Abstract: A computer system may identify a cryptographic application programming interface (API) call for a program. The cryptographic API call may include a first variable. The computer system may determine that the first variable is a static value. The computer system may tag the first variable. The computer system may determine that the cryptographic API call will be executed. The computer system may replace the first variable with a second variable during execution of the program. The computer system may execute the cryptographic API call with the second variable.

Abstract: An approach is provided that automatically classify network traffic of web applications and services based on a dynamic analysis. The approach scans a resource that corresponds to a named network application and receives, as a result of the scan, network resource identifiers that are accessed by the named network application. Network traffic between users and network resources is monitored, with the monitoring resulting in a set of visited network resource identifiers. The set of resource identifiers is found by matching the visited network resource identifiers with the network resource identifiers returned by the scan. Each of the set of resource identifiers is then matched with the named application.

Abstract: An approach is provided that automatically classify network traffic of web applications and services based on a dynamic analysis. The approach scans a resource that corresponds to a named network application and receives, as a result of the scan, network resource identifiers that are accessed by the named network application. Network traffic between users and network resources is monitored, with the monitoring resulting in a set of visited network resource identifiers. The set of resource identifiers is found by matching the visited network resource identifiers with the network resource identifiers returned by the scan. Each of the set of resource identifiers is then matched with the named application.

Abstract: An illustrative embodiment of a computer-implemented process for identifying a request invalidating a session excludes all marked logout requests of a Web application, crawls an identified next portion of the Web application and responsive to a determination, in one instance, that the state of the crawl is out of session, logs in to the Web application. The computer-implemented process further selects all crawl requests sent since a last time the crawl was in-session, excluding all marked logout requests and responsive to a determination that requests remain, crawls a selected next unprocessed request. Responsive to a determination, in the next instance, that state of the crawl is out of session and the selected request meets logout request criteria, the computer-implemented process marks the selected request as a logout request.

Abstract: Identifying sequential browsing operations includes receiving session data associated with a plurality of sessions, creating a reduced page for each page in a series of pages associated with a first session in the plurality of sessions, and creating a hash value associated with each reduced page for each page in the series of pages associated with the first session of the plurality of sessions. Responsive to a determination that the hash value of the first session is equivalent to the hash value of the second session, an associated page is identified as an equivalent page and the equivalent pages are merged to create a common sequence without a need to resend requests associated with the session data to a server.

Abstract: A configuration for a security analysis tool is received from a user. The configuration includes two or more configuration items. Each configuration item is a parameter in the configuration of the security analysis tool that has a plurality of possible values. A correlation between the two or more configuration items is determined. The correlation is based on one or more pre-determined empirical correlations.

Abstract: A configuration for a security analysis tool is received from a user. The configuration includes two or more configuration items. Each configuration item is a parameter in the configuration of the security analysis tool that has a plurality of possible values. A correlation between the two or more configuration items is determined. The correlation is based on one or more pre-determined empirical correlations.

Abstract: An illustrative embodiment of a computer-implemented process for identifying a request invalidating a session excludes all marked logout requests of a Web application, crawls an identified next portion of the Web application and responsive to a determination, in one instance, that the state of the crawl is out of session, logs in to the Web application. The computer-implemented process further selects all crawl requests sent since a last time the crawl was in-session, excluding all marked logout requests and responsive to a determination that requests remain, crawls a selected next unprocessed request. Responsive to a determination, in the next instance, that state of the crawl is out of session and the selected request meets logout request criteria, the computer-implemented process marks the selected request as a logout request.

Abstract: Identifying sequential browsing operations includes receiving session data associated with a plurality of sessions, creating a reduced page for each page in a series of pages associated with a first session in the plurality of sessions, and creating a hash value associated with each reduced page for each page in the series of pages associated with the first session of the plurality of sessions. Responsive to a determination that the hash value of the first session is equivalent to the hash value of the second session, an associated page is identified as an equivalent page and the equivalent pages are merged to create a common sequence without a need to resend requests associated with the session data to a server.

Abstract: An approach is provided that automatically classify network traffic of web applications and services based on a dynamic analysis. The approach scans a resource that corresponds to a named network application and receives, as a result of the scan, network resource identifiers that are accessed by the named network application. Network traffic between users and network resources is monitored, with the monitoring resulting in a set of visited network resource identifiers. The set of resource identifiers is found by matching the visited network resource identifiers with the network resource identifiers returned by the scan. Each of the set of resource identifiers is then matched with the named application.

Abstract: A configuration for a security analysis tool is received from a user. The configuration includes two or more configuration items. Each configuration item is a parameter in the configuration of the security analysis tool that has a plurality of possible values. A correlation between the two or more configuration items is determined. The correlation is based on one or more pre-determined empirical correlations.

