Abstract: A system includes a database, a memory, and a processor. The database stores data associated with a known security threat. The memory includes a threat model associated with a software application. The processor identifies, based on natural language processing of the data associated with the known security threat, one or more attributes of software susceptible to the known security threat. The processor also identifies, based on natural language processing of the threat model, one or more attributes of the software application. The processor additionally determines, based on a comparison between the one or more attributes of software susceptible to the known security threat and the one or more attributes of the software application, that the software application is susceptible to the known security threat. In response, the processor updates the threat model to reflect the susceptibility of the software application to the known security threat.

Abstract: A system includes a memory and processor. The memory stores code segment vulnerability findings that were generated through static application security testing (SAST). The processor generates a code fingerprint for each code segment, which corresponds to an abstract syntax tree that has been augmented by data flow information and flattened. The processor applies a machine learning clustering algorithm to group the code fingerprints into clusters of fingerprints that share one or more features. The processor additionally determines that both the fingerprint corresponding to the first source code segment and the fingerprint corresponding to a second source code segment belong to the same cluster. In response, the processor transmits an alert to a device of an administrator, identifying the second code segment as vulnerable to a real vulnerability, where a vulnerability finding for the first code segment has been classified as the real vulnerability through external review.

Abstract: A system includes a memory and processor. The memory stores code segment vulnerability findings that were generated through static application security testing (SAST). For a first code segment, a first vulnerability finding has been classified as a real vulnerability, and a second vulnerability finding has been classified as a false positive by external review. The processor generates a code fingerprint for each code segment, which corresponds to an abstract syntax tree that has been augmented by data flow information and flattened. The processor determines that the fingerprint for the first code segment matches the fingerprint for a second code segment and that the vulnerability findings for the first code segment match those for the second. In response, the processor automatically classifies a matching first vulnerability finding for the second code segment as the real vulnerability, and a matching second vulnerability finding for the second code segment as the false positive.

Abstract: A system configured for identifying unpermitted data in source code receives a search query comprising particular keywords related to the unpermitted data. The system labels the source code with vulnerability factors and categories of those vulnerability factors, where the vulnerability factors indicate a security vulnerability and the categories provide information about the security vulnerability of the source code. The system performs a static analysis on the source code to identify instances of the particular keyword in a data flow and control flow of the source code. The system performs a vulnerability analysis on the source code to determine a vulnerability level of the source code, in which factor weights and category weights for each code portion of the source code are determined. The system calculates a weighted sum of the factor weights and category weights for each code portion, thereby detecting instances of unpermitted data in source code.

Abstract: A code repository stores source code. An insider threat detection system stores instructions for detecting code defects and criteria indicating predetermined types of code defects that, when present, are associated with intentional obfuscation of one or more functions of the source code. The insider threat detection system receives an entry of source code and detects, using the model, a set of code defects in the entry of source code. A defect type is determined for each code defect, thereby determining a set of defect types included in the entry of source code. If it is determined that each of the predetermined types of code defects indicated by the criteria is included in the determined set of defect types, the entry of source code is determined to include an insider threat.

Abstract: A resource management system receives a set of application priorities. The resource management system determines, based at least in part on the received set of application priorities, a resource allocation corresponding to a proposed distribution of the computing applications and the users amongst the computing devices of a computing infrastructure. The resource management system determines, using the resource allocation, a recommended device configuration for each of the computing devices. The resource management system automatically implements the determined resource allocation using the device configuration determined for each of the computing devices.

Abstract: A prioritization system includes a memory that stores an access record with, for each of the users, an indication of a previous usage of computing applications. The memory stores a permission record with, for each of the users, an indication of the computing applications that the user is permitted to access. The memory stores user affinities that include, for each of the users, an affinity score corresponding to a predetermined ability level of the user to engage in an activity associated with one or more of the computing applications. The prioritization system determines a priority score for each of the users. In response to receiving a request for a priority of a first user of the users, the prioritization system provides a response with the priority score determined for the first user of the users.

Abstract: A system includes a computing infrastructure and an application prioritization system. The computing infrastructure includes a plurality of computing devices configured to implement computing applications. The application prioritization system receives application data associated with the computing applications. A request is received for a priority of a first computing application of the computing applications compared to a second computing application of the computing applications. The application prioritization system determines, using a feedback-based machine learning model, a first priority of the first computing application and a second priority of the second computing application and an explanation of the first and second priorities. A response is provided with an indication of the larger of the first priority and second priority and the explanation.

Abstract: Systems, computer program products, and methods are described herein for dynamically performing linked security tests. The present invention may be configured to determine a fingerprint of an application, perform, in an order based on the fingerprint of the application, security test sequences on the application, parse responses of the application to the security test sequences to generate results of the security test sequences, and label, with the fingerprint, the results. The present invention may be further configured to provide, to one or more machine learning models, the labeled results to determine probabilities of applications having a same fingerprint as the fingerprint of the application failing the security test sequences, update, based on the probabilities of the applications failing the security test sequences, the order, and store, in a temporary persistent storage device and based on the updated order, the security test sequences.

Abstract: Systems, computer program products, and methods are described herein for dynamically generating linked security tests. The present invention may be configured to perform security tests on an application, generate, based on the results of the security tests, security test sequences that include at least one security test that the application failed, perform the security test sequences on the application, and, iteratively and until the application passes each security test sequence in an iteration, generate additional security test sequences. The present invention may be further configured to provide results of the security tests and security test sequences to one or more machine learning models to generate supplementary security test sequences and determine probabilities of the application failing the supplementary security test sequences.

