Abstract: Flaws in dependencies of deployed applications are identified. In one embodiment, a list of dependencies used by a deployed application that is deployed on the deployment platform is obtained. Each dependency of the list of dependencies is mapped with a flaws database, wherein the flaws database comprising an indication of known flaws for different dependencies and different versions thereof. Based on such mapping, one or more flaws in the deployed application are determined. The determination is performed externally to the deployment platform and without executing a monitoring process thereon.

Abstract: Described herein are methods, apparatus and systems for selectively delivering content through one of two communication channels, one being origin to client and the other being from or through a CDN to client. Thus a client may choose to request content from a CDN and/or from an origin server. This disclosure sets forth techniques for, among other things, distinguishing between which channel to use for a given object, using the CDN-client channel to obtain the performance benefit of doing so, and reverting to the origin-client channel where content may be private, sensitive, corrupted, or otherwise considered to be unsuitable from delivery from and/or through the CDN.

Abstract: Described herein are methods, apparatus and systems for selectively delivering content through one of two communication channels, one being origin to client and the other being from or through a CDN to client. Thus a client may choose to request content from a CDN and/or from an origin server. This disclosure sets forth techniques for, among other things, distinguishing between which channel to use for a given object, using the CDN-client channel to obtain the performance benefit of doing so, and reverting to the origin-client channel where content may be private, sensitive, corrupted, or otherwise considered to be unsuitable from delivery from and/or through the CDN.

Abstract: Stream-based data deduplication is provided in a multi-tenant shared infrastructure but without requiring “paired” endpoints having synchronized data dictionaries. Data objects processed by the dedupe functionality are treated as objects that can be fetched as needed. As such, a decoding peer does not need to maintain a symmetric library for the origin. Rather, if the peer does not have the chunks in cache that it needs, it follows a conventional content delivery network procedure to retrieve them. In this way, if dictionaries between pairs of sending and receiving peers are out-of-sync, relevant sections are then re-synchronized on-demand. The approach does not require that libraries maintained at a particular pair of sender and receiving peers are the same. Rather, the technique enables a peer, in effect, to “backfill” its dictionary on-the-fly. On-the-wire compression techniques are provided to reduce the amount of data transmitted between the peers.

Abstract: Described herein are methods, apparatus and systems for selectively delivering content through one of two communication channels, one being origin to client and the other being from or through a CDN to client. Thus a client may choose to request content from a CDN and/or from an origin server. This disclosure sets forth techniques for, among other things, distinguishing between which channel to use for a given object, using the CDN-client channel to obtain the performance benefit of doing so, and reverting to the origin-client channel where content may be private, sensitive, corrupted, or otherwise considered to be unsuitable from delivery from and/or through the CDN.

Abstract: Stream-based data deduplication is provided in a multi-tenant shared infrastructure but without requiring “paired” endpoints having synchronized data dictionaries. Data objects processed by the dedupe functionality are treated as objects that can be fetched as needed. As such, a decoding peer does not need to maintain a symmetric library for the origin. Rather, if the peer does not have the chunks in cache that it needs, it follows a conventional content delivery network procedure to retrieve them. In this way, if dictionaries between pairs of sending and receiving peers are out-of-sync, relevant sections are then re-synchronized on-demand. The approach does not require that libraries maintained at a particular pair of sender and receiving peers are the same. Rather, the technique enables a peer, in effect, to “backfill” its dictionary on-the-fly. On-the-wire compression techniques are provided to reduce the amount of data transmitted between the peers.

Abstract: Flaws in dependencies of deployed applications are identified. In one embodiment, a list of dependencies used by a deployed application that is deployed on the deployment platform is obtained. Each dependency of the list of dependencies is mapped with a flaws database, wherein the flaws database comprising an indication of known flaws for different dependencies and different versions thereof. Based on such mapping, one or more flaws in the deployed application are determined. The determination is performed externally to the deployment platform and without executing a monitoring process thereon.