Abstract: An illustrative embodiment of a computer-implemented process for identifying a request invalidating a session excludes all marked logout requests of a Web application, crawls an identified next portion of the Web application and responsive to a determination, in one instance, that the state of the crawl is out of session, logs in to the Web application. The computer-implemented process further selects all crawl requests sent since a last time the crawl was in-session, excluding all marked logout requests and responsive to a determination that requests remain, crawls a selected next unprocessed request. Responsive to a determination, in the next instance, that state of the crawl is out of session and the selected request meets logout request criteria, the computer-implemented process marks the selected request as a logout request.

Abstract: Preliminary program analysis of an executable may be performed. A security vulnerability level of a portion of the executable may be determined based on the preliminary program analysis. The security vulnerability level of the portion may be compared to a security vulnerability threshold. The precision of runtime monitoring of the portion may be tuned based on the comparison.

Abstract: Identifying equivalent JavaScript events includes receiving source code containing two JavaScript events for equivalency analysis, extracting an HTML element containing an event from each JavaScript event and analyzing the extracted HTML elements. Responsive to a determination that the HTML elements are of a same type according to equivalency criteria B, and responsive to a determination that the HTML elements have a same number of attributes according to equivalency criteria C, a determination is made whether JavaScript function calls of each JavaScript event are similar according to equivalency criteria A. Responsive to a determination that the JavaScript function calls are similar according to equivalency criteria A, and responsive to a determination that the other attributes of the HTML elements satisfy equivalency criteria D, the JavaScript events are identified as equivalent.

Abstract: A computer system may identify a cryptographic application programming interface (API) call for a program. The cryptographic API call may include a first variable. The computer system may determine that the first variable is a static value. The computer system may tag the first variable. The computer system may determine that the cryptographic API call will be executed. The computer system may replace the first variable with a second variable during execution of the program. The computer system may execute the cryptographic API call with the second variable.

Abstract: Preliminary program analysis of an executable may be performed. A security vulnerability level of a portion of the executable may be determined based on the preliminary program analysis. The security vulnerability level of the portion may be compared to a security vulnerability threshold. The precision of runtime monitoring of the portion may be tuned based on the comparison.

Abstract: Identifying equivalent JavaScript events includes receiving source code containing two JavaScript events for equivalency analysis, extracting an HTML element containing an event from each JavaScript event and analyzing the extracted HTML elements. Responsive to a determination that the HTML elements are of a same type according to equivalency criteria B, and responsive to a determination that the HTML elements have a same number of attributes according to equivalency criteria C, a determination is made whether JavaScript function calls of each JavaScript event are similar according to equivalency criteria A. Responsive to a determination that the JavaScript function calls are similar according to equivalency criteria A, and responsive to a determination that the other attributes of the HTML elements satisfy equivalency criteria D, the JavaScript events are identified as equivalent.

Abstract: An illustrative embodiment of a computer-implemented process for identifying a request invalidating a session excludes all marked logout requests of a Web application, crawls an identified next portion of the Web application and responsive to a determination, in one instance, that the state of the crawl is out of session, logs in to the Web application. The computer-implemented process further selects all crawl requests sent since a last time the crawl was in-session, excluding all marked logout requests and responsive to a determination that requests remain, crawls a selected next unprocessed request. Responsive to a determination, in the next instance, that state of the crawl is out of session and the selected request meets logout request criteria, the computer-implemented process marks the selected request as a logout request.

Abstract: An embodiment for tracking JavaScript actions in a rich Internet application, receives a document object model (DOM) representative of a particular page of an application at a particular time and analyzes the DOM received to identify each JavaScript action on the particular page for which each JavaScript action identified, a JavaScript action characteristics ID is calculated and stored. Responsive to a determination multiple instances of a same ID exist, collecting a list of JavaScript actions corresponding to each ID corresponding to a multiple JavaScript action and removing from memory JavaScript action entries for the multiple instances of the same ID. A neighbor influence is computed for a member of the list of JavaScript actions remaining and the JavaScript action ID calculated for the member of the list of JavaScript actions remaining is stored. Responsive to a determination there are no more multiple JavaScript actions, return all JavaScript action IDs stored.

Abstract: Embodiments are directed to computing, by an apparatus comprising a processing device, an identifier (ID) for an element in a page using an algorithm responsive to encountering the element a first time, causing, by the apparatus, the ID to be stored in a storage device, encountering, by the apparatus, the element a second time, determining, by the apparatus, that the element is encountered the second time, and responsive to determining that the element is encountered the second time, representing, by the apparatus, the element by the ID at the time of the second encounter by retrieving the ID from the storage device.