Abstract: Described herein are methods, apparatus and systems for selectively delivering content through one of two communication channels, one being origin to client and the other being from or through a CDN to client. Thus a client may choose to request content from a CDN and/or from an origin server. This disclosure sets forth techniques for, among other things, distinguishing between which channel to use for a given object, using the CDN-client channel to obtain the performance benefit of doing so, and reverting to the origin-client channel where content may be private, sensitive, corrupted, or otherwise considered to be unsuitable from delivery from and/or through the CDN.

Abstract: Described herein are, among other things, systems and methods for synchronizing cookies across different domains, and leveraging such systems and methods for content delivery. For example, two parties hosting content under different domain names from one another may desire to synchronize identification or ‘ID’ cookies that hold identifiers for a given client and/or end-user, so that one or both of the parties can map a given identifier from one domain to the identifier used in the other domain. Without limitation, some techniques described herein leverage one or more proxy servers that may be part of a distributed computing platform known as a content delivery network. Further, by way of example, some of the techniques for cookie synchronization can be leveraged to accelerate the delivery of content on a website with content from multiple domains.

Abstract: Described herein are systems, method and devices for modifying web pages to enhance their performance. In certain non-limiting embodiments, improved resource consolidation techniques are described, which are sometimes referred to herein as ‘progressive’ consolidation. Such techniques can be used to consolidate page resources in a way that allows a client browser or other application to process each of the consolidated resources after it arrives, even if all the client has not fully retrieved all of the consolidated resources yet. The teachings hereof can be used, for example, to modify a markup language document (HTML) to consolidate CSS, JavaScript, images, or other resources referenced therein.

Abstract: A computer-implemented method, system, and computer program product for detecting and monitoring server side state during the scanning of a web application. The method includes: monitoring executed code of the web application while scanning the web application; retrieving code coverage information from the monitoring of the executed code and retrieving scanning information from the scanning of the web application; correlating the code coverage information with the scanning information; and determining a change in the server side state based on the correlation. The system includes one or more devices that executes the steps of the method. The computer program products includes computer program instructions stored on a computer readable storage medium, where the instructions, when executed, will cause a computer to perform the steps of the methods.

Abstract: A system and method for automated security testing are disclosed. The disclosure provides for automated discovery of security vulnerabilities through the monitoring of activities that occur throughout the separate components of a computing platform during a testing session through a communications interface.

Abstract: Preventing Cross-Site Request Forgery (CSRF) security attacks on a server in a client-server environment comprises: embedding a nonce and a script in all responses from the server to the client, the script adapted for executing to add the nonce to each request from the client to the server; sending the response with the nonce and the script to the client; and verifying that each request from the client includes the nonce. The script preferably modifies all objects, including dynamically generated objects, in a server response that may generate future requests to the server to add the nonce to the requests. The server verifies the nonce value in a request and optionally confirms the request with the client if the value is not the same as the value previously sent by the server. Server-side aspects might be embodied in the server or a proxy between the server and the client.

Abstract: A method, system, and computer program product for cross-domain access prevention are provided. The method includes detecting a request from a first domain to access a second domain, and applying cross-domain access heuristics to determine whether to allow the request. The cross-domain access heuristics define common ownership characteristics between the first domain and the second domain. The method further includes performing the requested access in response to determining that the request complies with at least one of the cross-domain access heuristics, and blocking the requested access in response to determining that the request fails to comply with the cross-domain access heuristics.

Abstract: Preventing Cross-Site Request Forgery security attacks on a server in a client-server environment. In one aspect, this comprises embedding a nonce and a script in all responses from the server to the client wherein, when executed, the script adds the nonce to each request from the client to the server; sending the response with the nonce and the script to the client; and verifying that each request from the client includes the nonce sent by the server to the client. The script preferably modifies all objects, including dynamically generated objects, in a server response that may generate future requests to the server to add the nonce to the requests. The server verifies the nonce value in a request and optionally confirms the request with the client if the value differs from the value previously sent. Server-side aspects might be embodied in the server or a proxy.

Abstract: A method for preventing malicious code being embedded within a scripting language of a web application accessed by a web browser (308), the method comprising: monitoring all incoming traffic (310), generated by the web browser, and outgoing traffic (326) generated by a server (318) to form monitored traffic; determining whether a unique element, defined in a configuration file, is matched with an input value of the monitored traffic to form a matched input value; responsive to a determination that the unique element is matched with an input value of the monitored traffic, saving the matched input value, determining whether an output contains the matched input value in an expected location; responsive to a determination that the output contains the matched input value in an expected location, encoding the matched input value using a respective definition from the configuration file; and returning the output (330) to the requester.

Abstract: Testing a computer software application by identifying a sink in the computer software application, identifying a source associated with the sink in the application, identifying an entry point associated with the source in the application, where the source is configured to receive input provided externally to the application via the entry point, determining a sink type represented by the sink, and providing to a testing application information identifying the entry point and in association with the sink type.

