Abstract: Preserving web page functionality through dynamic analysis of host web pages. Web pages accessed by a user device may be monitored. The web browser may apply a blocking policy that blocks an external domain from loading functional content into the web page, which results in a breakage in the web page. The breakage in the web page may be identified through a dynamic analysis of the web page and correlated with the functional content from the blocked external domain. Once identified and correlated, the blocking policy may be modified to allow the external domain to load the functional content and reloading the web page.

Abstract: The disclosed computer-implemented method for dynamic formjacking protection may include identifying a sensitive data input field element on a webform loaded in a browser, creating a secure isolated container overlaid on the identified sensitive data input field element, and collecting, via the secure isolated container, real input data intended for the sensitive data input field element. The method may also include inserting dummy data into the sensitive data input field element and intercepting a form submit request from the webform to a destination. The method may further include determining whether the destination is a trusted destination, and when the destination is determined to be the trusted destination, modifying the form submit request to allow the real input data to be sent to the trusted destination. The method may also include sending the form submit request to the destination. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Distinguishing between functional tracking domains and nonfunctional tracking domains on a host web page. In particular, a list of known tracking domains that load content into host web pages may be received. This list of tracking domains may include tracking domains that are functional and tracking domains that are nonfunctional. The tracking domains that are functional may be determined by evaluating various behaviors and characteristics of the tracking domains. Once functional tracking domains have been determined, these functional tracking domains may be allowed, and other tracking domains may be blocked from loading content onto host web pages thereby preserving the functionality of the web pages.

Abstract: The disclosed computer-implemented method for utilizing user profile data to protect against phishing attacks may include (i) detecting a target user profile associated services accessed by a network-based application, (ii) determining identifiers associated with each of the services, (iii) extracting, for each of the identifiers, feature vectors describing exploitable screen elements in the network-based application associated with phishing attacks, (iv) updating, based on the feature vectors, previously extracted feature vectors in a data repository storing additional profiles for other users associated with the services, (v) predicting, utilizing a machine-learning model, phishing attack threats for target profile user based on a similarity with the additional profiles, and (vi) performing a security action that protects against the phishing attack threats. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Systems and methods for identifying and removing a tracking capability from an external domain that performs a tracking activity on a host web page. Tracking capabilities of an external domain may be removed by altering web requests and/or responses to API calls. Once these tracking capabilities of the external domain have been removed, the altered web requests and/or altered responses to API calls may be transmitted to a web browser and/or entity making the API call thereby protecting user privacy while allowing the external domain to interact with the host web page.

Abstract: Protecting against a tracking parameter in a web link. In one embodiment, a method may include receiving an input URL during a browser navigation session on a user device, the input URL including parameters, determining that the parameters include a tracking parameter, pausing the browser navigation session on the user device, launching the input URL in a headless browser that operates in an isolated environment that simulates one or more features of the user device, landing on a destination web page in the isolated environment, identifying a URL of the destination web page as a destination URL, and resuming the browser navigation session on the user device by replacing the input URL, which includes the tracking parameter, with the destination URL, which does not include the tracking parameter, in order to protect the user device from the tracking parameter.

Abstract: Identifying and removing a tracking capability from an external domain that performs a tracking activity on a host web page. Tracking capabilities of an external domain may be removed by altering web requests and/or responses to API calls. Once these tracking capabilities of the external domain have been removed, the altered web requests and/or altered responses to API calls may be transmitted to a web browser and/or entity making the API call thereby protecting user privacy while allowing the external domain to interact with the host web page.

Abstract: The disclosed computer-implemented method for providing web tracking transparency to protect user data privacy may include (i) receiving a browser request for target websites during a browsing session, (ii) identifying a tracking type for website trackers utilized by the target websites, the tracking type including a direct tracking type or a tracking sharing type, (iii) extracting an information category for the target websites, (iv) detecting text patterns shared between the target websites in a common information category, (v) determining information collected about a user by the website trackers by combining the tracking type for the website trackers, the information category for the target websites, and the detected text patterns, and (v) performing a security action that protects against unsolicited website tracking in future browsing sessions by providing the information collected by the website trackers to the user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Uniform Resource Locator (URL) transformation and redirection with access control. A method may include registering for an account with a secure redirection application; requesting, from the secure redirection application, a unique site identifier for an online entity; receiving, from the secure redirection application, the unique site identifier; submitting user data and the received unique site identifier to the online entity; receiving, from the online entity, a unique URL generated by the secure redirection application, in response to submitting the user data and the received unique site identifier to the online entity; and actuating the unique URL to be directed to the online entity.

Abstract: Thwarting data leakage from a webpage. In some embodiments, a method may include detecting, at a browser on the network device, a visit to the webpage, directing a headless browser on the network device to visit the webpage in parallel to the browser visiting the webpage, detecting, at the headless browser, data leakage from the webpage, presenting, at the browser, a notification regarding the data leakage that allows a user to indicate whether the data leakage should be allowed, receiving, at the browser, an indication that the data leakage should not be allowed, and in response to receiving the indication that the data leakage should not be allowed, thwarting the data leakage by performing a remedial action at the network device to protect the network device from the data leakage.

Abstract: Thwarting an impersonation attack using online decoy text. In one embodiment, a method may include intercepting first actual text submitted online by a first user, generating decoy text to replace the first actual text, sending the decoy text for posting online, training a machine learning model using the decoy text to make the machine learning model capable of recognizing a decoy language pattern in the decoy text, intercepting second actual text submitted to a web server by a second user purporting to be the first user, determining, using the machine learning model, that a language pattern in the second actual text matches the decoy language pattern in the decoy text, and, in response, determining that the second user is impersonating the first user in an impersonation attack and thwarting the impersonation attack by performing a remedial action at the web server to protect the web server from the impersonation attack.

Abstract: Securing a network device from a malicious embedded script hosted on a third-party domain. In one embodiment, a method may include detecting an attempt by a browser executing on a network device to load a webpage that embeds a reference to a script hosted on a third-party domain, compiling a list of domains that host webpages that embed references to the script hosted on the third-party domain, identifying reputation scores for the domains in the list of domains, generating a risk score for the script based on the identified reputation scores, determining that the script is malicious based on the generated risk score being above a threshold risk score, and, in response to determining that the script is malicious, performing a security action on the network device that secures the network device from the malicious script.