Abstract: Information stored in a Hypertext Transfer Protocol (HTTP) session is monitored. Based on the monitoring, authentication information in the information stored in the HTTP session is identified.

Abstract: Example embodiments relate to assessing dynamic security scans using runtime analysis and static code analysis. In example embodiments, a system performs static code analysis of a web application to identify reachable code and/or data entry points, where the data entry points are used to determine an attack surface size for the web application. At this stage, the system may initiate runtime monitoring for a dynamic security scan of the web application, where the runtime monitoring detects invocation of a statement at one of the data entry points. The invocation is logged as an invocation entry that comprises invocation parameters and/or code units that were executed in response to the invocation. The system may then determine an attack surface coverage of the dynamic security scan using the invocation entry and the attack surface size and/or a reachable code coverage using the invocation entry and the reachable code.

Abstract: Example embodiments disclosed herein relate to generating a point-wise protection based on dynamic security analysis. Vulnerability solution recommendation are provided based on the dynamic security analysis. A point-wise protection is generated based on a selection of the vulnerability solution recommendation.

Abstract: Examples relate to detection of email-related vulnerabilities. The examples disclosed herein enable monitoring, at a runtime, application programming interface (API) calls made by a server-based application for the API calls related to at least one of a plurality of email protocols. A request to obtain a first set of data indicating a result of a vulnerability attack may be received from a vulnerability scanner. The examples disclosed herein enable identifying, at the runtime, an API call that has been made based on the vulnerability attack in response to receiving the request. The first set of data may be obtained, at the runtime, based on the API call. The examples disclosed herein further enable providing the first set of data to the vulnerability scanner to detect a vulnerability in the first set of data.

Abstract: Example embodiments disclosed herein relate to unused parameters. A request to a web page of an application under test is made. It is determined whether the web page includes one or more unused parameter fields. Another request to the web page of the application under test is made using one or more parameters corresponding to the unused parameter fields.

Abstract: Examples relate to detection of email-related vulnerabilities. The examples disclosed herein enable monitoring, at a runtime, application programming interface (API) calls made by a server-based application for the API calls related to at least one of a plurality of email protocols. A request to obtain a first set of data indicating a result of a vulnerability attack may be received from a vulnerability scanner. The examples disclosed herein enable identifying, at the runtime, an API call that has been made based on the vulnerability attack in response to receiving the request. The first set of data may be obtained, at the runtime, based on the API call. The examples disclosed herein further enable providing the first set of data to the vulnerability scanner to detect a vulnerability in the first set of data.

Abstract: Information stored in a Hypertext Transfer Protocol (HTTP) session is monitored. Based on the monitoring, authentication information in the information stored in the HTTP session is identified.

Abstract: Example embodiments disclosed herein relate to unused parameters. A request to a web page of an application under test is made. It is determined whether the web page includes one or more unused parameter fields. Another request to the web page of the application under test is made using one or more parameters corresponding to the unused parameter fields.

Abstract: Example embodiments relate to assessing dynamic security scans using runtime analysis and static code analysis. In example embodiments, a system performs static code analysis of a web application to identify reachable code and/or data entry points, where the data entry points are used to determine an attack surface size for the web application. At this stage, the system may initiate runtime monitoring for a dynamic security scan of the web application, where the runtime monitoring detects invocation of a statement at one of the data entry points. The invocation is logged as an invocation entry that comprises invocation parameters and/or code units that were executed in response to the invocation. The system may then determine an attack surface coverage of the dynamic security scan using the invocation entry and the attack surface size and/or a reachable code coverage using the invocation entry and the reachable code.