Abstract: A transformation tree for an object model (OM) is defined. The transformation tree has nodes interconnected by edges, where each node is connected to at most one other tree node. Each node corresponds to a state of the OM; each edge corresponds to an event causing the OM to transition from the state of one node to the state of another node. A transformation graph for the OM is constructed by simulating the transformation tree. The transformation graph has nodes interconnected by edges, and is a directed graph in which each node is connected to one or more other nodes. Each node corresponds to a state of the OM; each edge corresponds to an event causing the OM to transition from the state of one node to the state of another node. Crawling-oriented actions are performed in relation to the OM by being performed in relation to the transformation graph.

Abstract: A computer-implemented process for two-tier deep analysis of hypertext transport protocol data, monitors Web traffic, receives a packet of Web traffic from a network to form a received packet, wherein the received packet represents Web traffic, and stores the Web traffic temporarily to form stored Web traffic. The computer-implemented process further determines whether the Web traffic is suspicious using a first tier analysis and responsive to a determination that the Web traffic is suspicious, consumes the stored Web traffic using a deep analysis module. The computer-implemented process further determines whether the stored Web traffic is a case of misuse using a second tier analysis and responsive to a determination that the stored Web traffic is a case of misuse, feeding back data about a malicious connection to an intrusion protection system before returning to monitor the Web traffic.

Abstract: A crawler including a document retriever configured to retrieve a first computer-based document, a link identifier configured to identify an actual string within the computer-based document as being a hyperlink-type string, and a static analyzer configured to perform static analysis of an operation on a variable within the first computer-based document to identify a possible string value of the variable as being a hyperlink-type string, where any of the strings indicate a location of at least a second computer-based document.

Abstract: Preventing Cross-Site Request Forgery security attacks on a server in a client-server environment. In one aspect, this comprises embedding a nonce and a script in all responses from the server to the client wherein, when executed, the script adds the nonce to each request from the client to the server; sending the response with the nonce and the script to the client; and verifying that each request from the client includes the nonce sent by the server to the client. The script preferably modifies all objects, including dynamically generated objects, in a server response that may generate future requests to the server to add the nonce to the requests. The server verifies the nonce value in a request and optionally confirms the request with the client if the value differs from the value previously sent. Server-side aspects might be embodied in the server or a proxy.

Abstract: A computer implemented method, a data processing system, and a computer usable recordable-type medium having a computer usable program code monitor a black box web application security scan. A black box scan of a web application is initiated. The black box scan sends a test is sent to a plurality of web application inputs of the web application. A runtime analysis is performed on the black box scan of the web application. Based on the run time analysis of the black box scan, the black box scan is modified.

Abstract: A computer-implemented process for two-tier deep analysis of hypertext transport protocol data, monitors Web traffic, receives a packet of Web traffic from a network to form a received packet, wherein the received packet represents Web traffic, and stores the Web traffic temporarily to form stored Web traffic. The computer-implemented process further determines whether the Web traffic is suspicious using a first tier analysis and responsive to a determination that the Web traffic is suspicious, consumes the stored Web traffic using a deep analysis module. The computer-implemented process further determines whether the stored Web traffic is a case of misuse using a second tier analysis and responsive to a determination that the stored Web traffic is a case of misuse, feeding back data about a malicious connection to an intrusion protection system before returning to monitor the Web traffic.

Abstract: A system, method and computer program product for incremental static analysis, including a change impact analyzer for identifying a changed portion of a computer software (e.g.

Abstract: A method and system for modifying web pages, including dynamic web pages, based on automated analysis wherein web pages are transformed based on transformation instructions in nearly real-time, and wherein analysis is performed and transformation instructions based on the analysis are prepared prior to a request for the web page. The system has two primary components, an analyzer which asynchronously and repeatedly analyzes web pages creating and updating transformation instructions relating to the web pages, and a transformer which intercepts traffic to a web server in response to a request for the web page, receives the returned web pages, and transforms them based on stored transformation instructions.

Abstract: Preventing Cross-Site Request Forgery (CSRF) security attacks on a server in a client-server environment. In one aspect, this comprises embedding a nonce and a script in all responses from the server to the client wherein, when executed, the script adds the nonce to each request from the client to the server; sending the response with the nonce and the script to the client; and verifying that each request from the client includes the nonce sent by the server from the server to the client. The script preferably modifies all objects, including dynamically generated objects, in a server response that may generate future requests to the server to add the nonce to the requests. The server verifies the nonce value in a request and optionally confirms the request with the client if the value is not the same as the value previously sent by the server. Server-side aspects might be embodied in the server or a proxy between the server and the client.

Abstract: A computer-implemented method, system, and computer program product for detecting and monitoring server side state during the scanning of a web application. The method includes: monitoring executed code of the web application while scanning the web application; retrieving code coverage information from the monitoring of the executed code and retrieving scanning information from the scanning of the web application; correlating the code coverage information with the scanning information; and determining a change in the server side state based on the correlation. The system includes one or more devices that executes the steps of the method. The computer program products includes computer program instructions stored on a computer readable storage medium, where the instructions, when executed, will cause a computer to perform the steps of the methods.