Abstract: Methods for blind detection of computational vulnerabilities include the submission by a detecting system of potentially interpretable information to a target system; measurement of the timing characteristics of the output from the target system by the detecting system; and diagnosis of the vulnerabilities of the target system by the detecting system as based on the timing characteristics, optionally in conjunction with auxiliary data. Invented systems provide reference implementations of these methods.

Abstract: A method for detecting remote file inclusion vulnerabilities in a web application includes altering of extracted resource references from a web application, submission of altered references as HTTP requests to the web application, inspection of corresponding HTTP responses, and diagnosis of vulnerability. A computer system or systems can implement the disclosed embodiments.

Abstract: Methods for blind detection of computational vulnerabilities include the submission by a detecting system of potentially interpretable information to a target system; measurement of the timing characteristics of the output from the target system by the detecting system; and diagnosis of the vulnerabilities of the target system by the detecting system as based on the timing characteristics, optionally in conjunction with auxiliary data. Invented systems provide reference implementations of these methods.

Abstract: Methods for blind detection of computational vulnerabilities include the submission by a detecting system of potentially interpretable information to a target system; measurement of the timing characteristics of the output from the target system by the detecting system; and diagnosis of the vulnerabilities of the target system by the detecting system as based on the timing characteristics, optionally in conjunction with auxiliary data. Invented systems provide reference implementations of these methods.

Abstract: Methods for blind detection of computational vulnerabilities include the submission by a detecting system of potentially interpretable information to a target system; measurement of the timing characteristics of the output from the target system by the detecting system; and diagnosis of the vulnerabilities of the target system by the detecting system as based on the timing characteristics, optionally in conjunction with auxiliary data. Invented systems provide reference implementations of these methods.

Abstract: A method for discovering the structure, state transitions, and patterns of behavior of users of a web application includes a method for causing the web application to make HTTP requests for resources from an external supplier; capture of the requests for the external resources; extraction of meaningful data from the captured requests; and analysis to draw conclusions based on the extracted data. A system of invention provides a reference implementation of the method.

Abstract: A method for detecting remote file inclusion vulnerabilities in a web application includes altering of extracted resource references from a web application, submission of altered references as HTTP requests to the web application, inspection of corresponding HTTP responses, and diagnosis of vulnerability. A system of invention implements the method.

Abstract: A security information management system is described, wherein client-side devices preferably collect and monitor information describing the operating system, software, and patches installed on the device(s), as well as configuration thereof. A database of this information is maintained, along with data describing vulnerabilities of available software and associated remediation techniques available for it. The remediation techniques in the database include some that apply software patches, some that change the device's policy settings, and some that change one of the device's configuration files or registry.

Abstract: A database maintains security status information on each device in a network, based on whether the device's operating system, software, and patches are installed and configured to meet a baseline level of security. A network gateway proxy blocks connection attempts from devices for which the database indicates a substandard security status, but allows connections from other devices to pass normally. The database is preferably updated on a substantially real-time basis by client-side software run by each device in the network.

Abstract: A security information management system is described, wherein client-side devices preferably collect and monitor information describing the operating system, software, and patches installed on the device(s), as well as configuration thereof. A database of this information is maintained, along with data describing vulnerabilities of available software and associated remediation techniques available for it. The system exposes an API to support security-related decisions by other applications. For example, an intrusion detection system (IDS) accesses the database to determine whether an actual threat exists and should be (or has been) blocked.

Abstract: A security information management system is described, wherein client-side devices preferably collect and monitor information describing the operating system, software, and patches installed on the device(s), as well as configuration thereof. A database of this information is maintained, along with data describing vulnerabilities of available software and associated remediation techniques available for it. The system exposes an API to support security-related decisions by other applications. For example, an intrusion detection system (IDS) accesses the database to determine whether an actual threat exists and should be (or has been) blocked.