Abstract: A system and method for static detection and categorization of information-flow downgraders includes transforming a program stored in a memory device by statically analyzing program variables to yield a single assignment to each variable in an instruction set. The instruction set is translated to production rules with string operations. A context-free grammar is generated from the production rules to identify a finite set of strings. An information-flow downgrader function is identified by checking the finite set of strings against one or more function specifications.

Abstract: Flaws in dependencies of deployed applications are identified. In one embodiment, a list of dependencies used by a deployed application that is deployed on the deployment platform is obtained. Each dependency of the list of dependencies is mapped with a flaws database, wherein the flaws database comprising an indication of known flaws for different dependencies and different versions thereof. Based on such mapping, one or more flaws in the deployed application are determined. The determination is performed externally to the deployment platform and without executing a monitoring process thereon.

Abstract: An apparatus for two-tier deep analysis of hypertext transport protocol data, monitors Web traffic, receives a packet of Web traffic from a network to form a received packet, wherein the received packet represents Web traffic, and stores the Web traffic temporarily to form stored Web traffic. The apparatus further determines whether the Web traffic is suspicious using a first tier analysis and responsive to a determination that the Web traffic is suspicious, consumes the stored Web traffic using a deep analysis module. The apparatus further determines whether the stored Web traffic is a case of misuse using a second tier analysis and responsive to a determination that the stored Web traffic is a case of misuse, feeding back data about a malicious connection to an intrusion protection system before returning to monitor the Web traffic.

Abstract: A computer-implemented process for two-tier deep analysis of hypertext transport protocol data, monitors Web traffic, receives a packet of Web traffic from a network to form a received packet, wherein the received packet represents Web traffic, and stores the Web traffic temporarily to form stored Web traffic. The computer-implemented process further determines whether the Web traffic is suspicious using a first tier analysis and responsive to a determination that the Web traffic is suspicious, consumes the stored Web traffic using a deep analysis module. The computer-implemented process further determines whether the stored Web traffic is a case of misuse using a second tier analysis and responsive to a determination that the stored Web traffic is a case of misuse, feeding back data about a malicious connection to an intrusion protection system before returning to monitor the Web traffic.

Abstract: Stream-based data deduplication is provided in a multi-tenant shared infrastructure but without requiring “paired” endpoints having synchronized data dictionaries. Data objects processed by the dedupe functionality are treated as objects that can be fetched as needed. As such, a decoding peer does not need to maintain a symmetric library for the origin. Rather, if the peer does not have the chunks in cache that it needs, it follows a conventional content delivery network procedure to retrieve them. In this way, if dictionaries between pairs of sending and receiving peers are out-of-sync, relevant sections are then re-synchronized on-demand. The approach does not require that libraries maintained at a particular pair of sender and receiving peers are the same. Rather, the technique enables a peer, in effect, to “backfill” its dictionary on-the-fly. On-the-wire compression techniques are provided to reduce the amount of data transmitted between the peers.

Abstract: Described herein are systems, method and devices for modifying web pages to enhance their performance. In certain non-limiting embodiments, improved resource consolidation techniques are described, which are sometimes referred to herein as ‘progressive’ consolidation. Such techniques can be used to consolidate page resources in a way that allows a client browser or other application to process each of the consolidated resources after it arrives, even if all the client has not fully retrieved all of the consolidated resources yet. The teachings hereof can be used, for example, to modify a markup language document (HTML) to consolidate CSS, JavaScript, images, or other resources referenced therein.

Abstract: Stream-based data deduplication is provided in a multi-tenant shared infrastructure but without requiring “paired” endpoints having synchronized data dictionaries. Data objects processed by the dedupe functionality are treated as objects that can be fetched as needed. As such, a decoding peer does not need to maintain a symmetric library for the origin. Rather, if the peer does not have the chunks in cache that it needs, it follows a conventional content delivery network procedure to retrieve them. In this way, if dictionaries between pairs of sending and receiving peers are out-of-sync, relevant sections are then re-synchronized on-demand. The approach does not require that libraries maintained at a particular pair of sender and receiving peers are the same. Rather, the technique enables a peer, in effect, to “backfill” its dictionary on-the-fly. On-the-wire compression techniques are provided to reduce the amount of data transmitted between the peers.