Abstract: A system configured for identifying insider threats in source code conducts an automated analysis designed to identify instances of insider threats. The system performs a static analysis on results from the automated analysis to identify instances of keywords related to methods and targets of insider threats, external data being used, code layering is used to obfuscate a content. The system identifies points of correlations between instances found by performing the static analysis and assigns weight values to code portions based on the number of points of correlations found in the code portions. The system identifies code portions having weight values above a threshold value, thereby detecting instances of insider threats in source code.

Abstract: Email metadata, and in some embodiments other secondary data, is analyzed to identify users of interest defined as having knowledge or expertise in a subject matter. Specifically, a corpus of email metadata is analyzed to determine, at least, which subject matters are associated with users, which users received or transmitted subject matter-specific emails, the distribution groups to which users, and any other relevant email metadata. In additional embodiments, secondary data other than email metadata is also analyzed and used to identify the users of interest. The analyzed email metadate, and in some embodiments the secondary data, is used to render reputation indicator(s) for each user that indicate a level of knowledge/expertise that the user possesses on subject matter(s). A requester provides input criteria including the subject matter, and, in response, is presented a ranked user listing that is ranked based on the level of reputation indictor.

Abstract: A system configured for identifying insider threats in source code conducts an automated analysis designed to identify instances of insider threats. The system performs a static analysis on results from the automated analysis to identify instances of keywords related to methods and targets of insider threats, external data being used, code layering is used to obfuscate a content. The system identifies points of correlations between instances found by performing the static analysis and assigns weight values to code portions based on the number of points of correlations found in the code portions.

Abstract: A system configured for identifying unpermitted data in source code receives a search query comprising particular keywords related to the unpermitted data. The system labels the source code with vulnerability factors and categories of those vulnerability factors, where the vulnerability factors indicate a security vulnerability and the categories provide information about the security vulnerability of the source code. The system performs a static analysis on the source code to identify instances of the particular keyword in a data flow and control flow of the source code. The system performs a vulnerability analysis on the source code to determine a vulnerability level of the source code, in which factor weights and category weights for each code portion of the source code are determined. The system calculates a weighted sum of the factor weights and category weights for each code portion, thereby detecting instances of unpermitted data in source code.

Abstract: Enhancement of web browser extension analysis capabilities, such as security application analysis, is realized by encapsulating the extension with a wrapper function that defines entry and exits points within the source code of the extension. By wrapping the web browser extension in a function that defines entry and exit points, the present invention enables the use of commercial SAST tools/engines and any other application which desires to analyze the web browser extension and/or extract data therefrom. The web browser extension is programmatically analyzed to identify the entry and exit points and, in response, the wrapper function is generated that defines the entry and exits points and the web browser extension is encapsulated with the wrapper function.

Abstract: Systems, computer program products, and methods are described herein for testing an application with dynamically linked security tests. The present invention may be configured to perform, using a request engine, based on the first data, and based on test protocols stored in a first data structure, a first security test on an application. The present invention may be further configured to determine, based on determining that the application failed the first security test and based on a second data structure, whether the first security test is linked to one or more other security tests, where the second data structure includes security test sequences linking security tests and/or data to transmit from the first security test to the one or more other security tests, and provide, to the first queue, one or more other security tests to which the first security test is linked.

Abstract: Techniques for enforcing stratified aircraft security are presented. The techniques are performed using an aircraft-based authentication and authorization unit and a wireless transceiver, where the authentication and authorization unit includes an electronically stored machine learning classifier. The techniques include: receiving and verifying authentication data for an employee from a mobile access device; receiving employee data from the mobile access device, the employee data including at least information representing an access event of the employee with the aircraft; providing an input to the machine learning classifier, the input including at least aircraft data and the employee data; obtaining an output from the machine learning classifier, the output indicating a level of access authorized; and providing an alert in response to a level of access by the at least one employee for the access event exceeding the level of access authorized.

Abstract: Systems and methods are provided for authenticating aircraft communications using detected difference of on board electronics. One embodiment is a method that includes detecting a request for an exchange of data between an aircraft and an off-board system, and selecting a Line Replaceable Unit (LRU) of the aircraft based on at least one parameter of the request. The method also includes issuing a challenge to a Physically Unclonable Function (PUF) connected with at least one electronic component of the LRU, and obtaining a hardware signature based on a response of the at least one electronic component of the LRU to the challenge. The PUF derives the hardware signature from a unique physical property of the at least one electronic component. The method further includes validating the hardware signature to authenticate the request and initiate the exchange of data between the aircraft and the off-board system.

Abstract: Systems and methods are provided for authenticating aircraft communications using detected difference of on board electronics. One embodiment is a method that includes detecting a request for an exchange of data between an aircraft and an off-board system, and selecting a Line Replaceable Unit (LRU) of the aircraft based on at least one parameter of the request. The method also includes issuing a challenge to a Physically Unclonable Function (PUF) connected with at least one electronic component of the LRU, and obtaining a hardware signature based on a response of the at least one electronic component of the LRU to the challenge. The PUF derives the hardware signature from a unique physical property of the at least one electronic component. The method further includes validating the hardware signature to authenticate the request and initiate the exchange of data between the aircraft and the off-board system.

Abstract: Systems and methods are provided for authenticating aircraft communications using detected difference of on board electronics. One embodiment is a method that includes detecting a request for an exchange of data between an aircraft and an off-board system, and selecting a Line Replaceable Unit (LRU) of the aircraft based on at least one parameter of the request. The method also includes issuing a challenge to a Physically Unclonable Function (PUF) connected with at least one electronic component of the LRU, and obtaining a hardware signature based on a response of the at least one electronic component of the LRU to the challenge. The PUF derives the hardware signature from a unique physical property of the at least one electronic component. The method further includes validating the hardware signature to authenticate the request and initiate the exchange of data between the aircraft and the off-board system.