Abstract: Certain aspects of the present disclosure provide techniques for Scripting attack detection and mitigation. A method generally includes receiving a first report indicating a first violation for a first security policy applied to a first web application; identifying a first plurality of features associated with the first violation; classifying the first violation as a first JavaScript attack based on the first plurality of features; and taking action to mitigate the first JavaScript attack on the first web application.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which detects and defends against malware in-flight regardless of the specific nature and methodology of the underlying attack. The analytic server learns the system's normal behavior during testing and evaluation phase and trains a machine-learning model based on the normal behavior. The analytic server monitors the system behavior during runtime comprising the runtime behavior of each sub-system of the system. The analytic server executes the machine-learning model and compares the system runtime behavior with the normal behavior to identify anomalous behavior. The analytic server executes one or more mitigation instructions to mitigate malware. Based on multiple available options for mitigating malware, the analytic server makes an intelligent decision and takes the least impactful action that have the least impact on the system to maintain mission assurance.

Abstract: Malicious homoglyphic domain name (MHDN) detection and associated cyber security applications are described. A domain name may be received that may be a potential MHDN. Homoglyphic domain name detection may be performed by, for example, generating a normalized character string corresponding to the input domain name by applying one or more normalization operations to the input domain name, wherein the one or more normalization operations may be configured to reduce homoglyphic characteristics in the input domain name; and generating a plurality of segmentations of the normalized character string, wherein generating each segmentation, of the plurality of segmentations, may comprise segmenting the normalized character string into a respective plurality of segments, and wherein each segmentation may comprise a different plurality of segments. A segmentation may be selected based on cost values corresponding to each respective segmentation determined using a cost function.

Abstract: A vehicle log transmission device includes: a vehicle log division processor that generates one or more divided logs; existing identifier storage that stores an existing identifier list, which is a list of identifiers corresponding to existing divided logs generated by dividing an existing vehicle log shared between the vehicle log transmission device and a vehicle log analysis server; a vehicle log transmission necessity determiner that determines that a divided log corresponding to an identifier present in the existing identifier list is a first divided log, and that a divided log corresponding to an identifier not present in the existing identifier list is a second divided log; and a vehicle-side communicator that transmits the identifier corresponding to the first divided log to the vehicle log analysis server, and transmits the second divided log to the vehicle log analysis server.

Abstract: An apparatus comprises a processing device configured to monitor for events associated with users interacting with an e-commerce platform, to identify an event type of a given event associated with a given user interacting with the e-commerce platform, and to select, based on the identified event type, at least one of a plurality of machine learning models configured to characterize different types of potentially malicious behavior on the e-commerce platform. The processing device is also configured to determine, utilizing the selected at least one machine learning model, whether the given user is exhibiting at least one of the different types of potentially malicious behavior. The processing device is also configured, responsive to determining that the given user is exhibiting at least one of the different types of potentially malicious behavior, to initiate actions on the e-commerce platform to prevent or mitigate an effect of the potentially malicious behavior.

Abstract: An analysis system includes a control module generates data gathering parameters and data analysis parameters based on one or more inputs regarding an evaluation of a system aspect under test of a system, a data input module receives system gathered data regarding the system aspect under test to produce gathered data, and a data analysis module configured to generate the evaluation of the system aspect under test based on the data analysis parameters and the gathered data One or more databases store one or more of the gathered data, the data analysis parameters, and the evaluation of the system aspect under test and one or more data extraction modules interact with the system aspect under test to extract data from the system aspect under test in accordance with a respective portion of the data gathering parameters to produce the system gathered data and provide the system gathered data.

