Abstract: According to one or more embodiments of the disclosure, the techniques herein are directed toward a dynamic transaction-aware web application authentication using call intercepts. In one embodiment, a method comprises: intercepting, by a monitoring process, calls made for transactions within an executing application; determining, by the monitoring process, whether a particular intercepted call triggers an enhanced user authentication requirement for a particular transaction; initiating, by the monitoring process in response to the particular intercepted call triggering the enhanced user authentication requirement, a corresponding challenge to adequately authenticate a user for the particular transaction; and allowing, by the monitoring process, the particular intercepted call to proceed for the particular transaction in response to an adequately authenticated user for the particular transaction.

Abstract: In one embodiment, an agent inserts instrumentation into a Java Platform Module System in which a plurality of Java modules of an application is executed. The agent captures, using the instrumentation, an access check failure for an inter-module operation between the Java modules. The agent overrides, using the instrumentation, the access check failure. The agent reports the captured access check failure to a user interface.

Abstract: In one embodiment, an agent executed by a device detects an invocation that is made using Java reflection of a method associated with a microservice. The agent instruments the invocation of the method associated with the microservice, to capture one or more metrics regarding the microservice. The agent optimizes the invocation of the method associated with the microservice. The agent provides the one or more metrics regarding the microservice to a user interface.

Abstract: In one embodiment, a device of a first security type obtains an application message for an application transaction along with a transaction ID. The device inserts an instruction related to the application transaction into a first header of the application message, and sends the application message downstream. The device may then receive an application response message from a downstream device in response to the application message, the downstream device of a second security type different from the first security type, the application response message having a reply to the instruction in a second header of the application response message and the transaction ID correlating the application response message to the application transaction. As such, the device may then perform one or more reactive actions in response to the reply to the instruction. In another embodiment, the downstream device conversely receives the instruction and inserts the reply.

Abstract: In one embodiment, a software agent profiler process attaches to an application and a primary instrumentation interface for the application, and discovers one or more software agents associated with the application. The software agent profiler process may then launch the one or more software agents within an encapsulated container environment of the software agent profiler process by configuring each of the one or more software agents, respectively, to point to a proxy instrumentation interface of the software agent profiler process instead of the primary instrumentation interface for the application. As such, the software agent profiler process may receive calls from the one or more software agents on the proxy instrumentation interface of the software agent profiler process, and can manage the calls from the one or more application agents prior to the calls being passed to the primary instrumentation interface for the application.

Abstract: In one embodiment, a process on a computer receives a callback in response to an intercepted outbound web service connection called by an application executing on the computer. The process extracts information from the callback, e.g., at least a URL for the outbound web service connection and a code location within the application from which the outbound web service connection was called. Additionally due to the callback, the process obtains access to a core TCP socket for the outbound web service connection. The process determines how to modify socket options of the core TCP socket based on selected criteria according to the extracted information from the callback, and may then modify the socket options of the core TCP socket according to the determining. The modified socket options thus cause downstream network devices to handle traffic on the outbound web service connection based on the modified socket options.

Abstract: In one embodiment, a software agent profiler process attaches to an application and a primary instrumentation interface for the application, and discovers one or more software agents associated with the application. The software agent profiler process may then launch the one or more software agents within an encapsulated container environment of the software agent profiler process by configuring each of the one or more software agents, respectively, to point to a proxy instrumentation interface of the software agent profiler process instead of the primary instrumentation interface for the application. As such, the software agent profiler process may receive calls from the one or more software agents on the proxy instrumentation interface of the software agent profiler process, and can manage the calls from the one or more application agents prior to the calls being passed to the primary instrumentation interface for the application.

Abstract: In one embodiment, a device instruments an application to generate OpenTelemetry trace data during execution of the application. The device detects an occurrence of a security event during execution of the application. The device identifies a correlation between the security event and the OpenTelemetry trace data. The device provides an indication of the security event in conjunction with the OpenTelemetry trace data, based on the security event being correlated with the OpenTelemetry trace data.

Abstract: In one embodiment, a device loads a security manager into a runtime of an application that is configured to permit or deny permission checks within the application. An agent executed by the device identifies a call to the security manager to perform a particular permission check. The agent determines, based on a policy, determines whether the call represents a runtime application self-protection (RASP) policy violation. The agent raises a RASP security exception, when the agent determines that the call represents a RASP policy violation.

Abstract: In one embodiment, an agent executed by a device detects an invocation that is made using Java reflection of a method associated with a microservice. The agent instruments the invocation of the method associated with the microservice, to capture one or more metrics regarding the microservice. The agent optimizes the invocation of the method associated with the microservice. The agent provides the one or more metrics regarding the microservice to a user interface.

