Abstract: The proposed systems and methods apply natural language processing to identify implicit security requirements flowing from input text narratively describing desired features for a software project. These systems and methods can identify hidden security requirements that may not be readily apparent from the features described in the input text. For example, a story may include a feature of a return URL (Uniform Resource Locator), which is the URL for the website to which a user will be redirected. A security vulnerability that would not be obvious from this feature is that a user might be directed to an attacker controlled site instead of the originally intended site. A security requirement that could counteract this vulnerability would be to include the feature of verifying all redirects go to Whitelisted Sites.

Abstract: A code remediation system accesses a programming code including vulnerabilities such as potential secrets and remediates at least a subset of the potential secrets to generate modified programming code wherein the subset of potential secrets which are determined to be actual secrets are replaced with access mechanisms to storage locations on a vault wherein the actual secrets are secured. To identify the subset of potential secrets forming the actual secrets to be remediated, the code remediation system is configured to filter out false positives among the potential secrets and identify true positives. When an application executing the modified code encounters an access mechanism, it accesses the vault to retrieve the actual secrets.

Abstract: Systems and methods are provided for the classification of identified security vulnerabilities in software applications, and their automated triage based on machine learning. The disclosed system may generate a report listing detected potential vulnerability issues, and extract features from the report for each potential vulnerability issue. The system may receive policy data and business rules, and compare the extracted features relative to such data and rules. The system may determine a token based on the source code of a potential vulnerability issue, and a vector based on the extracted features of a potential vulnerability issue and based on the token. The system may select a machine learning modelling method and/or an automated triaging method based on the vector, and determine a vulnerability accuracy score based on the vector using the selected method.

Abstract: A device may receive contextual data, computational data, experiential data, and industry data associated with software code, and may receive detected vulnerabilities data identified by a scanning model based on the software code and software code metadata of the computational data. The device may process the contextual data, the computational data, and the experiential data, with a contextual identification model, to determine a set of rules and a set of actions, and may enrich, via an enrichment model, the industry data with the experiential data to generate enriched industry data. The device may process the software code metadata, the detected vulnerabilities data, and the enriched industry data, with a correlation model, to generate analysis data, and may process the analysis data and the set of rules, with a security model, to confirm security issues associated with the software code. The device may perform one of the set of actions based on the security issues.

Abstract: Systems and methods are provided for the classification of identified security vulnerabilities in software applications, and their automated triage based on machine learning. The disclosed system may generate a report listing detected potential vulnerability issues, and extract features from the report for each potential vulnerability issue. The system may receive policy data and business rules, and compare the extracted features relative to such data and rules. The system may determine a token based on the source code of a potential vulnerability issue, and a vector based on the extracted features of a potential vulnerability issue and based on the token. The system may select a machine learning modelling method and/or an automated triaging method based on the vector, and determine a vulnerability accuracy score based on the vector using the selected method.

Abstract: Systems and method of the present invention provide for one or more server computers configured to identify, within a database transaction log, a dynamic website content in a database and a command modifying the dynamic website content, write the dynamic website content and the command modifying the dynamic website content to a website repository as a delta, receive a request to reverse the command modifying the dynamic website content, identify, within the delta, the command modifying the dynamic website content, and generate and execute a database query configured to reverse the command modifying the dynamic website content.

Abstract: Systems and method of the present invention provide for one or more server computers configured to identify, within a database transaction log, a dynamic website content in a database and a command modifying the dynamic website content, write the dynamic website content and the command modifying the dynamic website content to a website repository as a delta, receive a request to reverse the command modifying the dynamic website content, identify, within the delta, the command modifying the dynamic website content, and generate and execute a database query configured to reverse the command modifying the dynamic website content.

Abstract: Systems and method of the present invention provide for one or more server computers configured to identify, within a database transaction log, a dynamic website content in a database and a command modifying the dynamic website content, write the dynamic website content and the command modifying the dynamic website content to a website repository as a delta, receive a request to reverse the command modifying the dynamic website content, identify, within the delta, the command modifying the dynamic website content, and generate and execute a database query configured to reverse the command modifying the dynamic website content.

Abstract: Systems and method of the present invention provide for one or more server computers configured to identify, within a database transaction log, a dynamic website content in a database and a command modifying the dynamic website content, write the dynamic website content and the command modifying the dynamic website content to a website repository as a delta, receive a request to reverse the command modifying the dynamic website content, identify, within the delta, the command modifying the dynamic website content, and generate and execute a database query configured to reverse the command modifying the dynamic website content.