Abstract: Handling a memory fault based on detecting whether a memory pointer was invalidated by a pointer authentication (PA) failure. After an access to a memory pointer causes a memory fault, detecting that the memory pointer was invalidated by a PA failure includes creating a new memory pointer by replacing reserved bits of the memory pointer with a default value, and determining that the new memory pointer corresponds to a memory address that falls within executable memory. This determination includes determining that the memory address is within an executable memory page, determining that a call instruction is stored at a prior memory address that immediately precedes the memory address, and/or determining that the memory address corresponds to a code section of an executable file. The PA failure is handled based on logging the PA failure, terminating the application program, and/or resuming execution at an instruction stored at the memory address.

Abstract: An anomaly detection model is trained to detect malicious traffic sessions with a low rate of false positives. A sample feature extractor extracts tokens corresponding to human-readable substrings of incoming unstructured payloads in a traffic session. The tokens are correlated with a list of malicious traffic features and frequent malicious traffic features across the traffic session are aggregated into a feature vector of malicious traffic feature frequencies. An anomaly detection model trained on feature vectors for unstructured malicious traffic samples predicts the traffic session as malicious or unclassified. The anomaly detection model is trained and updated based on its' ongoing false positive rate and malicious traffic features in the list of malicious traffic features that result in a high false positive rate are removed.

Abstract: Systems, methods, and media for identifying and responding to malicious files having similar features are provided. More particularly, in some embodiments, systems for identifying and responding to malicious files having similar features are provided, the systems comprising: a memory; and a hardware processor coupled to the memory and configured to: receive feature information extracted from a file, wherein the feature information includes at least two of static feature information, environmental feature information, and behavioral feature information; create clusters based on the feature information; determine if a file corresponding to one of the clusters is malicious; and report to a plurality of endpoints that other files corresponding to the one of the clusters is malicious.

Abstract: A system generates network perimeter for an organization based on the connection data. The system builds a model, for example, a machine learning based model configured to receive a network zone as input and output a score indicating security of the network zone. The system receives information describing connection requests received from client devices associated with the organization. The system adjusts parameters of the machine learning based model based on information describing the connection requests. The adjusting of the machine learning based model improves the accuracy of prediction based on the information describing the connection requests. The system determines a network perimeter for the organization using the machine learning based model. The network perimeter may be used for implementing a network policy for the organization based on the determined network perimeter.

Abstract: A white list generation apparatus (2000) acquires a generation request (70). The generation request (70) includes hardware configuration information (74) indicating hardware performance of a target virtual machine (20) and software configuration information (72) indicating software to be installed on the target virtual machine (20). The white list generation apparatus (2000) generates or determines a machine (90) configured with hardware with performance higher than hardware performance indicated in the hardware configuration information (74). The white list generation apparatus (2000) further installs software indicated in the software configuration information (72) onto the machine (90). Then, the white list generation apparatus (2000) generates a white list (60), based on a content of a storage apparatus in the machine (90) after completion of the installation.

Abstract: Reducing vulnerability to a server is provided. A device intermediary to a client and a server can receive a RPC message from the RPC based client to the RPC based server, the RPC message having a plurality of fields to execute one or more routines on the server. The device can detect that one or more fields of the plurality of fields exploits a vulnerability of the RPC based server. The device can modify the RPC message to remove the one or more fields from the RPC message. The device can forward the modified RPC message to the RPC server.

Abstract: Methods, systems, and apparatuses are provided for detecting a missing security alert by receiving an alert sequence generated by a network security provider, applying the received alert sequence to a security incident model, receiving an indication from the security incident model that the received alert sequence corresponds to a security incident defined by a predetermined sequence of alerts that includes at least one alert missing from the received alert sequence, and generating a notification to the network security provider that indicates at least one of the security incident or the missing alert(s). In addition, the security incident model may be generated by providing a set of historical alerts and a set of historical security incidents to a machine learning algorithm to generate the security incident model.

