Abstract: This invention presents Application software driven Data in Use security risk reduction, by selectively protecting Application sensitive data, resetting Keys post breach, and minimizing Ciphertext exposure. Both sensitive data detection and protection are disclosed. Sensitive data detection includes direct lexical scan and indirect intermediate variables value capture. Protection includes Non-Invasive and Invasive Mitigation. Non-Invasive Mitigation discloses code Front & Tail Trimming, Secure Wipe, and code line gap determined encryption (after last use) & decryption (before next use). Invasive Mitigation discloses a total code redesign using dependency graphs, a local code lines swap, and a global code lines collapse. Single machine job shop scheduling results are upheld with I/O library serialization, within Application development environment. Shuffle (unshuffled) algorithm(s) for data masking (unmasking) are disclosed.

Abstract: This disclosure relates to a method and device for software risk management within an IT infrastructure. The method includes computing security risk factors for a plurality of software components based on available executables for the plurality of software components. A set of software components are identified from the plurality of components, such that, a security risk factor for each of the set of software components is greater than a predefined threshold. Thereafter, a compensating control is activated for at least one of the set of software components, when a compensating control mechanism is available for each of the at least one software component and the compensating control mechanism satisfies control criteria. The method includes dynamically deploying at least one continuous monitoring tool satisfying monitoring criteria, to monitor each of at least one remaining software component, for which compensating control mechanism is not available, for a predefined duration.

Abstract: This disclosure relates to a method and device for software risk management within an IT infrastructure. The method includes computing security risk factors for a plurality of software components based on available executables for the plurality of software components. A set of software components are identified from the plurality of components, such that, a security risk factor for each of the set of software components is greater than a predefined threshold. Thereafter, a compensating control is activated for at least one of the set of software components, when a compensating control mechanism is available for each of the at least one software component and the compensating control mechanism satisfies control criteria. The method includes dynamically deploying at least one continuous monitoring tool satisfying monitoring criteria, to monitor each of at least one remaining software component, for which compensating control mechanism is not available, for a predefined duration.

Abstract: This disclosure relates generally to software performance testing, and more particularly to a system and method for steady state performance testing of a multiple output software system. According to one exemplary embodiment, a processor-implemented performance test for steady-state determination method is described. The method may include executing, via one or more hardware processors, a performance test of a web-based application, calculating, via the one or more hardware processors, a plurality of output metrics based on the performance test, determining, via the one or more hardware processors, whether each of the output metrics has achieved steady state within micro, macro, and global initial time windows, and providing an overall steadiness indication based on the determination of whether each of the output metrics has achieved steady state within the micro, macro, and global time windows.

Abstract: Embodiments of the present disclosure relate to methods and systems for hybrid testing, combining the optimization features of functional testing brought forth to security testing. One disclosed method may include receiving a list of input points associated with a software unit under test and assigning, by a processor, risk values to the input points based on one or more risk rating factors. The risk values may reflect security risk associated with the input points. The method may further include providing, to the software unit under test, input values indicative of a functional test for input points assigned values reflecting a low security risk and input values indicative of a security test for input points assigned values reflecting a high security risk. The method may further include executing a security test for the software unit under test using the input values.

Abstract: This disclosure relates generally to application development, and more particularly to systems and methods for fixing software defects in a binary or executable file. In one embodiment, a software defect management system is disclosed, comprising: a processor; and a memory disposed in communication with the processor and storing processor-executable instructions comprising instructions for: obtaining an application programming interface call for a black-box software application; determining whether the black-box software application is configured in a defective manner to process the application programming interface call; identifying a call processing application to process the application programming interface call, based on determining whether the black-box software application is configured in a defective manner to process the application programming interface call; and providing the application programming interface call for the identified call processing application.

Abstract: In one embodiment, a method of testing a software is disclosed. The method comprises: providing an input event to the software under test, wherein the software under test is associated with a time delay between an input event and an output event; identifying one or more discrete time instances based on the time delay between the input event and the output event; and testing the software under test by synthetically setting a clock to the one or more discrete time instances.

Abstract: This technology obtains requirements data on types of requirements for a project. Next, each conflict between one of the requirements in one of the types of requirements and one of the requirements in another one of the types of requirements is identified. In each of the identified conflicts one of the one of the requirements in one of the types of requirements or the one of the requirements in another one of the types of requirements is selected based on stored attribute value data for the obtained requirements retrieved from one or more value databases. A schedule with a sequence of execution phases of the project is generated based on any non-conflicting ones of the requirements and the selected one of the one of the requirements in one of the types requirements and one of the requirements in another one of the types of requirements for each of the identified conflicts.

Abstract: The present disclosure relates to methods and systems for testing navigation graph services. Embodiments of the present disclosure may provide a directed graph based on a navigation graph service, determine a set of paths between nodes in the directed graph, and generate a testing script for an arbitrary performance testing tool based on the determined set of paths. The set of paths may comprise edge-disjoint paths between nodes in the directed graph.

Abstract: This disclosure relates generally to software performance testing, and more particularly to a system and method for steady state performance testing of a multiple output software system. According to one exemplary embodiment, a processor-implemented performance test for steady-state determination method is described. The method may include executing, via one or more hardware processors, a performance test of a web-based application, calculating, via the one or more hardware processors, a plurality of output metrics based on the performance test, determining, via the one or more hardware processors, whether each of the output metrics has achieved steady state within micro, macro, and global initial time windows, and providing an overall steadiness indication based on the determination of whether each of the output metrics has achieved steady state within the micro, macro, and global time windows.

