Abstract: Techniques to facilitate operation of a centralized trust authority for web application components are disclosed herein. In at least one implementation, a plurality of web resources used to construct web applications is received. Over a secure application programming interface (API), component registration information associated with each of the plurality of web resources is received, provided by producers of the web resources. The plurality of web resources is analyzed to determine unique identities and security attributes for each of the web resources. A plurality of security risk factors is identified for each of the plurality of web resources based on the component registration information and the security attributes determined for each of the web resources. A security profile is generated for each of the plurality of web resources based on the security risk factors identified for each of the web resources.

Abstract: Disclosed herein are enhancements for operating a communication network to detect malware in scripts of web applications. In one implementation, a method for modeling the structure of embedded unclassified scripts to compare the abstract dynamism of similar scripts. The method may determine structure of unclassified end user browser script by building abstract structure using code from unclassified end user browser script; compare determined structure of unclassified end user browser script with a plurality of generalized abstract structures; if the determined structure of unclassified end user browser script matches within a predetermined threshold of any of the plurality of generalized abstract structures, then the unclassified end user browser script is classified as benign, otherwise the determined structure is classified as malicious. This, in turn, provides a scalable and efficient way of identifying benign, malicious, known and unknown scripts from a script available in full or in part.

Abstract: Techniques to facilitate protection of web application components are disclosed herein. In at least one implementation, a plurality of web resources associated with a web applications is received. The plurality of web resources is processed to generate individual generalized code templates for each of the web resources by removing data constants and code formatting elements from the web resources. A set of the individual generalized code templates for each of the web resources is stored in a probabilistic data structure. A security web module comprising the probabilistic data structure having the set of the individual generalized code templates for each of the web resources stored therein is deployed to protect the web application.

Abstract: Techniques to facilitate security for a software application are disclosed herein. In at least one implementation, static analysis is performed on code resources associated with the software application to generate static analysis results. Dynamic analysis is performed on a running instance of the software application to generate dynamic analysis results. An application information model of the software application is generated based on the static analysis results and the dynamic analysis results. Security policies for the software application are determined based on the application information model.