Abstract: Embodiments of the present disclosure relate to methods, devices and computer readable storage medium for tracing an attack source in a service function chain overlay network. In example embodiments, a request for tracing an attack source of an attacking data is sent at the attack tracer to a first service function chain domain of a plurality of service function chain domains through which the attacking data flow passes subsequently. The request includes flow characteristics of the attacking data flow. Then, the attack tracer receives a first set of results of flow matching based on the flow characteristics from the first service function chain domain. The attack tracer identifies the attack source in the plurality of service function chain domains at least in part based on the first set of results. In this way, the attack source may be traced efficiently in the service function chain overlay network.

Abstract: Aspects of the subject disclosure may include, for example, monitoring a security status of a wireless communication session comprising a back-haul link supporting a classical communication channel between a wireless access point and a wireless mobility core network. The classical communication channel is adapted to transport underlying data of the wireless communication session and, responsive to determining a change in the security status, associating with the wireless communication session a quantum communication channel adapted to transport information via qubits. Information is exchanged between the wireless access point and the mobility core network via the qubits of the quantum communication channel, wherein the exchanging of the information via the qubits enhances a security level of the wireless communication session in view of a perceived threat. Other embodiments are disclosed.

Abstract: A compute instance may be configured to extract a feature of a data instance accessed by the compute instance, generate an anonymized feature value for the feature of the data instance, include the anonymized feature value in a feature vector corresponding to the data instance, and transmit the feature vector to a server-based computing system.

Abstract: A data processing method based on Trojan circuit detection includes controlling a processor, in a testing stage, to perform following steps: obtaining a plurality of characteristic values corresponding to a logic gate circuit; performing a distribution adjustment operation on the characteristic values to generate a plurality of adjusted characteristic values; and performing classification on the adjusted characteristic values to generate a logic identification result.

Abstract: A processor may generate an enforcement point. The enforcement point may include one or more adversarial detection models. The processor may receive user input data. The processor may analyze, at the enforcement point, the user input data. The processor may determine, from the analyzing, whether there is an adversarial attack in the user input data. The processor may generate an alert based on the determining.

Abstract: A method for a first electronic device comprises generating a decision-making data structure using a machine learning data structure; transmitting, to a second electronic device, the decision-making data structure; receiving, from the electronic device, result data regarding a result of performing a selected action selected from the decision-making data structure; and updating the machine learning data structure using the result data.

Abstract: Privilege escalation monitoring may include initiating a learning mode, recording application attributes of one or more applications on a host system to an application repository, recording process attributes of one or more running processes on the host system to an access repository, recording API calls of the one or more running processes on the host system to an API repository, terminating the learning mode, initializing a protecting mode, identifying running processes on the host system based on records in the application repository, determining whether the identified running processes have system access violations based on the application repository, determining whether the identified running processes have file permission escalations based on the access repository, determining whether the identified running processes have failed privileged API calls based on the API repository, generating an alert and terminating an offending process corresponding to the determinations.

Abstract: The example embodiments are directed toward improvements in document classification. In an embodiment, a method is disclosed comprising generating a set of sentences based on a document; predicting a set of labels for each sentence using a multi-label classifier, the multi-label classifier including a self-attended contextual word embedding backbone layer, a bank of trainable unigram convolutions, a bank of trainable bigram convolutions, and a fully connected layer the multi-label classifier trained using a weakly labeled data set; and labeling the document based on the set of labels. The various embodiments can target multiple use cases such as identifying related entities, trending related entities, creating ephemeral timeline of entities, and others using a single solution. Further, the various embodiments provide a weakly supervised framework to train a model when a labeled golden set does not contain a sufficient number of examples.

Abstract: A system and method for malware detection uses static and dynamic analysis to augment a machine learning model. At the training step, static and dynamic features are extracted from training datasets and used to train a malware classification model. The malware classification model is used to classify unknown files based on verdicts from both static and dynamic models.

