Abstract: A method, non-transitory computer readable medium, and device that assists with improving web scanner accuracy includes receiving a sitemap document associated with a webpage from an application security manager apparatus. The received sitemap document associated with the webpage is scanned. Next, one or more vulnerabilities are identified in the scanned sitemap associated with the webpage. A report including the identified one or more vulnerabilities is provided.

Abstract: A method, non-transitory computer readable medium, and device that assists with improving web scanner accuracy includes receiving a sitemap document associated with a webpage from an application security manager apparatus. The received sitemap document associated with the webpage is scanned. Next, one or more vulnerabilities are identified in the scanned sitemap associated with the webpage. A report including the identified one or more vulnerabilities is provided.

Abstract: A method, non-transitory computer readable medium, and device for analyzing network traffic and enforcing network policies includes analyzing network traffic data based on one or more network traffic rules. An attack on the network such as a current or predicted attack is determined based on the analysis. Next, one or more policy changes to a plurality of existing network policies are identified when the current or predicted attack on the network is determined to be present. The identified one or more policy changes are enforced on one or more client computing devices causing the determined current or the predicted attack on the network.

Abstract: A method and system for collecting information on responses and their interpretation on a client device that requests access to a server. A request to access the server is received. If there was a response by the server for this request, then the response is being intercepted and is being injected with a client side language script to be executed by the requesting client side device. Information is collected at the server side from the execution of the injected client side language script by the client device.

Abstract: Methods, non-transitory computer readable media, anomaly detection apparatuses, and network traffic management systems that generate, based on the application of one or more models and for a first flow associated with a received first set of network traffic, one or more likelihood scores and at least one flow score based on the likelihood scores. One or more of the one or more models are associated with one or more browsing patterns for a web application to which the first set of network traffic is directed. A determination is made when the flow score exceeds a threshold. A mitigation action is initiated, based on a stored policy, with respect to the first set of network traffic, when the determining indicates that the flow score exceeds the established threshold.

Abstract: Identifying potential network attacks on servers and protecting the servers from those potential attacks until the associated client requests can be confirmed as either legitimate or an actual attack is disclosed. Client requests for server resources are received by a network traffic management device (NTMD). The NTMD initially responds to the client requests on behalf of the associated servers. The initial responses include client side language scripts for execution by the clients. Executing the scripts causes the clients to resend their initial requests identified as a potential attack by the NTMD along with information indicating the client's legitimacy, such as the result of a computational JavaScript challenge. The NTMD receives the resent initial request, determines it was sent from a legitimate requestor and is therefore not an attack, and forwards it to the associated server.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that obtain a dictionary comprising a plurality of credentials and populate a probabilistic data structure based on the dictionary. A login request is received from a client and one or more credentials are extracted from the received login request. A determination of when the probabilistic data structure indicates that the extracted credentials are included in the dictionary is made. A mitigation action is initiated with respect to the client, when the determination indicates that the probabilistic data structure indicates that the extracted credentials are included in the dictionary. This technology more efficiently and effectively detects and mitigates brute force credential stuffing attacks advantageously using a reduced amount of resources.

Abstract: A method, non-transitory computer readable medium, and device includes monitoring a session layer and transport layer network traffic data received from a plurality of client computing devices and plurality of servers. A plurality of network traffic anomaly threshold values and a plurality of server health anomaly threshold values for the monitored session layer and the transport layer network traffic data are estimated. Whether a plurality of current network traffic anomaly values and a plurality of current server health anomaly values for the monitored network traffic data exceeds each of the corresponding estimated plurality of network traffic anomaly threshold values and the estimated plurality of server health anomaly threshold values, and whether the current plurality of network traffic anomaly values and the current plurality of server health anomaly values are not a false anomaly is determined. A mitigation action is initiated based on the determination.

Abstract: Client requests for server resources are received by a network traffic management device (NTMD). The NTMD initially responds to the client requests on behalf of the associated servers. The initial responses include client side language scripts for execution by the clients. Executing the scripts causes the clients to resend their initial requests identified as a potential attack by the NTMD along with information indicating the client's legitimacy, such as the result of a computational JavaScript challenge. The NTMD receives the resent initial request, determines it was sent from a legitimate requestor and is therefore not an attack, and forwards it to the associate server.

Abstract: Methods, non-transitory computer readable media, anomaly detection apparatuses, and network traffic management systems that generate, based on the application of one or more models and for a first flow associated with a received first set of network traffic, one or more likelihood scores and at least one flow score based on the likelihood scores. One or more of the one or more models are associated with one or more browsing patterns for a web application to which the first set of network traffic is directed. A determination is made when the flow score exceeds a threshold. A mitigation action is initiated, based on a stored policy, with respect to the first set of network traffic, when the determining indicates that the flow score exceeds the established threshold.

Abstract: Embodiments are directed towards using policy rules that may be extended by scripting operative on a traffic management device. Each policy rule may have a condition and a corresponding action. If the condition is a script, a script engine separate from the policy engine may be employed to execute the script to determine if the condition is met. Otherwise, the policy engine may determine if the condition is met based on declarative expressions that comprise the condition. If the condition is met the action corresponding to the policy rule may be executed. Scripts may be used to compute the values of operands that may be used in one or more of the expression that comprise a condition for a policy rule. Also, the action corresponding to a policy rule may be implemented using a script that is executed by a script engine.

