Abstract: Computerized methods and systems receive a request message from a client device that is addressed to a web server hosting at least one web application. the request message is analyzed to identify potential attack indicators that are present in the request message. Each potential attack indicator has a score. A reputation score is assigned to the request message that is associated with behavior of the client device relative other client devices sending request message to the web server. A composite score for the request message is calculated based in part on the scores of the potential attack indicators and the reputation score. The request message is handled in accordance with the calculated composite score.

Abstract: Computerized methods and systems receive a request message from a client device that is addressed to a web server hosting at least one web application. the request message is analyzed to identify potential attack indicators that are present in the request message. Each potential attack indicator has a score. A reputation score is assigned to the request message that is associated with behavior of the client device relative other client devices sending request message to the web server. A composite score for the request message is calculated based in part on the scores of the potential attack indicators and the reputation score. The request message is handled in accordance with the calculated composite score.

Abstract: A method of curing an encrypted computer virus present in a computer system includes analyzing encrypted data to determine at least one most frequently occurring encrypted byte in the encrypted data, calculating an encryption key based on the most frequently occurring encrypted byte and a corresponding expected original byte of original data and decrypting the encrypted data using the encryption key to restore the encrypted data to original data.

Abstract: A method of selecting a detection method for analyzing computer code for malicious code. The method provides a plurality of malicious code detection methods, wherein at least some of the malicious code detection methods require different amounts of time to analyze for malicious code. A fastest one of the malicious code detection methods is selected. Computer code is analyzed for malicious code using the selected malicious code detection method. A probability of accuracy of a result of the analysis is determined. A next fastest one of the malicious code detection methods is selected and the analyzing and determining steps repeated, if the probability of accuracy is below a predetermined level. A result of the analysis is outputted if the probability of accuracy is at or above the predetermined level.

Abstract: A method of curing an encrypted computer virus present in a computer system includes analyzing encrypted data to determine at least one most frequently occurring encrypted byte in the encrypted data, calculating an encryption key based on the most frequently occurring encrypted byte and a corresponding expected original byte of original data and decrypting the encrypted data using the encryption key to restore the encrypted data to original data.