Abstract: In some examples, a method may include detecting a vulnerability in an application during execution on a first computing device. The method may include triggering a breakpoint based on the detecting, thereby pausing the execution of the application before execution of a portion of code that exploits the vulnerability. The method may include communicating a message indicating occurrence of the breakpoint. The method may include receiving a connection request from a second computing device in response to the message. The method may include resuming execution of the application from the breakpoint subject to a signal from the second computing device.

Abstract: Example embodiments disclosed herein relate to actively modify execution at runtime of an application under test (AUT). The AUT is executed using a real-time modifier. A security test is performed on the AUT. Execution of the AUT is modified at a decision point.

Abstract: In some examples, a system includes a scan execution engine and a scan adaptation engine. The scan execution engine may execute a scan of a web application hosted on a web host. During scan execution, the scan adaptation engine may adapt a subsequent scan portion for later execution based on a scan metric received from a monitoring agent that monitors the web application, the web host, or both.

Abstract: A method for attack detection includes: intercepting, by a runtime security agent, a request for a web resource; determining whether the intercepted request was triggered from an external website; determining whether the intercepted request was triggered from a current session; determining whether the intercepted request is requesting a static file type; and in response to a determination that the intercepted request was triggered from an external website and was not triggered from a current session, or a determination that the intercepted request was triggered from an external website and is not requesting a static file type, providing, by the runtime security agent, an indication of a potential attack.

Abstract: Examples disclosed herein relate to modifying a web page. In one example, in response to beginning execution of a process initiating generation of a web page of a web application at a server, a runtime agent is executed. In this example, the runtime agent modifies code of the web page to inject code to protect output of the web page. In the example, the process can be executed using the modified code to generate a modified web page.

Abstract: Examples relate to protection against database injection attacks. The examples disclosed herein enable intercepting a current database query prior to being executed by a database management system (DBMS). The examples disclosed herein further enable determining whether the current database query is suspected of having a security threat of a database injection attack by comparing the current database query with past database queries that have been intercepted prior to the interception of the current database query, and in response to determining that the current database query is not suspected of having the security threat of the database injection attack, storing the current database query in an allowed query list.

Abstract: Example embodiments disclosed herein relate to modifying execution of an application under test to act as if a user is a power user. The application under test is hosted in a real-time modifier. A security crawl is performed on the application under test logged in as the user. The user is treated as a power user.

Abstract: The present invention relates to methods, systems and apparatus for capturing, integrating, organizing, navigating and querying large-scale data from high-throughput biological and chemical assay platforms. It provides a highly efficient meta-analysis infrastructure for performing research queries across a large number of studies and experiments from different biological and chemical assays, data types and organisms, as well as systems to build and add to such an infrastructure. According to various embodiments, methods, systems and interfaces for identifying genes that are potentially associated with a biological, chemical or medical concept of interest.

Abstract: Example embodiments disclosed herein relate to determining a secure activity of an application under test (AUT). Execution of an application under test is monitored. During an attack vector, an application programming interface associated with a secure activity is determined. A message is sent to a security test that secure activity occurred.

Abstract: Example embodiments disclosed herein relate to generating a point-wise protection based capable of being implemented using a runtime agent. Security information including line of code information associated with possible vulnerabilities are processed to determine vulnerability solution recommendations. A vulnerability solution recommendation is presented. The point-wise protection is generated based on a selection input for the vulnerability solution recommendation, where the point-wise protection is capable of being implemented using a runtime agent.

Abstract: Example embodiments disclosed herein relate to generating a point-wise protection based on dynamic security analysis. Vulnerability solution recommendation are provided based on the dynamic security analysis. A point-wise protection is generated based on a selection of the vulnerability solution recommendation.

Abstract: Information stored in a Hypertext Transfer Protocol (HTTP) session is monitored. Based on the monitoring, authentication information in the information stored in the HTTP session is identified.

Abstract: Example embodiments disclosed herein relate to an approach for installing a runtime agent during a security test. A security test is initiated or performed on an application under test executing on a server. An application vulnerability associated with the application under test is determined. The application vulnerability is exploited to install the runtime agent on the server. The security test is continued using the runtime agent to receive additional information about the application under test.

Abstract: Example embodiments disclosed herein relate to generating a scanning strategy based on a dynamic taint module. A dynamic taint module associated with an application is caused to be initiated for a crawling phase of a security test. A report is received from the dynamic taint module. The dynamic taint module is restricted. The scanning strategy is based on the report.

Abstract: Example embodiments disclosed herein relate to real-time modification of an application under test (AUT). A security rest is performed on the AUT. A real-time modifier determines that a portion of a function to be executed by the AUT is unsafe. The real-time modifier modifies execution of the AUT to not execute the portion.

Abstract: Example embodiments disclosed herein relate to real-time modification of an application under test (AUT). A security rest is performed on the AUT. A real-time modifier determines that a portion of a function to be executed by the AUT is unsafe. The real-time modifier modifies execution of the AUT to not execute the portion.

Abstract: Example embodiments disclosed herein relate to actively modify execution at runtime of an application under test (AUT). The AUT is executed using a real-time modifier. A security test is performed on the AUT. Execution of the AUT is modified at a decision point.

Abstract: Example embodiments disclosed herein relate to generating a scanning strategy based on a dynamic taint module. A dynamic taint module associated with an application is caused to be initiated for a crawling phase of a security test. A report is received from the dynamic taint module. The dynamic taint module is restricted. The scanning strategy is based on the report.

Abstract: Example embodiments disclosed herein relate to modifying execution of an application under test to act as if a user is a power user. The application under test is hosted in a real-time modifier. A security crawl is performed on the application under test logged in as the user. The user is treated as a power user.

Abstract: A deferred shading graphics pipeline processor and method are provided encompassing numerous substructures. Embodiments of the processor and method may include one or more of deferred shading, a tiled frame buffer, and multiple?stage hidden surface removal processing. In the deferred shading graphics pipeline, hidden surface removal is completed before pixel coloring is done. The pipeline processor comprises a command fetch and decode unit, a geometry unit, a mode extraction unit, a sort unit, a setup unit, a cull unit, a mode injection unit, a fragment unit, a texture unit, a Phong lighting unit, a pixel unit, and a backend unit.