Abstract: A security gateway receives messages, such as URL requests, rejected by a message filter based on a set of rules. The security gateway maintains frequencies with which the messages were rejected by the rules. The security gateway finds rejected messages having a high frequency of occurrence. Since messages having a high frequency of occurrences are more likely to represent legitimate requests rather than malicious attacks, the security gateway generates exception rules, which would allow similar messages to pass through the gateway.

Abstract: An efficient method for parsing HTML pages identifies pages containing a mix of static and dynamic content. The pages are parsed to form abstract syntax trees (ASTs), which are then cached along with the pages. When a later version of a page is retrieved, it is compared against the cached version, and only those portions of the AST that contain different content are reparsed.

Abstract: A security gateway receives messages, such as URL requests, rejected by a message filter based on a set of rules. The security gateway maintains frequencies with which the messages were rejected by the rules. The security gateway finds rejected messages having a high frequency of occurrence. Since messages having a high frequency of occurrences are more likely to represent legitimate requests rather than malicious attacks, the security gateway generates exception rules, which would allow similar messages to pass through the gateway.

Abstract: A security gateway receives messages rejected by a message filter based on a set of rules. The security gateway also receives attributes of the rejected messages that triggered the rules. The security gateway maintains frequencies with which the messages with a particular attribute were rejected by the rules. The security gateway finds rejected messages or attributes having a high frequency of occurrence. Since messages or attributes having a high frequency of occurrences are more likely to represent legitimate requests rather than malicious attacks, the security gateway generates exception rules, which would allow messages that have similar attributes to pass through the gateway.

Abstract: A method of a device for filtering messages routing across a network includes extracting, by a filter configured on the device, a plurality of message components from messages received via a network. The plurality of message components is identified as having at least a field name in common, including a first field name. A learning engine configured on the device creates a list of data types for values of the first field name. The list includes one or more data types of a value of the first field name identified for each of the plurality of message components. The learning engine determines a most restrictive data type from the list of data types for the values of the first field name of the plurality of message components.

Abstract: A security gateway receives messages and extracts components thereof, typically in the form of field name-value pairs. The security gateway determines a data type of the values for individual field names to infer the most restrictive data type of the values for that field. The security gateway may then generates rules, which would block messages that do not have values that match the most restrictive data type. Since the most restrictive data type defines a data type of values for the field as narrowly as possible, the generated rules will make it more difficult for an intruder to guess a valid data type of a value. Since messages that have values that do not match the most restrictive data type are likely to represent malicious attacks, the more narrowly the data type of values is defined, the greater the number of illegitimate messages that will be blocked.

Abstract: The present disclosure provides solutions for an enterprise providing services to a variety of clients to enable the client to use the resources provided by the enterprise by modifying URLs received and the URLs from the responses from the servers to the client's requests before forwarding the requests and the responses to the intended destinations. An intermediary may identify an access profile for a clients' request to access a server via a clientless SSL VPN session. The intermediary may detect one or more URLs in content served by the server in response to the request using one or more regular expressions of the access profile. The intermediary may rewrite or modify, responsive to detecting, the one or more detected URLs in accordance with a URL transformation specified by one or more rewrite policies of the access profile. The response with modified URLs may be forwarded to the client.

Abstract: A security gateway receives messages transmitted between a server and a client device on a network and parses the messages into a plurality of data objects, such as strings and name-value pairs. The data objects may represent user personal identification information, such as user name, social security number, credit card number, patient code, driver's license number, and other personal identification information. The security gateway uses rules to recognize data objects and validate the data objects to determine whether the recognized data objects are appropriately included within the context. The security gateway may also perform an action on the data objects. Data objects that are not appropriately included in the context may be transformed, suppressed or disallowed.

Abstract: Systems and methods for configuring and evaluating policies that direct processing of one or more data streams are described. A configuration interface is described for allowing users to specify object oriented policies. These object oriented policies may allow any data structures to be applied with respect to a payload of a received packet stream, including any portions of HTTP traffic. A configuration interface may also allow the user to control the order in which policies and policy groups are executed, in addition to specifying actions to be taken if one or more policies are undefined. Systems and methods for processing the policies may allow efficient processing of object-oriented policies by applying potentially complex data structures to unstructured data streams. A device may also interpret and process a number of flow control commands and policy group invocation statements to determine an order of execution among a number of policies and policy groups.

Abstract: Systems and methods for configuring and evaluating policies that direct processing of one or more data streams are described. A configuration interface is described for allowing users to specify object oriented policies. These object oriented policies may allow any data structures to be applied with respect to a payload of a received packet stream, including any portions of HTTP traffic. A configuration interface may also allow the user to control the order in which policies and policy groups are executed, in addition to specifying actions to be taken if one or more policies are undefined. Systems and methods for processing the policies may allow efficient processing of object-oriented policies by applying potentially complex data structures to unstructured data streams. A device may also interpret and process a number of flow control commands and policy group invocation statements to determine an order of execution among a number of policies and policy groups.

Abstract: A computer thread utilizes an auxiliary stack resource to execute program code function calls requiring substantial stack memory resources. In a wrapper embodiment, portions of the program code having function calls requiring substantial stack resources are wrapped in a wrapper that calls an auxiliary stack resource for executing the function call and returns the auxiliary stack resource when the function call is completed. In one embodiment, the stack memory allocated to the thread is selected to accommodate a first class of function calls requiring comparatively low amounts of stack memory and the auxiliary stack resource is called to accommodate the requirements of a second class of function calls requiring comparatively large amounts of stack memory. The allocation of stack memory according to the requirements of function calls allows for multiple computing tasks, such as those carried out by Internet websites and services, to be carried out more efficiently.

Abstract: The invention is a method for debugging a machine code of a program that has been subjected to an optimizing action, wherein the machine code may have been reordered, duplicated, eliminated or transformed so as not to correspond with the program's source code order. The method derives a table which associates each machine code instruction with a source construct for which it was generated. The user sets a breakpoint at a breakpoint P in the source code where execution is to stop. Then the method determines at least one corresponding location for the breakpoint in the machine code through use of the table, and executes, by native execution or emulation, only machine code instructions which correspond to source constructs that precede the breakpoint in the source code order.