Abstract: A system includes a memory and processor. The memory stores code segment vulnerability findings that were generated through static application security testing (SAST). For a first code segment, a first vulnerability finding has been classified as a real vulnerability, and a second vulnerability finding has been classified as a false positive by external review. The processor generates a code fingerprint for each code segment, which corresponds to an abstract syntax tree that has been augmented by data flow information and flattened. The processor determines that the fingerprint for the first code segment matches the fingerprint for a second code segment and that the vulnerability findings for the first code segment match those for the second. In response, the processor automatically classifies a matching first vulnerability finding for the second code segment as the real vulnerability, and a matching second vulnerability finding for the second code segment as the false positive.

Abstract: A system includes a computing infrastructure and an application prioritization system. The computing infrastructure includes a plurality of computing devices configured to implement computing applications. The application prioritization system receives application data associated with the computing applications. A request is received for a priority of a first computing application of the computing applications compared to a second computing application of the computing applications. The application prioritization system determines, using a feedback-based machine learning model, a first priority of the first computing application and a second priority of the second computing application and an explanation of the first and second priorities. A response is provided with an indication of the larger of the first priority and second priority.

Abstract: A code repository stores source code. An insider threat detection system stores instructions for detecting code defects and criteria indicating predetermined types of code defects that, when present, are associated with intentional obfuscation of one or more functions of the source code. The insider threat detection system receives an entry of source code and detects, using the model, a set of code defects in the entry of source code. A defect type is determined for each code defect, thereby determining a set of defect types included in the entry of source code. If it is determined that each of the predetermined types of code defects indicated by the criteria is included in the determined set of defect types, the entry of source code is determined to include an insider threat.

Abstract: A system includes a computing infrastructure and an application prioritization system. The computing infrastructure includes a plurality of computing devices configured to implement computing applications. The application prioritization system receives application data associated with the computing applications. A request is received for a priority of a first computing application of the computing applications compared to a second computing application of the computing applications. The application prioritization system determines, using a feedback-based machine learning model, a first priority of the first computing application and a second priority of the second computing application and an explanation of the first and second priorities. A response is provided with an indication of the larger of the first priority and second priority and the explanation.

Abstract: Systems, computer program products, and methods are described herein for analyzing micro-anomalies in anonymized electronic data. The present disclosure is configured to import or retrieve a first data set, process the first data set to develop at least one event-outcome projection, define an outcome projection data set, import or receive a monitored user data set, anonymize the monitored user data set, define an avatar data set process the avatar data set, wherein the steps of import or receive a monitored user data set, anonymize the monitored user data set, and define an avatar data set are repeated one or more times.

Abstract: A code repository stores source code. An insider threat detection system stores instructions for detecting code defects and criteria indicating predetermined types of code defects that, when present, are associated with intentional obfuscation of one or more functions of the source code. The insider threat detection system receives an entry of source code and detects, using the model, a set of code defects in the entry of source code. A defect type is determined for each code defect, thereby determining a set of defect types included in the entry of source code. If it is determined that each of the predetermined types of code defects indicated by the criteria is included in the determined set of defect types, the entry of source code is determined to include an insider threat.

Abstract: A system includes a database, a memory, and a processor. The database stores data associated with a known security threat. The memory includes a threat model associated with a software application. The processor identifies, based on natural language processing of the data associated with the known security threat, one or more attributes of software susceptible to the known security threat. The processor also identifies, based on natural language processing of the threat model, one or more attributes of the software application. The processor additionally determines, based on a comparison between the one or more attributes of software susceptible to the known security threat and the one or more attributes of the software application, that the software application is susceptible to the known security threat. In response, the processor updates the threat model to reflect the susceptibility of the software application to the known security threat.

Abstract: Systems, computer program products, and methods are described herein for dynamically generating linked security tests. The present invention may be configured to perform security tests on an application, generate, based on the results of the security tests, security test sequences that include at least one security test that the application failed, perform the security test sequences on the application, and, iteratively and until the application passes each security test sequence in an iteration, generate additional security test sequences. The present invention may be further configured to provide results of the security tests and security test sequences to one or more machine learning models to generate supplementary security test sequences and determine probabilities of the application failing the supplementary security test sequences.

Abstract: Systems, computer program products, and methods are described herein for code revision impact analysis. The present disclosure is configured to generate a system map based on data received from a plurality of network devices; receive a data transmission including a text file; process the text file via a natural language processing engine, where an output of the natural language processing engine comprises a plurality of expected updates; determine, based on the system map, at least one downstream effect of the plurality of expected updates; and perform a remedial action.

Abstract: Systems, computer program products, and methods are described herein for automated detection of source code discrepancies. The present disclosure is configured to receive a data transmission including a text file and a source code file; process the source code file via a machine learning engine, where an output of the machine learning engine includes a plurality of identified updates; process the text file via a natural language processing engine, where an output of the natural language processing engine includes a plurality of expected updates; identify a difference between the plurality of identified updates and the plurality of expected updates; and perform a remedial action.

Abstract: A resource management system receives a set of application priorities. The resource management system determines, based at least in part on the received set of application priorities, a resource allocation corresponding to a proposed distribution of the computing applications and the users amongst the computing devices of a computing infrastructure. The resource management system determines, using the resource allocation, a recommended device configuration for each of the computing devices. The resource management system automatically implements the determined resource allocation using the device configuration determined for each of the computing devices.

