Abstract: Predictive execution of query flows in an application aware database environment. A repository of previously received and registered database queries along with at least corresponding metadata having information about database query flows generating the database queries is maintained. Application metadata corresponding to a subsequent database query is received. The repository is checked to determine if the application metadata matches one of the previously received and registered database query flows. One or more queries corresponding to the query flow from the repository is/are retrieved if a match is determined. Execution of the retrieved one or more database queries is started prior to receiving the query from outside the repository.

Abstract: Application-aware database environments. A repository of previously received and registered database queries is maintained that includes at least corresponding metadata having information about an application generating the database queries. A subsequent database query and application metadata corresponding to the subsequent database query can be received. The repository to determine if the subsequent database query and application metadata match one of the previously received database queries and application metadata. A matching previously received database query is retrieved from the repository if a match is determined. The retrieved database query is executed.

Abstract: The system identifies a data transmission path between a source node and a destination node in a computer network during a communication session. The transmission path includes one or more intermediary nodes used to transmit data from the source node to the destination node. The system identifies if the identified transmission path is one of a plurality of trusted transmission paths stored in a trusted transmission path table. When the identified transmission path is not one of the plurality of trusted transmission paths, the system generates a notification, which may include an instruction to terminate the communication session, a list comprising at least one of the plurality of trusted transmission paths and an instruction to transmit data using the at least one of the plurality of trusted transmission paths in the list, or an instruction to alert a customer that the at least one transmission path is not trusted.

Abstract: A user interface automation framework is described. A system records multiple user interface screenshots during a session of a user interacting with a user interface application executing on a host computer. The system records metadata associated with the host computer during the session. The system executes a test of the user interface application based on the multiple user interface screenshots and the metadata.

Abstract: By hooking application programming interfaces in an execution environment, the return address for hooked application programming interface calls can be logged and used to determine when a packed binary has been unpacked. In one approach, memory allocations are detected and the return address is checked against the memory regions allocated. In another approach, the contents of memory at the return address in a pre-execution copy of the executable binary is compared with the contents of memory at the return address in the executing copy of the binary. This allows efficient detection of the completion of unpacking without knowledge of the unpacking technique. The unpacked binary may then be analyzed for possible malware.

Abstract: Systems and methods for detection of domain generated algorithms (DGA) and their command and control (C&C) servers are disclosed. In one embodiment, such an approach includes examining DNS queries for DNS resolution failures, and monitoring certain set of parameters such as number of levels, length of domain name, lexical complexity, and the like for each failed domain. These parameters may then be compared against certain thresholds to determine if the domain name is likely to be part of a DGA malware. Domain names identified as being part of a DGA malware may then be grouped together. Once a DGA domain name has been identified, activity from that domain name can be monitored to detect successful resolutions from the same source to see if any of the successful domain resolutions match these parameters. If they match specific thresholds, then the domain is determined to be a C&C server of the DGA malware and may be identified as such.

Abstract: Behavioral authentication is described. A mobile device records a first location of the mobile device. The mobile device records a second location of the mobile device. The mobile device determines whether a route from the first location to the second location matches an expected route. The mobile device generates an access-enabling token in response to a determination that the route from the first location to the second location matches the expected route. The mobile device enables access to an entity by a user of the mobile device based on the mobile device providing the access-enabling token to the entity.

Abstract: Systems and methods for detection of domain generated algorithms (DGA) and their command and control (C&C) servers are disclosed. In one embodiment, such an approach includes examining DNS queries for DNS resolution failures, and monitoring certain set of parameters such as number of levels, length of domain name, lexical complexity, and the like for each failed domain. These parameters may then be compared against certain thresholds to determine if the domain name is likely to be part of a DGA malware. Domain names identified as being part of a DGA malware may then be grouped together. Once a DGA domain name has been identified, activity from that domain name can be monitored to detect successful resolutions from the same source to see if any of the successful domain resolutions match these parameters. If they match specific thresholds, then the domain is determined to be a C&C server of the DGA malware and may be identified as such.

Abstract: A testing model for heterogeneous client environments is enabled. A test of a computer system state transition may be specified. The test specification may include elements corresponding to test actions that cause the computer system state transition and elements corresponding to test conditions that are evaluated to generate the test results. A collection of pre-assembled executable components suitable for implementing specified tests at a wide variety of clients may be maintained, and particular test specifications may be mapped to a corresponding and optimal implementation subset of the collection. Test results may be determined based on one or more outputs of the implementation subset of executable components. A vendor and version independent browser driver may include code capable of identifying an operational set of browser capabilities among the superset of considered browser capabilities independent of vendor or version identification by a browser under test.

Abstract: The system identifies a data transmission path between a source node and a destination node in a computer network during a communication session. The transmission path includes one or more intermediary nodes used to transmit data from the source node to the destination node. The system identifies if the identified transmission path is one of a plurality of trusted transmission paths stored in a trusted transmission path table. When the identified transmission path is not one of the plurality of trusted transmission paths, the system generates a notification, which may include an instruction to terminate the communication session, a list comprising at least one of the plurality of trusted transmission paths and an instruction to transmit data using the at least one of the plurality of trusted transmission paths in the list, or an instruction to alert a customer that the at least one transmission path is not trusted.