Abstract: A system, method, and computer-readable medium are disclosed for performing an entity behavior cataloging operation. The entity behavior cataloging operation includes: identifying a security related activity, the security related activity being based upon an observable from an electronic data source; analyzing the security related activity, the analyzing identifying an event of analytic utility associated with the security related activity; generating entity behavior catalog data based upon the event of analytic utility associated with the security related activity; and, storing the entity behavior catalog data within an entity behavior catalog, the entity behavior catalog providing an inventory of entity behaviors for use when performing a security operation.

Abstract: Techniques for selective intelligent enforcement for mobile networks using a security platform are disclosed.

Abstract: Techniques for providing contextual forensic data based on user activities. A first method includes identifying a user action in user activity data, wherein the user action is a discrete event initiated by a user, wherein the user action is performed with respect to a portion of a system; and correlating the identified user action with at least one system change, wherein the at least one system change is related to the portion of the system, wherein the at least one system change occurred after the user action. A second method includes taking a first snapshot before a user action occurs, wherein the user action is a discrete event initiated by a user, wherein the first snapshot is taken of at least a portion of a system; and taking a second snapshot after the user action occurs, wherein the second snapshot is taken of the at least a portion of the system.

Abstract: An evaluation item generation unit (107) acquires a plurality of candidates for security evaluation items to be adopted to a plurality of apparatuses included in an information system. Further, the evaluation item generation unit (107) analyzes at least one of: whether or not each apparatus of the plurality of apparatuses has a communication path with an outside communication apparatus being an apparatus which is in the information system and performs communication with the outside of the information system; and whether or not there exists in each apparatus of the plurality of apparatuses, a security evaluation item an adoption of which is to be exempted due to an adoption of which to another apparatus in the information system, and selects for each apparatus of the plurality of apparatuses, a security evaluation item to be adopted, from the plurality of candidates for the security evaluation items based on an analysis result.

Abstract: Methods and systems are described herein for improving anomaly detection in timeseries datasets. Different machine learning models may be trained to process specific types of timeseries data efficiently and accurately. Thus, selecting a proper machine learning model for identifying anomalies in a specific set of timeseries data may greatly improve accuracy and efficiency of anomaly detection. Another way to improve anomaly detection is to process a multitude of timeseries datasets for a time period (e.g., 90 days) to detect anomalies from those timeseries datasets and then correlate those detected anomalies by generating an anomaly timeseries dataset and identifying anomalies within the anomaly timeseries dataset. Yet another way to improve anomaly detection is to divide a dataset into multiple datasets based on a type of anomaly detection requested.

Abstract: A method of cyber-risk assessment includes populating a database with ransomware attack information non-intrusively gathered from a plurality of data sources. A request for a ransomware susceptibility assessment of an entity associated with a domain name is received. A digital footprint of an entity is discovered in response to the associated domain name using non-intrusive information gathering. Commercial information associated with the entity is collected in response to the domain name. The database is scanned in response to the discovered digital footprint and at least one ransomware factor associated with the entity is generated in response to the scan. An impact parameter and a ransomware factor coefficient is computed based on the collected commercial information. Then an entity susceptibility index is computed based on the impact parameter, the ransomware factor coefficient, and the at least one ransomware factor.

Abstract: The present disclosure relates to a device for supporting Input/Output (I/O) channel protection. The device maintains one or more channel protection enclaves (CPEs), wherein each CPE is associated with a different I/O channel, wherein each I/O channel is associated with a different address space of a memory, and wherein each CPE is allocated verification information comprising the address space associated with its associated I/O channel. The device further receives a transaction on a given I/O channel, the transaction comprising access information including one or more target addresses. Moreover, the device determines a correlation of the transaction's access information and the verification information of the CPE associated with the given I/O channel, and allows or aborts execution of the transaction, based on whether the determined correlation meets a predefined criterion.

