Abstract: An example system in accordance with an aspect of the present disclosure includes a framework to demonstrate and/or train at least one live product. The framework includes a first panel associated with at least one step, and a second panel to display content and at least a portion of the at least one live product according to the at least one step. The system also includes at least one script to perform at least one task associated with the at least one step. The at least one step is performable independent of an order in which the at least one step is presented by the framework.

Abstract: Example embodiments relate to assessing dynamic security scans using runtime analysis and static code analysis. In example embodiments, a system performs static code analysis of a web application to identify reachable code and/or data entry points, where the data entry points are used to determine an attack surface size for the web application. At this stage, the system may initiate runtime monitoring for a dynamic security scan of the web application, where the runtime monitoring detects invocation of a statement at one of the data entry points. The invocation is logged as an invocation entry that comprises invocation parameters and/or code units that were executed in response to the invocation. The system may then determine an attack surface coverage of the dynamic security scan using the invocation entry and the attack surface size and/or a reachable code coverage using the invocation entry and the reachable code.

Abstract: Examples described herein include receiving a loading request of an executable file from a requester. The executable file may include original content. Examples described herein also include determining an instrumented version of the executable file to provide to the requester based on a security policy, determining an existence of the instrumented version of the executable file on a storage, and providing the instrumented version of the executable file to the requester. The instrumented version may include protective content in addition to the original content of the executable file.

Abstract: An example system in accordance with an aspect of the present disclosure includes a framework to demonstrate and/or train at least one live product. The framework includes a first panel associated with at least one step, and a second panel to display content and at least a portion of the at least one live product according to the at least one step. The system also includes at least one script to perform at least one task associated with the at least one step. The at least one step is performable independent of an order in which the at least one step is presented by the framework.

Abstract: Example embodiments relate to assessing dynamic security scans using runtime analysis and static code analysis. In example embodiments, a system performs static code analysis of a web application to identify reachable code and/or data entry points, where the data entry points are used to determine an attack surface size for the web application. At this stage, the system may initiate runtime monitoring for a dynamic security scan of the web application, where the runtime monitoring detects invocation of a statement at one of the data entry points. The invocation is logged as an invocation entry that comprises invocation parameters and/or code units that were executed in response to the invocation. The system may then determine an attack surface coverage of the dynamic security scan using the invocation entry and the attack surface size and/or a reachable code coverage using the invocation entry and the reachable code.

Abstract: A method and system for reverting a process in an in-line instrumented state to an uninstrumented state. In one embodiment, the present invention modifies selected text segment portions from the process to be uninstrumented. The present embodiment then unmaps instrumented code space such that the instrumented code space is inaccessible to the process. In this embodiment, provided an instruction pointer resides in the instrumented code space, the present invention updates the instruction pointer to uninstrumented code space. The present embodiment also executes the process and, provided the process generates a fault by seeking to access an address in instrumented code space, provides a corresponding address in uninstrumented code space. In one embodiment, the present invention then continues execution at the address in instrumented code space.

Abstract: A method and system for reverting a process in an in-line instrumented state to an uninstrumented state. In one embodiment, the present invention modifies selected text segment portions from the process to be uninstrumented. The present embodiment then unmaps instrumented code space such that the instrumented code space is inaccessible to the process. In this embodiment, provided an instruction pointer resides in the instrumented code space, the present invention updates the instruction pointer to uninstrumented code space. The present embodiment also executes the process and, provided the process generates a fault by seeking to access an address in instrumented code space, provides a corresponding address in uninstrumented code space. In one embodiment, the present invention then continues execution at the address in instrumented code space.