Abstract: Systems and methods are disclosed to develop and use a tool to enable an application package to be instrumented with automatic real user monitoring (RUM) without accessing the original source code. A package, such as Android application bundle (AAB) or Android package kit (APK), is imported and decoded and a generated source code file and/or manifest is obtained. Instrumentation is then added at a location corresponding to a code signature in the generated source code file (e.g., an operation to be instrumented before and/or after the operation). The generated source code file is then compiled and packaged into an APK and/or AAB file. The resulting application package is available for downloading, installation, and use on user devices with the instrumentation having been automatically added and without access to the original source code.

Abstract: A request to add a new block to a blockchain is received. Data associated with the new block is scanned to identify malware and/or an anomaly. In response to identifying the malware and/or the anomaly in the data associated with the new block, an action is taken. The action includes: rejecting the request to add the new block to the blockchain, or removing the malware/anomaly from the new block and adding the new block to the blockchain. In a second embodiment, a malware event is identified that identifies malware/an anomaly in a block in a blockchain. In response to the malware event, an action is taken. The action includes: consolidating the blockchain, bypassing the block in the blockchain, consolidating the blockchain and bypassing the block in the blockchain, and deleting an encryption key that was used to encrypt the associated data that comprises the malware and/or the anomaly.

Abstract: A request to install a first version of a software application is received. The first version of the software application is stored in a first blockchain in a first distributed blockchain ledger. In response to receiving the request to install the first version of the software application, the first version of the software application is validated by running a hash of the first blockchain. In response to validating the first version of the software application, the first version of the software application is installed from the blockchain to a device. The software application may also be validated after being installed to the device.

Abstract: A plurality of different types of resource access events are identified. For example, a resource access event may be an administration event where a user is given certain access rights to view/modify a resource, such as, a database record. A plurality of blocks are generated, where each block is associated with an individual one of the plurality of different types of resource access events. The plurality of blocks are added to a first resource access blockchain. The blockchain can be used to track the various types of resource access events.

Abstract: A device, system, and method are provided. In one example, a method for polling for server events is described that includes storing, on a server, a list of events. The method also includes polling, by a client, the server for the list of events. The method includes receiving the list of events stored on the server. The method further includes broadcasting each event in the list of events received to an associated component; and requesting, by each component that receives at least one associated event, component related event data for each associated event.

Abstract: A current software tool is identified. The current software tool is used to manage and/or create a current corresponding software. For example, the current software tool may be a compiler and the current corresponding software may be a binary executable. A current mapping is generated between code provided to the current software tool and the current corresponding software using a first Artificial Intelligence (AI) algorithm. A comparison between the current mapping and a learned mapping is made to determine if the current software tool is manipulating the current corresponding software in an abnormal way. The learned mapping is based on historical code input into historical software tools and corresponding historical code output from the historical software tools. In response to determining that the current software tool is manipulating the current corresponding software in an abnormal way, the current software tool is identified as being compromised or likely compromised.

Abstract: A security orchestration, automation, and response (SOAR) playbook is often selected to address an incident, such as a fault or attack (e.g., malware, a phishing attack, etc.) on a computer system or component. However, when the incident is new, manual resolution is often utilized to address the incident. By utilizing a neural network trained to identify similarities in a new incident, the neural network can select a SOAR playbook and optionally automatically deploy the playbook to address the incident.

Abstract: Testing software applications often requires a balancing of thoroughness versus the time and computing resources available to perform such tests. Certain data handling operations may potentially expose data to unauthorized parties. However, not all data is equal; some data requires a greater degree of protection than other data, which may be based on a security context (e.g., rule, law, policy, etc.). By generating rules determined by a particular context, extraneous tests on data outside of the context, may be omitted. Unnecessary tests may be omitted and the results of each analysis process correlated to identify actual vulnerabilities and omit false positives, such as vulnerabilities to data that does not require the same degree of care to avoid unauthorized exposure.

Abstract: A monitoring utility program into a software container in which a containerized virtual machine application is running. The monitoring utility program is to monitor the containerized virtual machine application running within the software container. Monitoring information regarding the containerized virtual machine application is periodically pulled from the monitoring utility program.

Abstract: Testing software applications often requires a balancing of thoroughness versus the time and computing resources available to perform such tests. Certain data handling operations may potentially expose data to unauthorized parties. However, not all data is equal; some data requires a greater degree of protection than other data, which may be based on a security context (e.g., rule, law, policy, etc.). By generating rules determined by a particular context, extraneous tests on data outside of the context, may be omitted. Unnecessary tests may be omitted and the results of each analysis process correlated to identify actual vulnerabilities and omit false positives, such as vulnerabilities to data that does not require the same degree of care to avoid unauthorized exposure.

