Abstract: Techniques are described for a model-based process to validate build integrity of software products. A build integrity validation system generates a build artifact model including one or more software components extracted from a build artifact resulting from a software build process of source code and generates a source code including one or more software components extracted from the source code. The system compares the software components of the build artifact model and the software components of the source code model, and identifies at least one discrepancy between the build artifact model and the source code model. The system determines a level of risk associated with the at least one discrepancy and, in response to determining the level of risk associated with the at the least one discrepancy, generates a decision indicating whether the at least one build artifact is approved for use in a software product.

Abstract: Techniques are described for improving real-time application protection (RTAP) systems (e.g., web application firewalls (WAFs), runtime application self-protection (RASP) systems). In particular, a device within a trusted network may configured to predict vulnerabilities of proposed configurations for the RTAP systems. For example, the device may train one or more machine learning models with a first plurality of configuration settings of application protection systems corresponding to a plurality of applications and a first plurality of known vulnerabilities corresponding the first plurality of configuration settings; apply the one or more machine learning models to a proposed configuration setting to predict one or more potential vulnerabilities of the proposed configuration setting; and identify one or more configuration changes to the proposed configuration setting to overcome the predicted one or more potential vulnerabilities.

Abstract: Techniques are described for improving real-time application protection (RTAP) systems (e.g., web application firewalls (WAFs), runtime application self-protection (RASP) systems). In particular, a device within a trusted network may be configured to monitor the RTAP systems. For example, the device may monitor network traffic to one or more application protection systems having one or more configuration settings; identify an attack in the network traffic that is blocked by a first application protection system having a first configuration setting; test the one or more configuration settings of the one or more application protection systems to determine whether each of the other application protection systems is configured to block the attack; in response to a determination being that at least one of the application protection systems is not configured to block the attack, generate an alert corresponding to an attack signature of the attack.

Abstract: A method for identifying security vulnerabilities in a third party software component includes generating a test application for the third party software component. The test application is generated such that every externally accessible data path in the third party component is called. The test application and the third party software component are analyzed using a static application security testing (SAST) code analyzer. One or more test results are obtained from the SAST code analyzer. The one or more test results are used to identify security vulnerabilities in the third party component.

Abstract: Techniques are described for improving real-time application protection (RTAP) systems (e.g., web application firewalls (WAFs), runtime application self-protection (RASP) systems). In particular, a device within a trusted network may monitor or test the configuration settings of the RTAP systems, network traffic into the RTAP systems, and/or log information from the RTAP systems. For example, the device may detect drift in a configuration for a particular RTAP system by comparing the configuration settings of the RTAP systems to baseline configuration settings and classifying any detected drift as good drift or bad drift. In some examples, the device may maintain the configuration settings or set the configuration settings as the baseline configuration settings when the configurations settings include good drift from the baseline configuration settings. In other examples, the device may set the configuration settings with the bad drift to the baseline configuration settings.

Abstract: A method for identifying security vulnerabilities in a third party software component includes generating a test application for the third party software component. The test application is generated such that every externally accessible data path in the third party component is called. The test application and the third party software component are analyzed using a static application security testing (SAST) code analyzer. One or more test results are obtained from the SAST code analyzer. The one or more test results are used to identify security vulnerabilities in the third party component.

Abstract: Techniques are described for improving real-time application protection (RTAP) systems (e.g., web application firewalls (WAFs), runtime application self-protection (RASP) systems). In particular, a device within a trusted network may monitor or test the configuration settings of the RTAP systems, network traffic into the RTAP systems, and/or log information from the RTAP systems. For example, the device may detect drift in a configuration for a particular RTAP system by comparing the configuration settings of the RTAP systems to baseline configuration settings and classifying any detected drift as good drift or bad drift. In some examples, the device may maintain the configuration settings or set the configuration settings as the baseline configuration settings when the configurations settings include good drift from the baseline configuration settings. In other examples, the device may set the configuration settings with the bad drift to the baseline configuration settings.

Abstract: Techniques are described for improving real-time application protection (RTAP) systems (e.g., web application firewalls (WAFs), runtime application self-protection (RASP) systems). In particular, a device within a trusted network may be configured to identify risks of the RTAP systems. For example, the device may compare a plurality of attack signatures, from configuration settings of an application protection system to a plurality of defects from a defect data store; determine that at least one configuration setting of the application protection system corresponding to an application does not include protections for at least one defect of the plurality of defects; and in response to determine that the at least one configuration setting of the application protection system does not include protections for the at least one defect, generate an alert corresponding to the at least one defect.

Abstract: A method for identifying security vulnerabilities in a third party software component includes generating a test application for the third party software component. The test application is generated such that every externally accessible data path in the third party component is called. The test application and the third party software component are analyzed using a static application security testing (SAST) code analyzer. One or more test results are obtained from the SAST code analyzer. The one or more test results are used to identify security vulnerabilities in the third party component.

Abstract: A method for identifying security vulnerabilities in a third party software component includes generating a test application for the third party software component. The test application is generated such that every externally accessible data path in the third party component is called. The test application and the third party software component are analyzed using a static application security testing (SAST) code analyzer. One or more test results are obtained from the SAST code analyzer. The one or more test results are used to identify security vulnerabilities in the third party component.