Abstract: A method includes processing computer readable code as the computer readable code is being written in a development environment to identify at least one error in the computer readable code. The method also includes searching a database for user profile information indicative of a training sequence performed by a user and a competence level assigned to the user. The competence level is based on a quantity of tasks included in the training sequence performed by the user free from error. The method also includes causing a graphical user interface to be displayed. The graphical user interface includes a concurrent display of the computer readable code having the at least one error, a preview of the computer readable code free from having the at least one error, and a remediation suggestion to correct the at least one error in the computer readable code based on the competence level.

Abstract: A method includes processing computer readable code viewable by way of a user interface to determine whether the computer readable code is in compliance with one or more guidelines. The one or more guidelines include at least one rule and one or more of a hint to correct the computer readable code based on a determination that the computer readable code is non-compliant, one or more compliance levels based on a degree or risk of non-compliance, a category of the at least one rule, a remediation to correct the computer readable code based on the determination that the computer readable code is non-compliant, or a message indicative of a training sequence associated with the at least one rule. The method also includes causing the at least one of the hint, the one or more compliance levels, the remediation or the message to be displayed by way of the user interface.

Abstract: A method includes processing computer readable rule code to generate one or more guidelines, the computer readable rule code being viewable by way of a user interface. The one or more guidelines include at least one rule and one or more of a hint to correct computer readable application code if the computer readable application code is non-compliant, one or more compliance levels, a category of the at least one rule, a remediation to correct the computer readable application code, or a message indicative of a training sequence associated with the at least one rule. The method also includes causing the at least one of the hint, the one or more compliance levels, the remediation or the message to be displayed by way of the user interface and updated based on one or more changes made to the computer readable rule code.

Abstract: A method includes processing computer readable code as the computer readable code is being written in a development environment to identify at least one error in the computer readable code. The method also includes searching a database for user profile information indicative of a training sequence performed by a user and a competence level assigned to the user. The competence level is based on a quantity of tasks included in the training sequence performed by the user free from error. The method also includes causing a graphical user interface to be displayed. The graphical user interface includes a concurrent display of the computer readable code having the at least one error, a preview of the computer readable code free from having the at least one error, and a remediation suggestion to correct the at least one error in the computer readable code based on the competence level.

Abstract: A method includes identifying an error in computer readable code and identifying a user profile associated with a development environment used to generate the computer readable code. The method also includes searching a database for user profile information indicative of a training sequence performed by a user associated with the user profile. The method further includes identifying a type of the error identified in the computer readable code and comparing the type of the error with one or more properties associated with the training sequence. The method additionally includes calculating a severity of the error based on the comparison with the one or more properties associated with the training sequence, and assigning a competence level to the user associated with the user profile based on the calculated severity. The method further includes generating a remediation suggestion to correct the error in the computer readable code based on the competence level.

Abstract: Information stored in a Hypertext Transfer Protocol (HTTP) session is monitored. Based on the monitoring, authentication information in the information stored in the HTTP session is identified.

Abstract: A method includes identifying an error in computer readable code and identifying a user profile associated with a development environment used to generate the computer readable code. The method also includes searching a database for user profile information indicative of a training sequence performed by a user associated with the user profile. The method further includes identifying a type of the error identified in the computer readable code and comparing the type of the error with one or more properties associated with the training sequence. The method additionally includes calculating a severity of the error based on the comparison with the one or more properties associated with the training sequence, and assigning a competence level to the user associated with the user profile based on the calculated severity. The method further includes generating a remediation suggestion to correct the error in the computer readable code based on the competence level.

Abstract: A non-transitory processor-readable medium stores code that represents instructions that, when executed at a processor, cause the processor to access an attack description; intercept a data set from an application via an application programming interface (API), where the intercepted data set is based on an attack data set and where the attack data set is used to test for a security vulnerability in the application; correlate, using a Hamming distance, the intercepted data set with the attack description using a correlation type identifier; and report the security vulnerability for the application in response to the intercepted data set based at least in part on a result of the correlation.

Abstract: Example embodiments disclosed herein relate to determining whether a protective measure meeting criteria has been performed on data. Execution of an application under test (AUT) is monitored. A message that a field of the AUT should be considered sensitive is received. Data is determined to be entered into the field. The data is monitored during execution of the AUT to determine whether the protective measure that meets the criteria has been performed on the data.

Abstract: Example embodiments disclosed herein relate to generating a point-wise protection based on dynamic security analysis. Vulnerability solution recommendation are provided based on the dynamic security analysis. A point-wise protection is generated based on a selection of the vulnerability solution recommendation.

Abstract: Example embodiments disclosed herein relate to determining a secure activity of an application under test (AUT). Execution of an application under test is monitored. During an attack vector, an application programming interface associated with a secure activity is determined. A message is sent to a security test that secure activity occurred.

Abstract: Example embodiments disclosed herein relate to an approach for installing a runtime agent during a security test. A security test is initiated or performed on an application under test executing on a server. An application vulnerability associated with the application under test is determined. The application vulnerability is exploited to install the runtime agent on the server. The security test is continued using the runtime agent to receive additional information about the application under test.

Abstract: Example embodiments disclosed herein relate to determining permissible activity in an application. Application programming interfaces (APIs) of an application are monitored using a runtime agent. Information about the APIs is provided to a rules engine. A set of rules describing permissible activity is received from the rules engine.

Abstract: Example embodiments disclosed herein relate to a security test. A crawl of an application under test (AUT) is performed to determine an attack surface using crawl sessions. One or more parameters of the attack surface are probed during the respective crawl sessions. A trace is requested from an observer for the probe of the one or more parameters. Attack suggestions are received from the observer based on the trace of the one or more parameters.

Abstract: Example embodiments disclosed herein relate to actively modify execution at runtime of an application under test (AUT). The AUT is executed using a real-time modifier. A security test is performed on the AUT. Execution of the AUT is modified at a decision point.

Abstract: Example embodiments disclosed herein relate to modifying execution of an application under test to act as if a user is a power user. The application under test is hosted in a real-time modifier. A security crawl is performed on the application under test logged in as the user. The user is treated as a power user.

Abstract: Example embodiments disclosed herein relate to determining whether a protective measure meeting criteria has been performed on data. Execution of an application under test (AUT) is monitored. A message that a field of the AUT should be considered sensitive is received. Data is determined to be entered into the field. The data is monitored during execution of the AUT to determine whether the protective measure that meets the criteria has been performed on the data.

Abstract: Example embodiments disclosed herein relate to determining a secure activity of an application under test (AUT). Execution of an application under test is monitored. During an attack vector, an application programming interface associated with a secure activity is determined. A message is sent to a security test that secure activity occurred.

Abstract: Example embodiments disclosed herein relate to determining permissible activity in an application. Application programming interfaces (APIs) of an application are monitored using a runtime agent. Information about the APIs is provided to a rules engine. A set of rules describing permissible activity is received from the rules engine.

Abstract: Example embodiments disclosed herein relate to generating a point-wise protection based on dynamic security analysis. Vulnerability solution recommendation are provided based on the dynamic security analysis. A point-wise protection is generated based on a selection of the vulnerability solution recommendation.