Abstract: Predictive execution of query flows in an application aware database environment. A repository of previously received and registered database queries along with at least corresponding metadata having information about database query flows generating the database queries is maintained. Application metadata corresponding to a subsequent database query is received. The repository is checked to determine if the application metadata matches one of the previously received and registered database query flows. One or more queries corresponding to the query flow from the repository is/are retrieved if a match is determined. Execution of the retrieved one or more database queries is started prior to receiving the query from outside the repository.

Abstract: Application-aware database environments. A repository of previously received and registered database queries is maintained that includes at least corresponding metadata having information about an application generating the database queries. A subsequent database query and application metadata corresponding to the subsequent database query can be received. The repository to determine if the subsequent database query and application metadata match one of the previously received database queries and application metadata. A matching previously received database query is retrieved from the repository if a match is determined. The retrieved database query is executed.

Abstract: A user interface automation framework is described. A system records multiple user interface screenshots during a session of a user interacting with a user interface application executing on a host computer. The system records metadata associated with the host computer during the session. The system executes a test of the user interface application based on the multiple user interface screenshots and the metadata.

Abstract: Behavioral authentication is described. A mobile device records a first location of the mobile device. The mobile device records a second location of the mobile device. The mobile device determines whether a route from the first location to the second location matches an expected route. The mobile device generates an access-enabling token in response to a determination that the route from the first location to the second location matches the expected route. The mobile device enables access to an entity by a user of the mobile device based on the mobile device providing the access-enabling token to the entity.

Abstract: A testing model for heterogeneous client environments is enabled. A test of a computer system state transition may be specified. The test specification may include elements corresponding to test actions that cause the computer system state transition and elements corresponding to test conditions that are evaluated to generate the test results. A collection of pre-assembled executable components suitable for implementing specified tests at a wide variety of clients may be maintained, and particular test specifications may be mapped to a corresponding and optimal implementation subset of the collection. Test results may be determined based on one or more outputs of the implementation subset of executable components. A vendor and version independent browser driver may include code capable of identifying an operational set of browser capabilities among the superset of considered browser capabilities independent of vendor or version identification by a browser under test.

Abstract: By hooking application programming interfaces in an execution environment, the return address for hooked application programming interface calls can be logged and used to determine when a packed binary has been unpacked. In one approach, memory allocations are detected and the return address is checked against the memory regions allocated. In another approach, the contents of memory at the return address in a pre-execution copy of the executable binary is compared with the contents of memory at the return address in the executing copy of the binary. This allows efficient detection of the completion of unpacking without knowledge of the unpacking technique. The unpacked binary may then be analyzed for possible malware.

Abstract: A testing model for heterogeneous client environments is enabled. A test of a computer system state transition may be specified. The test specification may include elements corresponding to test actions that cause the computer system state transition and elements corresponding to test conditions that are evaluated to generate the test results. A collection of pre-assembled executable components suitable for implementing specified tests at a wide variety of clients may be maintained, and particular test specifications may be mapped to a corresponding and optimal implementation subset of the collection. Test results may be determined based on one or more outputs of the implementation subset of executable components. A vendor and version independent browser driver may include code capable of identifying an operational set of browser capabilities among the superset of considered browser capabilities independent of vendor or version identification by a browser under test.

Abstract: A testing model for heterogeneous client environments is enabled. A test of a computer system state transition may be specified. The test specification may include elements corresponding to test actions that cause the computer system state transition and elements corresponding to test conditions that are evaluated to generate the test results. A collection of pre-assembled executable components suitable for implementing specified tests at a wide variety of clients may be maintained, and particular test specifications may be mapped to a corresponding and optimal implementation subset of the collection. Test results may be determined based on one or more outputs of the implementation subset of executable components. A vendor and version independent browser driver may include code capable of identifying an operational set of browser capabilities among the superset of considered browser capabilities independent of vendor or version identification by a browser under test.

Abstract: A testing model for heterogeneous client environments is enabled. A test of a computer system state transition may be specified. The test specification may include elements corresponding to test actions that cause the computer system state transition and elements corresponding to test conditions that are evaluated to generate the test results. A collection of pre-assembled executable components suitable for implementing specified tests at a wide variety of clients may be maintained, and particular test specifications may be mapped to a corresponding and optimal implementation subset of the collection. Test results may be determined based on one or more outputs of the implementation subset of executable components. A vendor and version independent browser driver may include code capable of identifying an operational set of browser capabilities among the superset of considered browser capabilities independent of vendor or version identification by a browser under test.

Abstract: Systems and methods for detection of domain generated algorithms (DGA) and their command and control (C&C) servers are disclosed. In one embodiment, such an approach includes examining DNS queries for DNS resolution failures, and monitoring certain set of parameters such as number of levels, length of domain name, lexical complexity, and the like for each failed domain. These parameters may then be compared against certain thresholds to determine if the domain name is likely to be part of a DGA malware. Domain names identified as being part of a DGA malware may then be grouped together. Once a DGA domain name has been identified, activity from that domain name can be monitored to detect successful resolutions from the same source to see if any of the successful domain resolutions match these parameters. If they match specific thresholds, then the domain is determined to be a C&C server of the DGA malware and may be identified as such.