Abstract: In one embodiment, webpage data for a webpage is downloaded by a web browser executed by a client device. The client device inserts instrumentation into the webpage data to collect event metrics for events associated with the webpage. The client device selects, based on a user-defined policy, a set of event metrics from among the collected event metrics to be shared with a proxy service. The client device sends the selected set of event metrics to the proxy service. The proxy service provides access to the set of event metrics to one or more collectors registered with the proxy service.

Abstract: In one embodiment, a client device accesses an online application via a browser executed by the client device. The client device makes an assessment as to whether the online application uses Hypertext Transfer Protocol (HTTP) security headers that satisfy a security header policy. The client device generates scoring for the webpage based on the assessment. The client device presents the generated scoring to a user of the client device.

Abstract: In one embodiment, an agent inserts instrumentation into a Java Platform Module System in which a plurality of Java modules of an application is executed. The agent captures, using the instrumentation, an access check failure for an inter-module operation between the Java modules. The agent overrides, using the instrumentation, the access check failure. The agent reports the captured access check failure to a user interface.

Abstract: In one embodiment, a device launches a core agent for a Java application. The core agent loads a first tenant and a second tenant, each tenant having its own isolated class loader. The device instruments, via the core agent and by each tenant, the Java application to capture data regarding execution of the Java application. The device provides the captured data to a user interface.

Abstract: In one embodiment, a proxying agent loaded at application startup loads a circuit breaker framework into a class loader, and also loads a circuit breaker proxy into an extension class loader seen by the proxying agent and by the application. The proxying agent may also instrument selected methods of the application, such that, when calling to run an instrumented method: an ID of the circuit breaker proxy is set to a trackable context, and the proxy execution may be held until exit of the run method (and if exit of the run method is due to a particular exception, an exception of the proxy may also be set to reflect the particular exception). The circuit breaker may then monitor the proxy for latency, exceptions, and circuit breaker trip criteria, and stops the run method in response to the latency, exceptions, or circuit breaker trip criteria surpassing a particular respective threshold.

Abstract: In one embodiment, a process on a computer for dynamic application component auditing is disclosed, the process includes automatically identifying, by an agent, all application components in an application. The process includes determining, by the agent, manifest information for the identified application components. The process includes accessing, by the agent, an alias file to convert the determined manifest information to align with corresponding information in a vulnerability database. The process includes using a Web service to query the vulnerability database to search for a match with the converted manifest information. The process includes responsive to the query, creating an audit report of the application components.

Abstract: In one embodiment, a device of a first security type obtains an application message for an application transaction along with a transaction ID. The device inserts an instruction related to the application transaction into a first header of the application message, and sends the application message downstream. The device may then receive an application response message from a downstream device in response to the application message, the downstream device of a second security type different from the first security type, the application response message having a reply to the instruction in a second header of the application response message and the transaction ID correlating the application response message to the application transaction. As such, the device may then perform one or more reactive actions in response to the reply to the instruction. In another embodiment, the downstream device conversely receives the instruction and inserts the reply.

Abstract: In one embodiment, a proxying agent loaded at application startup loads a circuit breaker framework into a class loader, and also loads a circuit breaker proxy into an extension class loader seen by the proxying agent and by the application. The proxying agent may also instrument selected methods of the application, such that, when calling to run an instrumented method: an ID of the circuit breaker proxy is set to a trackable context, and the proxy execution may be held until exit of the run method (and if exit of the run method is due to a particular exception, an exception of the proxy may also be set to reflect the particular exception). The circuit breaker may then monitor the proxy for latency, exceptions, and circuit breaker trip criteria, and stops the run method in response to the latency, exceptions, or circuit breaker trip criteria surpassing a particular respective threshold.

Abstract: In one embodiment, a process on a computer receives a callback in response to an intercepted outbound web service connection called by an application executing on the computer. The process extracts information from the callback, e.g., at least a URL for the outbound web service connection and a code location within the application from which the outbound web service connection was called. Additionally due to the callback, the process obtains access to a core TCP socket for the outbound web service connection. The process determines how to modify socket options of the core TCP socket based on selected criteria according to the extracted information from the callback, and may then modify the socket options of the core TCP socket according to the determining. The modified socket options thus cause downstream network devices to handle traffic on the outbound web service connection based on the modified socket options.

Abstract: In one embodiment, an agent process associated with a particular application on a computing device intercepts outbound connection calls made by the particular application for a remote target host within a computer network, and determines an application context for the outbound connection call based on the particular application and one or more features of the outbound connection call. The agent process may then compare the application context against a set of application-context-aware firewall policies configured on the agent process, and determines whether to allow or not allow (block) the outbound connection call based on the comparing of the application context to the set of application-context-aware firewall policies.