Abstract: A method of monitoring and protecting access to an online service from an Account Take Over attack may include: providing a Traffic Inspector in signal communication with at least one client device for Internet browsing and with a web server having the online service residing therein; providing a Traffic Analyzer in signal communication with the Traffic Inspector; identifying, by the Traffic Inspector, each browsing session of the at least one client device on the online service; extracting and identifying, by the Traffic Analyzer, one or more usernames when a user performs authentication to the online service, analyzing traffic exchanged between the at least one client device and the web server; and collecting, by the Traffic Inspector, first characteristic data concerning unique and/or non-unique technical parameters and associating, by the Traffic Analyzer, the first characteristic data with respective identified one or more usernames.

Abstract: The present description relates to a method for predicting the identity of a user associated to an anonymous browsing session on an online service, comprising the steps of: providing a traffic inspector in signal communication with at least one client device for internet browsing and with a web server having an online service residing therein; providing a traffic analyzer in signal communication with the traffic inspector; identifying each browsing session of the client device on the online service; analyzing the traffic exchanged between the client device and the web server to extract and identify at least one username when a user performs authentication to the online service; collecting first characteristic data concerning unique and/or non-unique technical parameters and associating them with a respective identified username; storing the first characteristic data associated with each identified username in a database; identifying each anonymous browsing session of the client device on the online service; c

Abstract: Method for confirming the identity of a user in a browsing session of an online service, comprising the steps of: a) providing a web server in which an online service resides, in communication with a client device provided with a user interface; b) providing a database associated with the web server in which a plurality of data relating to one or more users registered to the online service are stored; c) providing a script residing in the client device; d) identifying via script each browsing session on the online service and associating it with a user registered to the online service when the latter performs authentication; e) collecting via script biometric data generated by said at least one user interface and associating them with the user when authenticated; f) generating via script machine learning templates as a result of processing the biometric data; g) storing the biometric data and the machine learning templates locally in the client device; h) generating a score associated with the user as a resul

Abstract: A method of monitoring and protecting access to an online service from Account Take Over comprising the steps of: identifying each browsing session of a client device on the online service; analyzing the traffic exchanged between the client device and the web server by the online service to extract and identify at least one username when a user performs authentication to the online service; collecting first characteristic data concerning unique and/or non-unique technical parameters and associating it with a respective identified username and with the client device; storing the first characteristic data; identifying each anonymous application browsing session of the client device on the online service and each anonymous web beacon generated in a respective anonymous virtual session of the client device on the online service; collecting second characteristic data concerning unique and/or non-unique technical parameters, and associating it with the anonymous application browsing session or with the anonymous we

Abstract: The present disclosure relates to a method for tracing malicious endpoints in direct communication with an application back end using TLS fingerprinting techniques, comprising the steps of: providing a reverse proxy configured to intercept the traffic exchanged between a client and an application back end; providing a processing unit in which a default algorithm resides and placed in signal communication with the reverse proxy; intercepting by means of the reverse proxy each TLS Client HELLO directed to the application back end and generating a TLS Client HELLO hash by means of the default algorithm; intercepting and processing by means of the reverse proxy each HTTP request generated by the client and directed to the application back end to extract the Client User Agent from the intercepted HTTP request; processing the Client User Agent by means of the default algorithm to generate a Client User Agent hash; processing by means of the default algorithm the TLS Client HELLO hash and the Client User Agent hash

Abstract: The present description relates to a method of monitoring and protecting access to an online service from account take over, comprising the steps of: providing a traffic inspector (1) in signal communication with at least one client device (2) and with a web server (4) having an online service residing therein; providing a traffic analyzer (5) in signal communication with the traffic inspector (1); identifying each browsing session of the client device (2) on the online service; analyzing the traffic exchanged between the client device (2) and the web server (4) to extract and identify at least one username when a user performs authentication to the online service; collecting first characteristic data concerning unique and/or non-unique technical parameters and associating them with a respective identified username; identifying each anonymous web beacon generated by the client device (2) on the online service, the web beacon being indicative of the fact that the client device (2) has started a fraudulent brow

Abstract: The present description relates to a method of monitoring and protecting access to an online service from account take over, comprising the steps of: providing a traffic inspector (1) in signal communication with at least one client device (2) for internet browsing and with a web server (4) having an online service residing therein; providing a traffic analyzer (5) in signal communication with the traffic inspector (1); identifying each browsing session of the client device (2) on the online service; analyzing the traffic exchanged between the client device (2) and the web server (4) to extract and identify at least one username when a user performs authentication to the online service; collecting first characteristic data concerning unique and/or non-unique technical parameters and associating them with a respective identified username; storing the first characteristic data associated with each identified username in a database (6); identifying each anonymous browsing session of the client device (2) on the