Abstract: Systems and method of the present invention provide for one or more server computers configured to identify, within a database transaction log, a dynamic website content in a database and a command modifying the dynamic website content, write the dynamic website content and the command modifying the dynamic website content to a website repository as a delta, receive a request to reverse the command modifying the dynamic website content, identify, within the delta, the command modifying the dynamic website content, and generate and execute a database query configured to reverse the command modifying the dynamic website content.

Abstract: Systems and method of the present invention provide for one or more server computers configured to identify, within a database transaction log, a dynamic website content in a database and a command modifying the dynamic website content, write the dynamic website content and the command modifying the dynamic website content to a website repository as a delta, receive a request to reverse the command modifying the dynamic website content, identify, within the delta, the command modifying the dynamic website content, and generate and execute a database query configured to reverse the command modifying the dynamic website content.

Abstract: Systems and method of the present invention provide for one or more server computers configured to identify, within a database transaction log, a dynamic website content in a database and a command modifying the dynamic website content, write the dynamic website content and the command modifying the dynamic website content to a website repository as a delta, receive a request to reverse the command modifying the dynamic website content, identify, within the delta, the command modifying the dynamic website content, and generate and execute a database query configured to reverse the command modifying the dynamic website content.

Abstract: A system includes a server computer configured to host a plurality of web pages. A scanner is configured to scan the plurality of web pages to identify malicious links contained in the plurality of web pages. A proxy server is configured to filter the malicious links from content of the plurality of web pages served from the server computer to a user in response to a request from the user.

Abstract: A system and method for verifying content distributed by a distributed authority system over a communications network are presented. In step a) software content is requested from a distribution center communicatively coupled to the communications network, and in step b) a package is received from the distribution center. The package includes at least a manifest and the software content. In step c) at least one certificate is accessed to analyze the package to verify a chain of certificates associated with the package back to an intermediary root certificate, and in step d) at least one of the manifest and the software content is analyzed to verify the package as corresponding to the software content requested from the distribution center. In step e), if step c) or step d) fail to verify, processing of the software package is discontinued, otherwise access to the software content is permitted.

Abstract: A system and method for verifying content distributed by a distributed authority system over a communications network are presented. In step a) software content is requested from a distribution center communicatively coupled to the communications network, and in step b) a package is received from the distribution center. The package includes at least a manifest and the software content. In step c) at least one certificate is accessed to analyze the package to verify a chain of certificates associated with the package back to an intermediary root certificate, and in step d) at least one of the manifest and the software content is analyzed to verify the package as corresponding to the software content requested from the distribution center. In step e), if step c) or step d) fail to verify, processing of the software package is discontinued, otherwise access to the software content is permitted.

Abstract: One embodiment of a system of the present invention for discovering sensitive information on computer network includes means for discovering databases on a computer network, means for defining a pattern for a data discovery, means for discovering qualifying records by matching the pattern with field names and/or record values in the databases, means for sending electronic notification to a database administrator managing the qualifying database, means for receiving a selection choice from the database administrator managing the qualifying database identifying the status for the qualifying records.

Abstract: One embodiment of a method of the present invention for discovering sensitive information on computer network provides for discovering databases on a computer network, defining a pattern for a data discovery, discovering qualifying records by matching the pattern with field names and/or record values in the databases, sending electronic notification to a database administrator managing the qualifying database, receiving a selection choice from the database administrator managing the qualifying database identifying the status for the qualifying records.

Abstract: An exemplary system for detecting and preventing voice data leakage may comprise one or more servers running a packet payload converter module, a transcript generator module, and a detection logic module. The packet payload converter module may receive VoIP packets, convert them to a digital audio file, and write the digital audio file to a media database. The transcript generator module may read the digital audio file from the media database, convert it to a text file, and write the text file to a transcript database. The detection logic module may read the text file from the transcript database, parse it into a plurality of keywords, determine whether the plurality of keywords contain one or more target keyword, and, if so, transmit a report to an events database.

Abstract: One embodiment of a method of the present invention for discovering sensitive information on computer network provides for discovering databases on a computer network, defining a pattern for a data discovery, discovering qualifying records by matching the pattern with field names and/or record values in the databases, sending electronic notification to a database administrator managing the qualifying database, receiving a selection choice from the database administrator managing the qualifying database identifying the status for the qualifying records.

Abstract: One embodiment of a system of the present invention for discovering sensitive information on computer network includes means for discovering databases on a computer network, means for defining a pattern for a data discovery, means for discovering qualifying records by matching the pattern with field names and/or record values in the databases, means for sending electronic notification to a database administrator managing the qualifying database, means for receiving a selection choice from the database administrator managing the qualifying database identifying the status for the qualifying records.