Abstract: Methods, non-transitory computer readable media, anomaly detection apparatuses, and network traffic management systems that generate, based on the application of one or more models and for a first flow associated with a received first set of network traffic, one or more likelihood scores and at least one flow score based on the likelihood scores. One or more of the one or more models are associated with one or more browsing patterns for a web application to which the first set of network traffic is directed. A determination is made when the flow score exceeds a threshold. A mitigation action is initiated, based on a stored policy, with respect to the first set of network traffic, when the determining indicates that the flow score exceeds the established threshold.

Abstract: Methods, non-transitory computer readable media, and security management computing devices are disclosed herein. With this technology, an executable code is sent to a client. The executable code is configured to obtain information associated with the client, assemble the information into a fingerprint, and return the fingerprint. A determination is made when the fingerprint is returned from the client. When the determining indicates that the fingerprint has been returned, a determination is made when a record of a reputation database matches the fingerprint. Historical data in the record is updated to include information associated with the request and an action is initiated based on the historical data or other data included in the record. The action includes blocking an access request or providing access to a requested resource to the client, when the determining indicates that the record of the reputation database matches the fingerprint.

Abstract: Methods, non-transitory computer readable media, application security management apparatuses, and network traffic management systems that obtain a reputation score for a client. A server is selected based on the reputation score and a session is established with the server. Interaction(s) with an application hosted by the server are monitored. The reputation score for the client is updated based on the interaction(s). A remote fingerprint database and client-side scripts and cookies can be used to obtain reputation scores generated in different domain(s). With this technology, reputations scores are used to direct sessions for relatively benign clients and relatively malicious clients to different server devices so that if the relatively malicious clients conduct a successful attack, only a subset of the servers will be unavailable, and the relatively benign clients will still have access to application(s) hosted by another subset of servers unaffected by the attack.

Abstract: A method, non-transitory computer readable medium, and device that identifies network traffic characteristics to correlate and manage one or more subsequent flows includes transmitting a monitoring request comprising one or more attributes extracted from an HTTP request received from a client computing device and a timestamp to a monitoring server to correlate one or more subsequent flows associated with the HTTP request. The HTTP request is transmitted to an application server after receiving an acknowledgement response to the monitoring request from the monitoring server. An HTTP response to the HTTP request is received from the application server. An operation with respect to the HTTP response is performed.

Abstract: Embodiments are directed towards managing communication over a network assist application classification using predicted subscriber behavior. Subscriber information associated with a network flow may be determined. Prediction information that includes application identifiers may be generated based on the subscriber information. A classification engine may determine the applications associated with the network flow based on the prediction information and the network flow using a plurality of application classifiers that correspond to the applications. If an application identifier included in the prediction information is correspondent to an application classifier, the application may be determined based on the correspondent application classifier; otherwise the application is determined based on the remainder of the application classifiers. A policy for managing the network flow may be determined based on the determined application.

Abstract: Embodiments are directed towards managing communication over a network with a packet traffic management device that performs delayed proxy action. The PTMD includes a buffer for buffering network traffic. Also, the PTMD includes proxy data paths and standard data paths. Network policies associated with the network flows may be determined using the buffered data. If a determined network policy includes proxy policy rules it is a proxy network policy. Then the network flows are associated with a proxy data path. If the buffer is exhausted, the network flow is associated with a standard data path before a policy is determined. Otherwise, if the network policy includes only standard policy rules, the network flows are moved to a standard data path. After the network flow is associated with a data path, the network traffic may be communicated until it is closed or otherwise terminated.

Abstract: A system and method for preventing web scraping which includes receiving a request between a web client and a web server for the web client to receive web content. A client side language script is injected into a response to be sent to the requesting web client, wherein the client side language script contains an event listener to detect a keystroke and/or a mouse movement at the web client. Information is collected from the client side language script relating to whether the keystroke and/or the mouse movement were detected. The web client is selectively allowed to access the web server to receive the web content based on the collected information.

Abstract: A method, non-transitory computer readable medium, and traffic management computing device that obtains one or more parameters for a packet. Firewall policies each corresponding to a logical firewall are applied to the parameters for the packet. A policy log for each of at least a subset of the firewall policies or a hit count for one or more of rules in an access list of each of the subset of the firewall policies is generated. The policy log includes an indication of one or more actions corresponding to at least one rule in the access list of each of the subset of the firewall policies, wherein the at least one rule matches one or more of the parameters of the packet. At least one of the generated policy log or hit counts for one or more of the at least a subset of the firewall policies is output.

Abstract: A system and method for preventing web scraping which includes receiving a request between a web client and a web server for the web client to receive web content. A client side language script is injected into a response to be sent to the requesting web client, wherein the client side language script contains an event listener to detect a keystroke and/or a mouse movement at the web client. Information is collected from the client side language script relating to whether the keystroke and/or the mouse movement were detected. The web client is selectively allowed to access the web server to receive the web content based on the collected information.