Abstract: A log analysis device is provided. The log analysis device receives a log indicating status of an electronic control system mounted in a movable object from the electronic control system, analyzes an abnormality in the electronic control system by using the log received. Depending on a result of the analyzing, the log analysis device determines, on a log-by-log basis, priority for the electronic control system to transmit the log to the log analysis device. Based on the priority determined, the log analysis device generates instruction information that gives an instruction for controlling transmission of the log, and transmits the instruction information to the electronic control system.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise a computing device, which allows in-network and network-border protection for Internet of things (IoT) devices by securely partitioning network space and defining service-based access to IoT devices. The disclosed segmented attack prevention system for IoT networks (SAPSIN) segments the IoT network into two virtual networks: a service network and a control network; and define access control rules for each virtual network. In the service network, SAPSIN utilizes a service-based approach to control device access, allowing only configured protocol, applications, network ports, or address groups to enter or exit the network. In control network, the SAPSIN provides the access control rules by defining a threshold for the number of configuration requests within a predetermined time. As a result, SAPSIN protects IoT devices against intrusion and misuse, without the need for device-specific software or device-specific security hardening.

Abstract: Aspects of the disclosure relate to dynamic and automated spear phishing management. A computing platform may identify users to receive a simulated spear phishing message. In some instances, the computing platform may receive a very attacked persons (VAP) list and may identify the users to receive the simulated spear phishing message based on the VAP list. Based on historical message data associated with a first user, the computing platform may identify message features associated with the first user. Using a predetermined template and for a first user account linked to the first user, the computing platform may generate a first spear phishing message based on the message features. The computing platform may then send, to the first user account, the first spear phishing message.

Abstract: In an embodiment, a method for deep application discovery and forensics of a reference system includes a computing device, such as an orchestrator, receiving and/or obtaining from an inspection layer executing on the reference system, during runtime of the reference system, architecture and configuration information describing the reference system. Also, the computing device generates, during runtime of the reference system, dependency matrices describing relationships between components of the reference system which allow for generation, during runtime of the reference system, at least one threat model describing vulnerabilities of the reference system based on the dependency matrices. The inspection layer identifies the applications and databases accessed by the applications.

Abstract: Embodiments of the present invention provide methods, apparatus, systems, computing devices, computing entities, and/or the like for permitting or blocking tracking tools used through webpages. In particular embodiments, the method involves: scanning a webpage to identify a tracking tool configured for processing personal data; determining a data destination location that is associated with the tracking tool; and generating program code configured to: determine a location associated with a user who is associated with a rendering of the webpage; determine a prohibited data destination location based on the location associated with the user; determine that the data destination location associated with the tracking tool is not the prohibited data destination location; and responsive to the data destination location associated with the tracking tool not being the prohibited data destination location, permit the tracking tool to execute.

Abstract: Computer-implemented methods, systems and products for analytics and discovery of patterns or signals. The method includes a set of operations or steps, including collecting data from a plurality of data sources, the data having a plurality of associated data types, and filtering the collected data based on identifying viable data sources from which the data is collected. The method further includes prioritizing discovery objectives based on analyzing the filtering results, and enriching the filtered collected data from viable data sources according to the prioritized discovery objectives. The method further includes extracting one or more signals from the enriched data using one or more machine learning mechanisms in combination with qualified subject matter expertise input, and graphically displaying the extracted signals in a meaningful way to a human operator such that the human operator is enabled to understand importance of extracted signals.

Abstract: A system for detecting Denial-of-Service (DoS) attacks on one or more user profiles collects a number of invalid sign-on attempts on the one or more user profiles during every time interval. The system determines a number of invalid sign-on attempts on every user profile since the start of the first time interval. The system detects a first DoS attack on a particular user profile if a first number of invalid sign-on attempts on the particular user profile exceeds a single-user profile. The system detects a second DoS attack on multiple user profiles during the first time interval if the increase in the total number of invalid sign-on attempts since the last time interval exceeds a scan-level threshold number. The system detects a third DoS attack on multiple user profiles if the total number of invalid sign-on attempts detected during combined time intervals exceeds a third threshold number.

