Abstract: A website vulnerability test is performed by automatically checking that a website has not been compromised by malicious third party scripts. A system can test a dynamic behavior of a website that indicates a functional user flow through the website. A set of rules are applied against a log of dynamic behavior of the website, as well as static code of the website, to identify potential compromise by malicious scripts. Some rules can be configured for detecting modification of a third party script, or modified behavior of a third party script, in an attempt to detect security monitoring activity against the script and hide its presence from the security monitoring activity.

Abstract: The disclosed technology provides for performing website anomaly tests by automatically checking whether a website is compromised by malicious code. A system can test dynamic behavior of the website indicating a functional user flow through the website. A set of rules can be applied against a log of the behavior and static code of the website to identify potential compromises. A first rule can be satisfied based on identifying patterns of plain text encodings in portions of website event data. A second rule can be applied to the portions of event data representing information transmitted from a client device to a third party device. The second rule can be satisfied based on identifying third party account information that is not included in a whitelist of allowed third party accounts information. A likelihood of potential security vulnerability can also be determined based on the first and/or second rules being satisfied.

Abstract: A website vulnerability test is performed by automatically checking that a website has not been compromised by malicious third party scripts. A system can test a dynamic behavior of a website that indicates a functional user flow through the website. A set of rules are applied against a log of dynamic behavior of the website, as well as static code of the website, to identify potential compromise by malicious scripts. Some rules can be configured for detecting modification of a third party script, or modified behavior of a third party script, in an attempt to detect security monitoring activity against the script and hide its presence from the security monitoring activity.

Abstract: A website anomaly test is performed by automatically checking that a website has not been compromised by malicious code. A system can test a dynamic behavior of a website that indicates a functional user flow through the website. A set of rules are applied against a log of dynamic behavior of the website, as well as static code of the website, to identify potential compromise by malicious scripts.

Abstract: A website vulnerability test is performed by automatically checking that a website has not been compromised by malicious third party scripts. A system can test a dynamic behavior of a website that indicates a functional user flow through the website. Instead of merely analyzing static code of a website, the system automatically tests the website in their runtime environments for the presence of malicious third party scripts.

Abstract: Systems and methods for monitoring webpage traffic. A web server can generate a JavaScript wrapper and wrap requested webpage code in the JavaScript wrapper. A client device in communication with the web server can receive a user request to load a webpage in a web browser, receive, from the web server, webpage code for the requested webpage that is wrapped in the JavaScript wrapper and includes an allowlist of allowed domains, execute the wrapped webpage code in the web browser, receive a domain request, identify the requested domain from the allowlist, execute the request if the domain is in the allowlist, and transmit, to the web server, run-time information associated with the domain request. The web server can determine, based on the run-time information, a frequency that the domain request was made, add the requested domain to a proposed allowlist, and generate a proposed modification to the JavaScript wrapper.

Abstract: A plurality of network sensors are configured to sense the operations of a data network and, responsive to sensing the operations of the data network, generate event data objects that record the operations of the data network. One or more decorator pipelines are configured to decorate the event data objects with data other than from operations of the data network. A security frontend is configured to generate a graphical user interface (GUI) configured to provide, to a user, query-authoring tools, receiving a query in a structured language, provide responsive to receiving the query, results to the query from historic event data that was decorated before the query was received, receive approval for the query, and later execute the query on new event data that has been decorated after the approval for the query is received.

Abstract: A website vulnerability test is performed by automatically checking that a website has not been compromised by malicious third party scripts. A system can test a dynamic behavior of a website that indicates a functional user flow through the website. A set of rules are applied against a log of dynamic behavior of the website, as well as static code of the website, to identify potential compromise by malicious scripts. Some rules can be configured for detecting modification of a third party script, or modified behavior of a third party script, in an attempt to detect security monitoring activity against the script and hide its presence from the security monitoring activity.

Abstract: A website anomaly test is performed by automatically checking that a website has not been compromised by malicious code. A system can test a dynamic behavior of a website that indicates a functional user flow through the website. A set of rules are applied against a log of dynamic behavior of the website, as well as static code of the website, to identify potential compromise by malicious scripts.

Abstract: A website vulnerability test is performed by automatically checking that a website has not been compromised by malicious third party scripts. A system can test a dynamic behavior of a website that indicates a functional user flow through the website. Instead of merely analyzing static code of a website, the system automatically tests the website in their runtime environments for the presence of malicious third party scripts.

Abstract: A plurality of network sensors are configured to sense the operations of a data network and, responsive to sensing the operations of the data network, generate event data objects that record the operations of the data network. One or more decorator pipelines are configured to decorate the event data objects with data other than from operations of the data network. A security frontend is configured to generate a graphical user interface (GUI) configured to provide, to a user, query-authoring tools, receiving a query in a structured language, provide responsive to receiving the query, results to the query from historic event data that was decorated before the query was received, receive approval for the query, and later execute the query on new event data that has been decorated after the approval for the query is received.