Abstract: Systems, methods, and computer media for securing software applications are provided herein. By recording path data representing interactions between an application and other components, it can be determined what data an attacker has received by the time malicious activity is detected. During a session with an application, queries made to a dataset by the application can be recorded. After the session is found to be malicious, the session is transferred to a cloned application session in which access to the dataset is blocked. Based on the recorded queries, an alternative dataset for queries made in the cloned application session is generated that includes a subset of the original dataset, thus limiting future queries of the attacker in the cloned application session to data already received before the malicious activity was detected.

Abstract: Systems, methods, and computer media for securing data accessible through software applications are provided herein. By capturing path data such as returned results for a query and displayed results provided by an application (e.g., to or by a web browser) for an operation, it can be determined if the query returned more data than was needed for what was displayed. The query can be refined to limit the data returned and reduce the security risk of such over-provisioning of data.

Abstract: Systems, methods, and computer media for securing data accessible through software applications are provided herein. By capturing path data such as returned results for a query and displayed results provided by an application (e.g., to or by a web browser) for an operation, it can be determined if the query returned more data than was needed for what was displayed. The query can be refined to limit the data returned and reduce the security risk of such over-provisioning of data.

Abstract: Systems, methods, and computer media for securing software applications are provided herein. By recording path data representing interactions between an application and other components, it can be determined what data an attacker has received by the time malicious activity is detected. During a session with an application, queries made to a dataset by the application can be recorded. After the session is found to be malicious, the session is transferred to a cloned application session in which access to the dataset is blocked. Based on the recorded queries, an alternative dataset for queries made in the cloned application session is generated that includes a subset of the original dataset, thus limiting future queries of the attacker in the cloned application session to data already received before the malicious activity was detected.