Abstract: Front-end optimization (FEO) configuration information is leveraged to identify “key” resources required to load other pages on a site, and to automatically cause key resources to be prefetched to a server, and to the browser. In this approach, an FEO analyzer uses knowledge of configured optimization templates to determine the key resources required to load pages for each template. The key resources for pages belonging to other optimization templates are then selectively prefetched by other pages. In a preferred approach, the FEO analyzer provides an edge server cache process a list of key resources and instructions to prefetch the key resources, as well as instructions to rewrite the HTML of the page to include instructions for the browser to prefetech the key resources. On the client, key resources are prefetched if missing from a cache on the browser. Key resources preferably are stored in the browser's HTML5 local storage cache.

Abstract: A method and system for modifying web pages, including dynamic web pages, based on automated analysis wherein web pages are transformed based on transformation instructions in nearly real-time, and wherein analysis is performed and transformation instructions based on the analysis are prepared prior to a request for the web page. The system has two primary components, an analyzer which asynchronously and repeatedly analyzes web pages creating and updating transformation instructions relating to the web pages, and a transformer which intercepts traffic to a web server in response to a request for the web page, receives the returned web pages, and transforms them based on stored transformation instructions.

Abstract: Front-end optimization (FEO) configuration information is leveraged to identify “key” resources required to load other pages on a site, and to automatically cause key resources to be prefetched to a server, and to the browser. In this approach, an FEO analyzer uses knowledge of configured optimization templates to determine the key resources required to load pages for each template. The key resources for pages belonging to other optimization templates are then selectively prefetched by other pages. In a preferred approach, the FEO analyzer provides an edge server cache process a list of key resources and instructions to prefetch the key resources, as well as instructions to rewrite the HTML of the page to include instructions for the browser to prefetech the key resources. On the client, key resources are prefetched if missing from a cache on the browser. Key resources preferably are stored in the browser's HTML5 local storage cache.

Abstract: Flaws in dependencies of deployed applications are identified. In one embodiment, a list of dependencies used by a deployed application that is deployed on the deployment platform is obtained. Each dependency of the list of dependencies is mapped with a flaws database, wherein the flaws database comprising an indication of known flaws for different dependencies and different versions thereof. Based on such mapping, one or more flaws in the deployed application are determined. The determination is performed externally to the deployment platform and without executing a monitoring process thereon.

Abstract: Described herein are methods, apparatus and systems for selectively delivering content through one of two communication channels, one being origin to client and the other being from or through a CDN to client. Thus a client may choose to request content from a CDN and/or from an origin server. This disclosure sets forth techniques for, among other things, distinguishing between which channel to use for a given object, using the CDN-client channel to obtain the performance benefit of doing so, and reverting to the origin-client channel where content may be private, sensitive, corrupted, or otherwise considered to be unsuitable from delivery from and/or through the CDN.

Abstract: Front-end optimization (FEO) configuration information is leveraged to identify “key” resources required to load other pages on a site, and to automatically cause key resources to be prefetched to a server, and to the browser. In this approach, an FEO analyzer uses knowledge of configured optimization templates to determine the key resources required to load pages for each template. The key resources for pages belonging to other optimization templates are then selectively prefetched by other pages. In a preferred approach, the FEO analyzer provides an edge server cache process a list of key resources and instructions to prefetch the key resources, as well as instructions to rewrite the HTML of the page to include instructions for the browser to prefetech the key resources. On the client, key resources are prefetched if missing from a cache on the browser. Key resources preferably are stored in the browser's HTML5 local storage cache.