Abstract: Sensitive information is identified. For example, the sensitive information may be a set of medical records. A request is received to send the sensitive information from a first domain to a second domain. For example, the request may be to send the sensitive information from a first corporation to a second corporation. The sensitive information is encrypted. The encrypted sensitive information comprises an authentication field. The authentication field identifies one or more authentication factors that are required to unencrypt the sensitive information. For example, the authentication field may indicate that a user is required to provide a username/password and a fingerprint scan to access the sensitive information. The encrypted sensitive information is sent to the second domain. The user in the second domain is required to authenticate using the one or more authentication factors to access the sensitive information.

Abstract: Containerized platforms like Kubernetes, OpenShift, EKS (Elastic Kubernetes Service), etc., containerize and orchestrate applications. There are mature solutions for discovering and modeling applications running in physical and virtualized machines, and for containerized platforms, there are solutions for discovering and modeling infrastructure like namespaces, controllers, and pods. While beneficial, such models are incomplete. Accordingly, systems and methods are provided herein for discovering applications and modeling resources utilized for the applications or product suites. As a result, version mismatches or unplanned changes may be detected and corrected.

Abstract: A request to authenticate is received. For example, the request to authenticate may be to authenticate to a software application or a device. The request to authenticate is for a first authentication level for a user. The first authentication level is one of a plurality of authentication levels for the user. The request to authenticate is authorized based on a provided one or more authentication factors (e.g., a valid username/password). A plurality of authentication tokens are retrieved. The plurality of authentication tokens are associated with the first authentication level. In addition, each authentication token of the plurality of authentication tokens is associated with an individual application of a plurality of applications. Access to information in the plurality of applications is granted based on the plurality of authentication tokens.

Abstract: A first device transmits a request message to a proxy device to forward to a second device. The request message includes a public key. The second device transmits a response message to the proxy device to forward to the first device. The response message includes a cryptographic nonce and is encrypted with the public key. The first device decrypts the response message, and generates a session key based on the nonce and a pre-shared password. The first device generates a session key and transmits a challenge response encrypted with the session key to the proxy device to forward to the second device. The second device generates the session key and decrypts the challenge response with the session key. Upon the second device confirming the challenge response such that a secure session is established, the first and second devices communicate with one another over the secure session.

Abstract: Data of a plurality of channels of a spread-spectrum network are received. For example, the data of the plurality of channels of the spread-spectrum network may be captured by a spread-spectrum router (e.g., a WiFi router). The data of the plurality of channels of the spread-spectrum network is analyzed to identify an anomalous cross-channel pattern across the plurality of channels of the spread-spectrum network. For example, the attack may be a sequential attack across each of the channels of the spread-spectrum network. In response to identifying the anomalous cross-channel pattern across the plurality of channels of the spread-spectrum network, an action is taken to protect the spread-spectrum network. For example, the action may be to notify an administrator of the spread-spectrum network that a potential attack is occurring on the spread-spectrum network or to block access to the spread-spectrum router.

Abstract: A determination is made to see if a user has authenticated to a computer system using a plurality of authentication levels. For example, the user may have had a first session where the user is authenticated at authentication level one and a second session where the user is authenticated at authentication level two. Behavior of the user is separately tracked at each of the plurality of authentication levels to identify separate usage patterns of the user at each of the plurality of authentication levels. Anomalous behavior of the user is identified based on one or more variations from the separate usage patterns of the user at, at least one of the plurality of authentication levels. An action is taken based on identifying the anomalous behavior of the user. For example, the user's account may be locked, or an administrator may be notified.

Abstract: Text screen description data for a terminal-based application is received. For example, the text screen description data may be received via an Application Programming Interface (API) call. The text screen description data comprises a screen description and one or more text field descriptions associated with the screen description. The one or more text field descriptions are associated with one or more text fields. The text screen description data is based on Basic Mapping Support (BMS) mappings. Image data of a screen for the terminal-based application is captured. The captured image data of the screen of the terminal-based application is correlated to the text screen description data for the terminal-based application to identify the one or text fields. As a result, a test script is automatically generated to test the one or more text fields based on the correlation.

Abstract: Method and system to improve keyboard input in an automated test environment. The method includes determining a keyboard layout. The method also includes receiving an input, wherein the input comprises a plurality of characters. The method further includes processing the input to determine an input delay between each character of the plurality of characters and entering each character of the plurality of characters with the determined input delay between each character.

Abstract: One or more characters are input into an auto-complete field. Text of a displayed list of one or more candidate items is retrieved. The text of the displayed list of the one or more candidate items is compared to a predefined candidate item. In response to the text of the displayed list of one or more candidate items not having the predefined candidate item or not being withing a defined ranking, test results are flagged where the predefined candidate item is missing from displayed list of the one or more candidate items or is not withing the defined ranking. This allows the for automated testing of the auto-complete fields.

Abstract: A watermark is generated. The generated watermark is specific to an individual owner of a media. The media may be any type of electronic media, such as, an image, a document, a movie, an audio file, a software application, and/or the like. The watermark is inserted into the media. The watermark in the media is changed when ownership of the media is changed. For example, as the media is sold to a new owner, the new owner's watermark is added to the media so that a chain of title can be verified directly from the media. In addition, the chain of title may also be verified via a blockchain.