Abstract: A security information management system is described, wherein client-side devices preferably collect and monitor information describing the operating system, software, and patches installed on the device(s), as well as configuration thereof. A database of this information is maintained, along with data describing vulnerabilities of available software and associated remediation techniques available for it. The system exposes an API to support security-related decisions by other applications. For example, an intrusion detection system (IDS) accesses the database to determine whether an actual threat exists and should be (or has been) blocked.

Abstract: A security information management system is described, wherein a database of potential vulnerabilities is maintained, along with data describing remediation techniques (patches, policy settings, and configuration options) available to protect against them. At least one vulnerability is associated in the database with multiple available remediation techniques. In one embodiment, the system presents a user with the list of remediation techniques available to protect against a known vulnerability, accepts the user's selection from the list, and executes the selected technique. In other embodiments, the system uses a predetermined prioritization schedule to automatically select among the available remediation techniques, then automatically executes the selected technique.

Abstract: Abstract of the Disclosure A security information management system is described, wherein client-side devices preferably collect and monitor information describing the operating system, software, and patches installed on the device(s), as well as configuration thereof. A database of this information is maintained, along with data describing vulnerabilities of available software and associated remediation techniques available for it. The system exposes an API to support security-related decisions by other applications. For example, an intrusion detection system (IDS) accesses the database to determine whether an actual threat exists and should be (or has been) blocked.

Abstract: Abstract of the Disclosure A security information management system is described, wherein client-side devices preferably collect and monitor information describing the operating system, software, and patches installed on the device(s), as well as configuration thereof. A database of this information is maintained, along with data describing vulnerabilities of available software and associated remediation techniques available for it. The system exposes an API to support security-related decisions by other applications. For example, an intrusion detection system (IDS) accesses the database to determine whether an actual threat exists and should be (or has been) blocked.

Abstract: Abstract of the Disclosure A security information management system is described, wherein client-side devices preferably collect and monitor information describing the operating system, software, and patches installed on the device(s), as well as configuration thereof. A database of this information is maintained, along with data describing vulnerabilities of available software and associated remediation techniques available for it. The remediation techniques in the database include some that apply software patches, some that change the device’s policy settings, and some that change one of the device’s configuration files or registry.

Abstract: Abstract of the Disclosure A security information management system is described, wherein a database of potential vulnerabilities is maintained, along with data describing remediation techniques (patches, policy settings, and configuration options) available to protect against them. At least one vulnerability is associated in the database with multiple available remediation techniques. In one embodiment, the system presents a user with the list of remediation techniques available to protect against a known vulnerability, accepts the user’s selection from the list, and executes the selected technique. In other embodiments, the system uses a predetermined prioritization schedule to automatically select among the available remediation techniques, then automatically executes the selected technique.

Abstract: Abstract of the Disclosure A database maintains security status information on each device in a network, based on whether the device’s operating system, software, and patches are installed and configured to meet a baseline level of security. A network gateway proxy blocks connection attempts from devices for which the database indicates a substandard security status, but allows connections from other devices to pass normally. The database is preferably updated on a substantially real-time basis by client-side software run by each device in the network.

Abstract: Abstract of the Disclosure A security information management system is described, wherein client-side devices preferably collect and monitor information describing the operating system, software, and patches installed on the device(s), as well as configuration thereof. A database of this information is maintained, along with data describing vulnerabilities of available software and associated remediation techniques available for it. The system exposes an API to support security-related decisions by other applications. For example, an intrusion detection system (IDS) accesses the database to determine whether an actual threat exists and should be (or has been) blocked.

Abstract: A security information management system is described, wherein a database of potential vulnerabilities is maintained, along with data describing remediation techniques (patches, policy settings, and configuration options) available to protect against them. At least one vulnerability is associated in the database with multiple available remediation techniques. In one embodiment, the system presents a user with the list of remediation techniques available to protect against a known vulnerability, accepts the user's selection from the list, and executes the selected technique. In other embodiments, the system uses a predetermined prioritization schedule to automatically select among the available remediation techniques, then automatically executes the selected technique.