Dynamically encrypted URLs (combined with cryptographically protected HTML forms) prevent anyone
from sending illegal requests or malicious user data to the application server. Absolutely no internal
information about the Web application is revealed to potential attackers. Attackers cannot see the
request details or the URL parameters because they are encrypted.
Dynamic white-listing with URL encryption = positive security model
→ no need for iterative re-learning!
URL encryption is transparent and requires no changes to the application. There is no learning phase necessary for the URL encryption and Smart Form protection engine to instantly protect a Web application. The configuration is very simple: At least one entry URL must be defined (see configuration below). All further links and documents accessible from that entry page are then automatically protected.
Step by step example:
The user requests the web application's entry page, e.g. https://www.myapp.demo
The web application returns an HTML document containing many links that lead to further pages of the same web application.
Airlock processes the document and encrypts all URLs, i.e. the path, file name and all parameters of an URL are cryptographically protected against tampering.
Beyond the entry page, all further requests must have encrypted URLs. Manipulated or unencrypted URLs will be blocked.
Correct requests are decrypted and the original plain text URL is sent to web application.
Click on the thumbnail image to see an illustration of the steps 2-4.
There is a separate article that explains how to use URL encryption.