Abstract: An attack upon a web interface is detected in real-time. The web interface is one of many web interfaces across many ports across many computer systems within a network. Data on the attack is gathered. The attack data includes traffic data. Variants of the attack are determined based on data of the attack. The variants are selected from a predetermined set of attack variants. The attacked interface is scanned with the selected attack variants. The web interface is identified as vulnerable to at least one variant of the attack. In response to this identification, the attack is responded to without human intervention.

Abstract: Synchronizing requests with a respective context includes, responsive to a determination that there are more pages to explore, performing regular crawling operations for a current page, recording a current page in a list of explored pages and extracting links from the current page. Responsive to a determination that there are more links to extract, a next link to analyze is selected to form a selected link and responsive to a determination that there is a new request associated with the selected link, a new request identifier is created and saved as an entry in a hashmap. Responsive to a determination that there is not a new request associated with selected link, a request associated with the selected link is updated with a new link value when the link value differs.

Abstract: Identifying unvisited portions of visited information to visit includes receiving information to crawl, wherein the information is representative of one of web based information and non-web based information, computing a locality sensitive hash (LSH) value for the received information, and identifying a most similar information visited thus far. Identifying unvisited portions of visited information further includes determining whether the LSH of the received information is equivalent to most similar information visited thus far and, responsive to a determination that the LSH of the received information is not equivalent to most similar information visited thus far, identifying a visited portion of the received information using information for most similar information visited thus far and crawling only unvisited portions of the received information.

Abstract: Identifying unvisited portions of visited information to visit includes receiving information to crawl, wherein the information is representative of one of web based information and non-web based information, computing a locality sensitive hash (LSH) value for the received information, and identifying a most similar information visited thus far. Identifying unvisited portions of visited information further includes determining whether the LSH of the received information is equivalent to most similar information visited thus far and, responsive to a determination that the LSH of the received information is not equivalent to most similar information visited thus far, identifying a visited portion of the received information using information for most similar information visited thus far and crawling only unvisited portions of the received information.

Abstract: An illustrative embodiment of automated application decomposition generates a set of information specific to an application by one or more external tools. Predefined heuristics and corresponding predefined conclusions, categorized corresponding to one or more external tool domains, are applied to the set of information to produce an intermediate result. The intermediate result is converted into a set of conclusions about factors, representative of the application, used in application decomposition. The set of conclusions is exported and used to generate a model of the application. The model is a starting point for identification of threats and weaknesses specific to the application.

Abstract: Identifying equivalent JavaScript events includes receiving source code containing two JavaScript events for equivalency analysis, extracting an HTML element containing an event from each JavaScript event and analyzing the extracted HTML elements. Responsive to a determination that the HTML elements are of a same type according to equivalency criteria B, and responsive to a determination that the HTML elements have a same number of attributes according to equivalency criteria C, a determination is made whether JavaScript function calls of each JavaScript event are similar according to equivalency criteria A. Responsive to a determination that the JavaScript function calls are similar according to equivalency criteria A, and responsive to a determination that the other attributes of the HTML elements satisfy equivalency criteria D, the JavaScript events are identified as equivalent.

Abstract: A method for identifying client states, receives a set of paths representative of a document object model (DOM) associated with a web page of a rich internet application and for each path in the set of paths received, extracts a subtree, as subtree X, for a current path. The method traverses all known sub-paths under the current path and delete corresponding subtrees from subtree X and reads contents of and determines states of subtree X to form a state X. The state X is added to a set of current states and responsive to a determination no more paths exist, returns the set of current states of the rich internet application.

Abstract: Embodiments relating to a computer-implemented process, an apparatus and a computer program product is provided for crawling rich Internet applications. In one aspect the method includes executing an event in a set of events discovered in a state exploration phase according to a predetermined priority of events in each set of events in the sets of events discovered, wherein the event from a higher priority is exhausted before an event from a lower priority is executed and determining any transitions. Responsive to a determination that there are at least one transition any remaining set of events is executed in a transition exploration phase. In addition the method determines the existence of any new states as a result of executing an event in the set of events and returns to the state exploration phase, responsive to a determination that a new state exists.

Abstract: Identifying equivalent JavaScript events includes receiving source code containing two JavaScript events for equivalency analysis, extracting an HTML element containing an event from each JavaScript event and analyzing the extracted HTML elements. Responsive to a determination that the HTML elements are of a same type according to equivalency criteria B, and responsive to a determination that the HTML elements have a same number of attributes according to equivalency criteria C, a determination is made whether JavaScript function calls of each JavaScript event are similar according to equivalency criteria A. Responsive to a determination that the JavaScript function calls are similar according to equivalency criteria A, and responsive to a determination that the other attributes of the HTML elements satisfy equivalency criteria D, the JavaScript events are identified as equivalent.

Abstract: A mechanism is provided for identifying parameter and name/value pair separators within two or more strings of data. The identifying is performed by selecting at least one name/value pair separator candidate from the two or more strings of data, and filtering the at least one name/value pair separator candidate using one or more rules, thereby removing any of the name/value pair separator candidates that do not conform to any of the one or more rules. The identifying additionally includes selecting at least one parameter separator candidate from the two or more strings of data, and filtering the at least one parameter separator candidate using one or more rules, thereby removing any of the at least one parameter separator candidates that do not conform to any of the one or more rules. The result is a set of tuples that includes a name/value separator candidate, and a parameter separator candidate.

