Abstract: Systems and methods for protection against session stealing is described. In embodiments of the present solution, a device intermediary to the client and the server may identify first properties of the client and associate the first properties with the session key. When the device receives subsequent request comprising the session key, the device matches the associated first properties with second properties of the second device that is sending the subsequent request. If there is a match, the subsequent request transmitted to the server. Otherwise, the subsequent request is rejected.

Abstract: A system for automatically identifying broken authentication and other related vulnerabilities in web services are disclosed. The system includes an emulating module, a first database, a second database, a tampering module and a response analysis module. The emulating module is configured to run web service with (a) a first credential, and (b) a second credential to obtain first and second parameters. The first database and the second database is configured to store (i) the first session identifying parameters, (ii) the first request, and, (iii) the first response, (iv) the second session identifying parameters, (v) the second request, and (vi) the second response. The tampering module is configured to receive (a) the first and the second request from the first and the second database. The response analysis module is configured to receive (a) the third response from the tampering module.

Abstract: A system for automatically generating an attacker application to perform vulnerability analysis on a victim application is disclosed. The system includes a memory unit, a processor that executes the set of modules. The set of modules includes a victim application permissions reading module, a permission obtaining module, a configuration file updating module, and a targeted attacker application creation module. The permission obtaining module is configured to obtain a list of permissions to exploit the victim application based on the list of permissions. The configuration file updating module is configured to update a configuration file of a template attacker application with the list of permissions to generate an attacker application that is specific to the victim application. The targeted attacker application creation module is configured to create the attacker application based on the list of permissions to attack the victim application.

Abstract: Systems and methods for protection against session stealing is described. In embodiments of the present solution, a device intermediary to the client and the server may identify first properties of the client and associate the first properties with the session key. When the device receives subsequent request comprising the session key, the device matches the associated first properties with second properties of the second device that is sending the subsequent request. If there is a match, the subsequent request transmitted to the server. Otherwise, the subsequent request is rejected.