Abstract: An endpoint agent extension of a cyber defense system for email that includes modules and machine learning models. An integration module integrates with an email client application to detect email cyber threats in emails in the email client application as well as regulate emails. An action module interfaces with the email client application to direct autonomous actions against an outbound email and/or its files when a cyber threat module determines the email and/or its files (a) to be a data exfiltration threat, (b) to be both malicious and anomalous behavior as compared to a user's modeled email behavior, and (c) any combination of these. The autonomous actions can include actions of logging a user off the email client application, preventing the sending of the email, stripping the attached files and/or disabling the link to the files from the email, and sending a notification to cyber security personnel regarding the email.

Abstract: A server manager for detecting ransomware includes a server interface to retrieve, from a storage device, a backup of a plurality of files stored by a client device. A ransomware detection module includes a statistical filter to generate a standard pattern of file activities of the client device for a time period. A statistical behavior analysis is performed on the backup of the plurality of files based on the standard pattern to identify a portion of the backup corresponding to a statistical anomaly different from the standard pattern. The statistical anomaly corresponds to an abnormal file activity. An entropy detector generates an entropy score for the portion of the backup. The entropy score represents a randomness of a distribution of bits in a block of a file in the portion of the backup. It is determined whether the backup includes the ransomware based on the generated entropy score.

Abstract: A data diode chip provides a flexible device for collecting data from a data source and transmitting the data to a data destination using one-way data transmission. On-chip processing elements allow the data diode to identify automatically the type of connectivity provided to the data diode and configure the data diode to handle the identified type of connectivity.

Abstract: A method for classifying domains to malware families includes identifying a corpus of malicious domains, identifying one or more suspicious domains, extracting a timeframe corresponding to the one or more suspicious domains, calculating a rank coefficient between the one or more suspicious domains and a current seed domain of the corpus of malicious domains, determining whether the rank correlation coefficient exceeds a rank threshold for the one or more suspicious domains, comparing a number of suspicious domains whose correlation coefficients exceed the rank threshold to a relation threshold, and responsive to determining the number of suspicious domains whose correlation coefficients exceed the rank threshold exceeds the relation threshold, applying a tag to the suspicious domains indicating that the one or more suspicious domains correspond to a same malware family as the current seed domain.

Abstract: Disclosed is system for executing service request. The system comprises a processing arrangement and data sources. The processing arrangement receives the service request and is configured to extract data from the data sources based on the service request. The data sources respond in response to a characteristic framework of the service request. The system further comprises an administrator module to permute the service request received by the processing arrangement in accordance with the characteristic framework employed by the data sources. The administrator module is configured to identify at least one attribute of the service request, obtain data corresponding to the at least one attribute of the service request from the data sources, normalize the obtained data and provide the normalized data to execute the service request, via the processing arrangement.

Abstract: Techniques for preventing ransomware from encrypting files on a target machine are disclosed. In some embodiments, a system/process/computer program product for preventing ransomware from encrypting files on a target machine includes monitoring file system activities on a computing device; detecting an unauthorized activity associated with a honeypot file or honeypot folder; and performing an action based on a policy in response to the unauthorized activity associated with the honeypot file or honeypot folder.

Abstract: Methods and systems for improved collection and evaluation of audit responses for healthcare sites are provided. In one embodiment, a method is provided that includes receiving responses associated with an audit of a healthcare site. A deficiency score and a total score may be calculated based on the responses. The deficiency scores may be calculated based on a quantity of responses indicating a deficient status and/or an improvement required status. The total score may be calculated based on a total quantity of the responses and a quantity of the responses that indicate an inapplicable status. The risk score may then be calculated based on the deficiency score.