Abstract: Verifying application security vulnerabilities includes receiving a source code to analyze, performing a static analysis using the received source code and generating a vulnerability call trace for the received source code. Responsive to a determination that all static analysis results are not validated, mock objects are generated using the vulnerability call trace and a unit test is created using the generated mock objects. The unit test is executed using the generated mock objects and responsive to a determination that an identified vulnerability was validated; a next static analysis result is selected. Responsive to a determination that all static analysis results are validated, results and computed unit tests are reported.

Abstract: An illustrative embodiment of a computer-implemented process for security scanning using entity history responsive to a determination that a set of vulnerabilities exist for a selected security entity, tests the selected entity using a vulnerability set selected from an issues history and responsive to a determination that all vulnerabilities are not found, determining whether more vulnerabilities sets exist. Responsive to a determination that more vulnerabilities sets exist, obtains a next set of vulnerabilities and tests the selected security entity using another vulnerability set selected from the issues history. Responsive to a determination that a set of vulnerabilities does not exist for the selected security entity, performs a full scan of the selected security entity and responsive to a determination that security issues are identified, records the security issues identified in the issues history.

Abstract: An embodiment for tracking JavaScript actions in a rich Internet application, receives a document object model (DOM) representative of a particular page of an application at a particular time and analyzes the DOM received to identify each JavaScript action on the particular page for which each JavaScript action identified, a JavaScript action characteristics ID is calculated and stored. Responsive to a determination multiple instances of a same ID exist, collecting a list of JavaScript actions corresponding to each ID corresponding to a multiple JavaScript action and removing from memory JavaScript action entries for the multiple instances of the same ID. A neighbor influence is computed for a member of the list of JavaScript actions remaining and the JavaScript action ID calculated for the member of the list of JavaScript actions remaining is stored. Responsive to a determination there are no more multiple JavaScript actions, return all JavaScript action IDs stored.

Abstract: Identifying parameter and name/value pair separators within two or more strings of data. The identifying is performed by selecting at least one name/value pair separator candidate from the two or more strings of data, and filtering the at least one name/value pair separator candidate using one or more rules, thereby removing any of the name/value pair separator candidates that do not conform to any of the one or more rules. The identifying additionally includes selecting at least one parameter separator candidate from the two or more strings of data, and filtering the at least one parameter separator candidate using one or more rules, thereby removing any of the at least one parameter separator candidates that do not conform to any of the one or more rules. The result is a set of tuples that includes a name/value separator candidate, and a parameter separator candidate.

Abstract: Verifying application security vulnerabilities includes receiving a source code to analyze, performing a static analysis using the received source code and generating a vulnerability call trace for the received source code. Responsive to a determination that all static analysis results are not validated, mock objects are generated using the vulnerability call trace and a unit test is created using the generated mock objects. The unit test is executed using the generated mock objects and responsive to a determination that an identified vulnerability was validated; a next static analysis result is selected. Responsive to a determination that all static analysis results are validated, results and computed unit tests are reported.

Abstract: Verifying application security vulnerabilities includes receiving a source code to analyze, performing a static analysis using the received source code and generating a vulnerability call trace for the received source code. Responsive to a determination that all static analysis results are not validated, mock objects are generated using the vulnerability call trace and a unit test is created using the generated mock objects. The unit test is executed using the generated mock objects and responsive to a determination that an identified vulnerability was validated; a next static analysis result is selected. Responsive to a determination that all static analysis results are validated, results and computed unit tests are reported.

Abstract: A mechanism is provided for identifying parameter and name/value pair separators within two or more strings of data. The identifying is performed by selecting at least one name/value pair separator candidate from the two or more strings of data, and filtering the at least one name/value pair separator candidate using one or more rules, thereby removing any of the name/value pair separator candidates that do not conform to any of the one or more rules. The identifying additionally includes selecting at least one parameter separator candidate from the two or more strings of data, and filtering the at least one parameter separator candidate using one or more rules, thereby removing any of the at least one parameter separator candidates that do not conform to any of the one or more rules. The result is a set of tuples that includes a name/value separator candidate, and a parameter separator candidate.

Abstract: A computer-implemented process, computer program product, and apparatus for identifying session identification information. A recording is initiated and an operation sequence of interest is performed while recording and the recording ceases. Responsive to a determination that the operation sequence of interest was successful, information from the operation sequence of interest is saved as recorded information and responsive to a determination that a same operation sequence of interest was recorded, the recorded information from each operation sequence of interest is compared. Differences in the recorded information are identified to form identified differences and a session identifier is constructed using the identified differences.

Abstract: Embodiments are directed to computing, by an apparatus comprising a processing device, an identifier (ID) for an element in a page using an algorithm responsive to encountering the element a first time, causing, by the apparatus, the ID to be stored in a storage device, encountering, by the apparatus, the element a second time, determining, by the apparatus, that the element is encountered the second time, and responsive to determining that the element is encountered the second time, representing, by the apparatus, the element by the ID at the time of the second encounter by retrieving the ID from the storage device.

Abstract: Embodiments are directed to computing, by an apparatus comprising a processing device, an identifier (ID) for an element in a page using an algorithm responsive to encountering the element a first time, causing, by the apparatus, the ID to be stored in a storage device, encountering, by the apparatus, the element a second time, determining, by the apparatus, that the element is encountered the second time, and responsive to determining that the element is encountered the second time, representing, by the apparatus, the element by the ID at the time of the second encounter by retrieving the ID from the storage device.