Abstract: The disclosed technology is generally directed to protection against XSS attacks. In one example of the technology, a framework that is associated with a web application is identified. Static code analysis of code that is associated with the web application is performed. Based on the static code analysis of the code, potential cross-site scripting attack vulnerabilities in the code are identified as follows. Encoding bypass functions of the framework in the code are identified. For each identified encoding bypass function of the framework in the code, whether the encoding bypass function has an input that originates from an unknown source and/or an untrusted source is identified. Responsive to identifying the input, information that is associated with the identified input is provided as an identified potential cross-site scripting attack vulnerability in the code.

Abstract: An automated tool analyzes source code repositories and web endpoints for unique characteristics that they both share in order to predict the likelihood that a particular source code repository contains source code files used in a web endpoint and to predict the likelihood that a web endpoint uses source code files of a particular repository. The unique characteristics are referred to as fingerprints and include unique combination of public-facing entities, unique tokens, and unique DOM characteristics.

Abstract: The techniques disclosed herein detect Cross-Site Request Forgery (CSRF) vulnerabilities in a web application. In some configurations, CSRF vulnerabilities are detected by analyzing the source code of the web application. Specifically, CSRF vulnerabilities are detected by determining if CSRF mitigation features of one or more frameworks are being used incorrectly or inconsistently. Some CSRF mitigation features provided by web frameworks inject capabilities into the web application, e.g. to automatically store an anti-forgery token in a cookie, copy the anti-forgery token from the cookie into an HTML, form or a request header, or determine whether form submissions or request headers include the same anti-forgery token as the cookie. CSRF vulnerabilities may be detected by analyzing the source code to identify when one of these features is omitted or used incorrectly end-to-end. CSRF vulnerabilities are also detected by identifying when CSRF mitigation features of multiple web frameworks are incompatible.

Abstract: Methods, systems, apparatuses, and computer-readable storage mediums are described for enabling runtime supply chain security of web applications and the discovery of active malware attacks. For example, a server is configured to receive CSP-based data from browsers executing on various clients. Such data may be received via a browser extension or via a proxy between the web applications and the browsers. Using the CSP-based data, the server generates a database of supply chain inventory. The database specifies resources that are loaded for a particular web application, along with a location from where such resources are loaded. The database further specifies a chain of dependencies between such resources. The database is analyzed to determine whether any such resources have been compromised with malware or whether clients on which such resource have been loaded have been compromised with malware. Responsive to determining such cases, actions(s) may be performed to mitigate the malware.

Abstract: An automated tool analyzes source code repositories and web endpoints for unique characteristics that they both share in order to predict the likelihood that a particular source code repository contains source code files used in a web endpoint and to predict the likelihood that a web endpoint uses source code files of a particular repository. The unique characteristics are referred to as fingerprints and include unique combination of public-facing entities, unique tokens, and unique DOM characteristics.

Abstract: A system for modifying configuration settings of a network device from a mobile phone is provided. The system includes a mobile phone configured to communicate over a local area network, and a network device coupled to the local area network. The mobile phone is configured to access a configuration menu of the network device.

Abstract: A method for routing packets from a mobile network is provided. The method includes routing at a router, packets of a first type through a first internet access service over a satellite link. The router also routes packets of a second type through a second internet access service over the satellite link.