Abstract: The estimation and visualization of a degree of change between a further edited state of code and a selected version of the code. For each of some counted added or deleted portions (e.g., code lines) of code, the system estimates that the added (or deleted) portion complies with a non-review characteristic. The added (or deleted) code lines that comply with a non-review characteristic are excluded from the estimation of the degree of change. Thus, the estimation excludes consideration of added or deleted portions that need no substantial review, while considering more substantial added or deleted portions in the estimations. The estimation is then visualize giving the developer or the reviewer a better idea of the scale of changes that has really been made since the selected version of the code.

Abstract: The estimation and visualization of a degree of change between a further edited state of code and a selected version of the code. For each of some counted added or deleted portions (e.g., code lines) of code, the system estimates that the added (or deleted) portion complies with a non-review characteristic. The added (or deleted) code lines that comply with a non-review characteristic are excluded from the estimation of the degree of change. Thus, the estimation excludes consideration of added or deleted portions that need no substantial review, while considering more substantial added or deleted portions in the estimations. The estimation is then visualize giving the developer or the reviewer a better idea of the scale of changes that has really been made since the selected version of the code.

Abstract: Systems and methods for automated selection of payloads for use in a security scan of a web application by a security scanner are described herein. More specifically, the systems and methods test potential payloads for a security scan of a given web application on a test application with known security vulnerabilities, evaluate valid response returned by this test application, determine functionally equivalent responses, group payloads based the equivalence of their valid responses, and select one or more payloads from each created group for use in the security scan of the given web application.

Abstract: Vulnerability testing tasks can be received and distributed, via a work scheduler, to computer test environments. Each of the test environments can have a detector computing component running in the environment. Each detector component can respond to receiving one of the tasks from the work scheduler by conducting a vulnerability test on an endpoint of a target, detecting results of the vulnerability test, generating output indicating the results of the vulnerability test, and sending the output to an output processor. The work scheduler can initiate dynamic scaling of the test environments by activating and deactivating test environments in response to determining that the test environments are overloaded or underloaded, respectively. Also an overall time-based limit on testing for a target can be enforced via the work scheduler.

Abstract: To protect network-based services, offering computer implemented functionality, from attacks, a passive web application firewall reactively identifies vulnerabilities, enabling such vulnerabilities to be quickly ameliorated, without intercepting communications or introducing other suboptimal aspects of traditional web application firewalls. Communications directed to the network-based services are logged and such logs are scanned for entries evidencing attacks, such as based on predetermined attack syntax. Further evaluation of the entries identified as evidencing attacks identifies a subset of those entries that correspond to likely successful attacks. Such further evaluation includes attacking the network-based service in an equivalent manner. Attacks that are found to be successful identify vulnerabilities, and a notification of such vulnerabilities is provided to facilitate amelioration of such vulnerabilities.

Abstract: To protect network-based services, offering computer implemented functionality, from attacks, a passive web application firewall reactively identifies vulnerabilities, enabling such vulnerabilities to be quickly ameliorated, without intercepting communications or introducing other suboptimal aspects of traditional web application firewalls. Communications directed to the network-based services are logged and such logs are scanned for entries evidencing attacks, such as based on predetermined attack syntax. Further evaluation of the entries identified as evidencing attacks identifies a subset of those entries that correspond to likely successful attacks. Such further evaluation includes attacking the network-based service in an equivalent manner. Attacks that are found to be successful identify vulnerabilities, and a notification of such vulnerabilities is provided to facilitate amelioration of such vulnerabilities.

Abstract: Systems and methods for automated selection of payloads for use in a security scan of a web application by a security scanner are described herein. More specifically, the systems and methods test potential payloads for a security scan of a given web application on a test application with known security vulnerabilities, evaluate valid response returned by this test application, determine functionally equivalent responses, group payloads based the equivalence of their valid responses, and select one or more payloads from each created group for use in the security scan of the given web application.