliminary application model is generated it can be operated in a training mode. An administrator may tune the application model by adding a request that was incorrectly marked as non-compliant to the application model.

Abstract: A method and system for improving the security and control of internet/network web application processes, such as web applications. The invention enables validation of requests from web clients before the request reaches a web application server. Incoming web client requests are compared to an application model that may include an allowed navigation path within an underlying web application. Requests inconsistent with the application model are blocked before reaching the application server. The invention may also verify that application state data sent to application servers has not been inappropriately modified. Furthermore, the invention enables application models to be automatically generated by employing, for example, a web crawler to probe target applications. Once a preliminary application model is generated it can be operated in a training mode. An administrator may tune the application model by adding a request that was incorrectly marked as non-compliant to the application model.