Abstract: Embodiments of the present disclosure relate to methods and systems for hybrid testing, combining the optimization features of functional testing brought forth to security testing. One disclosed method may include receiving a list of input points associated with a software unit under test and assigning, by a processor, risk values to the input points based on one or more risk rating factors. The risk values may reflect security risk associated with the input points. The method may further include providing, to the software unit under test, input values indicative of a functional test for input points assigned values reflecting a low security risk and input values indicative of a security test for input points assigned values reflecting a high security risk. The method may further include executing a security test for the software unit under test using the input values.

Abstract: The present disclosure relates to systems, methods, and non-transitory computer-readable media for automating testing of software. The method comprises receiving, the at least one test case. The at least one test case associated with at least one test platform may be executed. Further, a variable time delay may be interjected between successive runs for the at least one test case. The variable time delay based on inertia associated with the at least one test platform. A sequence of the one or more test results for the at least one test case may be built. Based on the one or more test results, an output consistency based on the one or more test results may be determined. Finally, a fault associated with the at least one test platform or a software based on the output consistency may be determined.

Abstract: Apparatuses, methods, and non-transitory computer readable medium that evaluate a source code scanner are described. In one implementation, the method comprises obtaining source code. One or more good code snippets and one or more bad code snippets are inserted into the source code to obtain a modified source code. An issue list generated by the source code scanner upon scanning the modified source code is obtained. The issue list comprises code segments having security defects identified by the source code scanner, reasons for the security defects, and locations of the security defects in the modified source code. The code segments present in the issue list are compared with the one or more good code snippets and the one or more bad code snippets. A plurality of metrics, indicating quality of the source code scanner, are generated based on the comparison.

Abstract: This disclosure relates to methods and systems for performing software security audit for an executable code, the method comprising: receiving, by a hardware processor, the executable code along with a plurality of life-cycle artifacts associated with the executable code; performing a security assessment on the executable code and the plurality of life-cycle artifacts associated with the executable code to identify one or more potential security issues associated with the executable code; determining a first set of questions based on the identified one or more security issues associated with the executable code; determining a second set of questions based on a requirements specification associated with the executable code; and performing a security audit session with one or more audit participants based on the first set of questions and the second set of questions.

Abstract: In one embodiment, a method of testing a software is disclosed. The method comprises: providing an input event to the software under test, wherein the software under test is associated with a time delay between an input event and an output event; identifying one or more discrete time instances based on the time delay between the input event and the output event; and testing the software under test by synthetically setting a clock to the one or more discrete time instances.

Abstract: Apparatuses, methods, and non-transitory computer readable medium that evaluate a source code scanner are described. In one implementation, the method comprises obtaining source code. One or more good code snippets and one or more bad code snippets are inserted into the source code to obtain a modified source code. An issue list generated by the source code scanner upon scanning the modified source code is obtained. The issue list comprises code segments having security defects identified by the source code scanner, reasons for the security defects, and locations of the security defects in the modified source code. The code segments present in the issue list are compared with the one or more good code snippets and the one or more bad code snippets. A plurality of metrics, indicating quality of the source code scanner, are generated based on the comparison.

Abstract: Systems and methods for secure generation and transmission of data over a communication network are described herein. In one example, the method comprises receiving a query from the user and retrieving raw data from a data repository based on the received query. The method further comprises generating an obfuscated query and randomizing at least one of a table and a field of the raw data to produce a randomized schema. In one example, the method further comprises pre-processing the raw data based on the received query and inserting the preprocessed data into the randomized schema. Thereafter a data payload is generated by inserting the obfuscated query and the randomized schema into a data carrier, wherein the data payload is to be transferred to at least one client device for processing.

Abstract: Systems, methods, and computer-readable media for presenting and mitigating security defects in a systems development process. An example method is provided. The method comprises receiving a set of security defects, each of which may be associated with a severity level and a development stage. The method further comprises applying at least one rule to one of the received security defects to determine whether a risk associated with the at least one defects is reduced. Each rule may be associated with a weight representative of the probability that the rule correctly predicts that the risk is reduced. The method further comprises determining which of the rules applied to the at least one defect and appropriately modifying the associated severity level. The method further comprises presenting the received security defects, based on the severity level associated with each defect and the weight associated with a rule applied to each defect. Systems and computer-readable media are also provided.

Abstract: Systems and methods for secure generation and transmission of data over a communication network are described herein. In one example, the method comprises receiving a query from the user and retrieving raw data from a data repository based on the received query. The method further comprises generating an obfuscated query and randomizing at least one of a table and a field of the raw data to produce a randomized schema. In one example, the method further comprises pre-processing the raw data based on the received query and inserting the preprocessed data into the randomized schema. Thereafter a data payload is generated by inserting the obfuscated query and the randomized schema into a data carrier, wherein the data payload is to be transferred to at least one client device for processing.

Abstract: The present disclosure relates to methods and systems for testing navigation graph services. Embodiments of the present disclosure may provide a directed graph based on a navigation graph service, determine a set of paths between nodes in the directed graph, and generate a testing script for an arbitrary performance testing tool based on the determined set of paths. The set of paths may comprise edge-disjoint paths between nodes in the directed graph.