Abstract: According to one embodiment, an non-transitory storage medium is configured to store a plurality of engines, which operate to conduct an analysis of a received object to determine if the object is associated with a malicious attack. The plurality of engines includes a first engine and a second engine. The first engine is configured to conduct a first analysis of the received object for anomalous behaviors including anomalous actions or omissions during virtual processing of the object that indicate the received object is malicious. The second engine is configured to conduct a second analysis corresponding to a classification of the object as being associated with a malicious attack. The analysis schemes conducted by the first engine and the second engine may be altered via configuration files, which adjusts (i) parameter value(s) or (ii) operation rules(s) to alter the analysis conducted by the first engine and/or second engine.

Abstract: Isolating suspicious email links is described. An email security service receives an email that includes a link that refers to an external resource. A first suspicious link determination is performed to determine whether the link is suspicious. If the link is suspicious, the link is rewritten to refer to the email security and the email is delivered to the recipient. A request from a client device is received responsive to the link being opened. A second suspicious link determination is performed to determine whether the link is suspicious. If the link is suspicious, an interstitial page is transmitted to the client device that includes an option that, when selected, causes the first link to be opened in a remote browser isolation session.

Abstract: Techniques regarding augmenting one or more training datasets for training one or more AI models are provided. For example, one or more embodiments described herein can comprise a system, which can comprise a memory that can store computer executable components. The system can also comprise a processor, operably coupled to the memory, and that can execute the computer executable components stored in the memory. The computer executable components can comprise training augmentation component that can generate an augmented training dataset for training an artificial intelligence model by extracting a simplified source code sample from a source code sample comprised within a training dataset.

Abstract: Novel tools and techniques might provide for implementing Internet of Things (“IoT”) functionality, and, in particular embodiments, implementing added services for OBD2 connection for IoT-capable vehicles. In various embodiments, a portable device (when connected to an OBD2 DLC port of a vehicle) might monitor wireless communications between a vehicle computing system(s) and an external device(s), might monitor vehicle sensor data from vehicular sensors tracking operational conditions of the vehicle, and might monitor operator input sensor data from operator input sensors tracking input by a vehicle operator. The portable device (or a server) might analyze either the monitored wireless communications or a combination of the monitored vehicle sensor data and the monitored operator input sensor data, to determine whether vehicle operation has been compromised.

Abstract: A method and a device for automatically detecting potential failures in mobile applications implemented on an operating system for mobile devices, a mobile application being executable on the operating system installed on a hosting device by executing code instructions stored in an associated executable file. Provided an executable file associated to a mobile application, the device implements a module for decompiling the executable file to obtain at least one descriptive file of the mobile application containing descriptive code formatted with a markup language, a module for providing a plurality of predetermined string patterns related to potential failures, and a module for searching for the presence of at least one of the string patterns in the at least one descriptive file, and in case of presence, outputting an indication of presence of a potential failure associated to the detected string pattern.

Abstract: A computing system is configured to perform zero-trust domain name resolution. The computing system includes applications coupled to a zero-trust client. The zero-trust client is configured to receive requests for IP addresses corresponding to endpoint identifiers for internet connected endpoints. The zero-trust client includes a synthetic DNS service configured to identify synthetic IP addresses for the endpoint identifiers. The zero-trust client provides the synthetic IP addresses for the endpoint identifiers to the applications. The zero-trust client sends data traffic from the applications to a zero-trust service with the synthetic IP addresses and sends corresponding endpoint identifiers to the zero-trust service in a fashion that allows the synthetic IP addresses to be correlated to the endpoint identifiers at the zero-trust service.

Abstract: A condition exists that triggers an HTTP server to modify one or more HTTP connections for one or more HTTP clients that are connected to the HTTP server. The HTTP server dynamically modifies the one or more HTTP connections including dynamically modifying one or more HTTP connection resource parameters for the one or more HTTP connections. For each of the one or more HTTP clients, the HTTP server monitors that HTTP client to determine whether it is complying with the modified one or more HTTP connection resource parameters. If one of the one or more HTTP clients is not complying with the modified one or more HTTP connection resource parameters, the HTTP server closes an HTTP connection to that HTTP client.