Abstract: The present description relates to a method of monitoring and protecting access to an online service from account take over, comprising the steps of: providing a traffic inspector (1) in signal communication with at least one client device (2) for internet browsing and with a web server (4) having an online service residing therein; identifying each browsing session of the client device (2) on the online service; analyzing the traffic exchanged between the client device (2) and the web server (4) to extract and identify at least one username when a user performs authentication to the online service; collecting first characteristic data concerning unique and/or non-unique technical parameters and associating them with a respective identified username; identifying each anonymous application session and each anonymous virtual session of the client device (2) on the online service; for each anonymous application session identified in the previous step, identifying an anonymous browsing session of the client devic

Abstract: A system for identifying Internet attacks may include: a Web server having a Web application residing therein; a Traffic inspector; and a Traffic Analyzer. The Traffic Inspector may add an agent code portion to DOM server code received from the Web server to thereby generate DOM client code, and may send the DOM client code to a Web browser residing in at least one client computer. The Web browser may automatically generate DOM rendered code. The agent code portion may automatically instruct the Web browser to send the DOM rendered code to the Traffic inspector. The Traffic Inspector may send at least the DOM client code and the DOM rendered code to the Traffic Analyzer. An algorithm application residing in the Traffic Analyzer may process the DOM rendered code and to compare the processed DOM rendered code with the DOM client code to identify at least one code difference.

Abstract: The present disclosure relates to a method of identifying and counteracting Internet attacks, of Man-in-the-Browser and/or Man-in-the-Middle and/or Bot attack types, comprising the steps of: generating a request by a Web browser, concerning a Web application residing in a Web server; sending the request by the Web browser to a box server, which is in signal communication with the Web server; receiving a server DOM code by the box server, which code has been automatically generated by the Web server according to the request; sending a service page code by the box server to the Web browser, in response to the request, the service page code comprising an obfuscated and polymorphic javascript code and/or HTML code; receiving and processing the javascript code and/or HTML code, by the Web browser, to automatically generate an asynchronous request, such that environment data of the Web server may be transmitted to the box server; processing the environment data by the box server, to identify Internet attacks; perfo

Abstract: The present disclosure relates to a system (1) and a method that employs such system (1) to detect and counteract Internet attacks of Man-in-the-Browser and/or Man-in-the-Middle type. The system (1) comprises a Traffic Inspector (2) in signal communication with a client computer (3) having a Web browser (4) residing therein for Internet browsing and with a Web server (5) having a Web application (6) residing therein. The Traffic Inspector (2) is configured to receive a request associated with the Web application (6) from the Web browser (4) and to send it to the Web browser (5), the Traffic Inspector (2) is configured to receive a DOM server code associated with the request from the Web server (5).

Abstract: The present disclosure relates to a method of identifying and counteracting Internet attacks, of Man-in-the-Browser and/or Man-in-the-Middle and/or Bot attack types, comprising the steps of: generating a request by a Web browser, concerning a Web application residing in a Web server; sending the request by the Web browser to a box server, which is in signal communication with the Web server; receiving a server DOM code by the box server, which code has been automatically generated by the Web server according to the request; sending a service page code by the box server to the Web browser, in response to the request, the service page code comprising an obfuscated and polymorphic javascript code and/or HTML code; receiving and processing the javascript code and/or HTML code, by the Web browser, to automatically generate an asynchronous request, such that environment data of the Web server may be transmitted to the box server; processing the environment data by the box server, to identify Internet attacks; perfo

Abstract: The present disclosure relates to a method of identifying and counteracting Internet attacks, of Man-in-the-Browser and/or Man-in-the-Middle and/or Bot attack types, comprising the steps of: generating a request by a Web browser, concerning a Web application residing in a Web server; sending the request by the Web browser to a box server, which is in signal communication with the Web server; receiving a server DOM code by the box server, which code has been automatically generated by the Web server according to the request; sending a service page code by the box server to the Web browser, in response to the request, the service page code comprising an obfuscated and polymorphic javascript code and/or HTML code; receiving and processing the javascript code and/or HTML code, by the Web browser, to automatically generate an asynchronous request, such that environment data of the Web server may be transmitted to the box server; processing the environment data by the box server, to identify Internet attacks; perfo

Abstract: A system and a method that employs such system to detect and counteract Internet attacks of Man-in-the-Browser and/or Man-in-the-Middle type are disclosed. The system comprises a Traffic Inspector in signal communication with a client computer having a Web browser residing therein for Internet browsing and with a Web server having a Web application residing therein. The Traffic Inspector is configured to receive a request associated with the Web application from the Web browser and to send it to the Web browser, the Traffic Inspector is configured to receive a DOM server code associated with the request from the Web server.