Abstract: A prioritization system includes a memory that stores an access record with, for each of the users, an indication of a previous usage of computing applications. The memory stores a permission record with, for each of the users, an indication of the computing applications that the user is permitted to access. The memory stores user affinities that include, for each of the users, an affinity score corresponding to a predetermined ability level of the user to engage in an activity associated with one or more of the computing applications. The prioritization system determines a priority score for each of the users. In response to receiving a request for a priority of a first user of the users, the prioritization system provides a response with the priority score determined for the first user of the users.

Abstract: Systems, computer program products, and methods are described herein for analyzing micro-anomalies in anonymized electronic data. The present disclosure is configured to import or retrieve a first data set, process the first data set to develop at least one event-outcome projection, define an outcome projection data set, import or receive a monitored user data set, anonymize the monitored user data set, define an avatar data set process the avatar data set, wherein the steps of import or receive a monitored user data set, anonymize the monitored user data set, and define an avatar data set are repeated one or more times.

Abstract: A system includes a memory and processor. The memory stores code segment vulnerability findings that were generated through static application security testing (SAST). For a first code segment, a first vulnerability finding has been classified as a real vulnerability, and a second vulnerability finding has been classified as a false positive by external review. The processor generates a code fingerprint for each code segment, which corresponds to an abstract syntax tree that has been augmented by data flow information and flattened. The processor determines that the fingerprint for the first code segment matches the fingerprint for a second code segment and that the vulnerability findings for the first code segment match those for the second. In response, the processor automatically classifies a matching first vulnerability finding for the second code segment as the real vulnerability, and a matching second vulnerability finding for the second code segment as the false positive.

Abstract: A system includes a memory and processor. The memory stores code segment vulnerability findings that were generated through static application security testing (SAST). The processor generates a code fingerprint for each code segment, which corresponds to an abstract syntax tree that has been augmented by data flow information and flattened. The processor applies a machine learning clustering algorithm to group the code fingerprints into clusters of fingerprints that share one or more features. The processor additionally determines that both the fingerprint corresponding to the first source code segment and the fingerprint corresponding to a second source code segment belong to the same cluster. In response, the processor transmits an alert to a device of an administrator, identifying the second code segment as vulnerable to a real vulnerability, where a vulnerability finding for the first code segment has been classified as the real vulnerability through external review.

Abstract: A system includes a memory and processor. The memory stores code segment vulnerability findings that were generated through static application security testing (SAST). For a first code segment, a first vulnerability finding has been classified as a real vulnerability, and a second vulnerability finding has been classified as a false positive by external review. The processor generates a code fingerprint for each code segment, which corresponds to an abstract syntax tree that has been augmented by data flow information and flattened. The processor determines that the fingerprint for the first code segment matches the fingerprint for a second code segment and that the vulnerability findings for the first code segment match those for the second. In response, the processor automatically classifies a matching first vulnerability finding for the second code segment as the real vulnerability, and a matching second vulnerability finding for the second code segment as the false positive.

Abstract: Systems, computer program products, and methods are described herein for dynamically generating linked security tests. The present invention may be configured to perform security tests on an application, generate, based on the results of the security tests, security test sequences that include at least one security test that the application failed, perform the security test sequences on the application, and, iteratively and until the application passes each security test sequence in an iteration, generate additional security test sequences. The present invention may be further configured to provide results of the security tests and security test sequences to one or more machine learning models to generate supplementary security test sequences and determine probabilities of the application failing the supplementary security test sequences.

Abstract: Systems, computer program products, and methods are described herein for dynamically generating linked security tests. The present invention may be configured to perform security tests on an application, generate, based on the results of the security tests, security test sequences that include at least one security test that the application failed, perform the security test sequences on the application, and, iteratively and until the application passes each security test sequence in an iteration, generate additional security test sequences. The present invention may be further configured to provide results of the security tests and security test sequences to one or more machine learning models to generate supplementary security test sequences and determine probabilities of the application failing the supplementary security test sequences.

Abstract: Enhancement of web browser extension analysis capabilities, such as security application analysis, is realized by encapsulating the extension with a wrapper function that defines entry and exits points within the source code of the extension. By wrapping the web browser extension in a function that defines entry and exit points, the present invention enables the use of commercial SAST tools/engines and any other application which desires to analyze the web browser extension and/or extract data therefrom. The web browser extension is programmatically analyzed to identify the entry and exit points and, in response, the wrapper function is generated that defines the entry and exits points and the web browser extension is encapsulated with the wrapper function.

Abstract: A system includes a database, a memory, and a processor. The database stores data associated with a known security threat. The memory includes a threat model associated with a software application. The processor identifies, based on natural language processing of the data associated with the known security threat, one or more attributes of software susceptible to the known security threat. The processor also identifies, based on natural language processing of the threat model, one or more attributes of the software application. The processor additionally determines, based on a comparison between the one or more attributes of software susceptible to the known security threat and the one or more attributes of the software application, that the software application is susceptible to the known security threat. In response, the processor updates the threat model to reflect the susceptibility of the software application to the known security threat.