Abstract: Various embodiments comprise systems and methods to generate privacy audit reports for web applications. In some examples a computing system comprises a data extraction component, a risk assessment component, and an exposure component. The data extraction component crawls a web application and identifies data, data exposure points, and security policies implemented by the web application. The risk assessment component generates a risk score for the web application based on the amount data, the data sensitivity, the amount and type of data exposure points, and the security policies. The risk assessment component generates the privacy audit report for the web application. The privacy audit report comprises the risk score, an inventory of data types, an inventory of the data exposure points, and a graphical representation of historical risk scores. The exposure component transfers the privacy audit report for delivery to an operator of the web application.

Abstract: Techniques to facilitate adaptive sampling of security policy violations are disclosed herein. In at least one implementation, a variable sampling rate for sampling a fixed amount of security policy violation reports per unit time based on a violation rate is determined. The variable sampling rate is applied to sample the fixed amount of the security policy violation reports per unit time. When the violation rate exceeds a threshold, the variable sampling rate is switched to a fixed sampling rate for sampling a variable amount of the security policy violation reports per unit time. The fixed sampling rate is applied to sample the variable amount of the security policy violation reports per unit time.

Abstract: Techniques to facilitate operation of a centralized trust authority for web application components are disclosed herein. In at least one implementation, a plurality of web resources used to construct web applications is received. Over a secure application programming interface (API), component registration information associated with each of the plurality of web resources is received, provided by producers of the web resources. The plurality of web resources is analyzed to determine unique identities and security attributes for each of the web resources. A plurality of security risk factors is identified for each of the plurality of web resources based on the component registration information and the security attributes determined for each of the web resources. A security profile is generated for each of the plurality of web resources based on the security risk factors identified for each of the web resources.

Abstract: Disclosed herein are enhancements for operating a communication network to detect malware in scripts of web applications. In one implementation, a method for modeling the structure of embedded unclassified scripts to compare the abstract dynamism of similar scripts. The method may determine structure of unclassified end user browser script by building abstract structure using code from unclassified end user browser script; compare determined structure of unclassified end user browser script with a plurality of generalized abstract structures; if the determined structure of unclassified end user browser script matches within a predetermined threshold of any of the plurality of generalized abstract structures, then the unclassified end user browser script is classified as benign, otherwise the determined structure is classified as malicious. This, in turn, provides a scalable and efficient way of identifying benign, malicious, known and unknown scripts from a script available in full or in part.

Abstract: Techniques to facilitate protection of web application components are disclosed herein. In at least one implementation, a plurality of web resources associated with a web applications is received. The plurality of web resources is processed to generate individual generalized code templates for each of the web resources by removing data constants and code formatting elements from the web resources. A set of the individual generalized code templates for each of the web resources is stored in a probabilistic data structure. A security web module comprising the probabilistic data structure having the set of the individual generalized code templates for each of the web resources stored therein is deployed to protect the web application.

Abstract: Techniques to facilitate operation of a centralized trust authority for web application components are disclosed herein. In at least one implementation, a plurality of web resources used to construct web applications is received. Over a secure application programming interface (API), component registration information associated with each of the plurality of web resources is received, provided by producers of the web resources. The plurality of web resources is analyzed to determine unique identities and security attributes for each of the web resources. A plurality of security risk factors is identified for each of the plurality of web resources based on the component registration information and the security attributes determined for each of the web resources. A security profile is generated for each of the plurality of web resources based on the security risk factors identified for each of the web resources.

Abstract: Techniques to facilitate creation of security profiles for web application components are disclosed herein. In at least one implementation, a plurality of web resources used to construct web applications is received. The plurality of web resources is analyzed to generate normalized fingerprints for each of the web resources. A plurality of security risk factors is determined for each of the plurality of web resources based on the normalized fingerprints generated for each of the web resources. A reputation score is generated for each of the plurality of web resources based on the security risk factors determined for each of the web resources.

Abstract: Techniques to facilitate security for a software application are disclosed herein. In at least one implementation, static analysis is performed on code resources associated with the software application to generate static analysis results. Dynamic analysis is performed on a running instance of the software application to generate dynamic analysis results. An application information model of the software application is generated based on the static analysis results and the dynamic analysis results. Security policies for the software application are determined based on the application information model.

Abstract: Disclosed herein are enhancements for operating a communication network to detect malware in scripts of web applications. In one implementation, a method for modeling the structure of embedded unclassified scripts to compare the abstract dynamism of similar scripts. The method may determine structure of unclassified end user browser script by building abstract structure using code from unclassified end user browser script; compare determined structure of unclassified end user browser script with a plurality of generalized abstract structures; if the determined structure of unclassified end user browser script matches within a predetermined threshold of any of the plurality of generalized abstract structures, then the unclassified end user browser script is classified as benign, otherwise the determined structure is classified as malicious. This, in turn, provides a scalable and efficient way of identifying benign, malicious, known and unknown scripts from a script available in full or in part.

Abstract: Techniques to facilitate security for a software application are disclosed herein. In at least one implementation, static analysis is performed on code resources associated with the software application to generate static analysis results. Dynamic analysis is performed on a running instance of the software application to generate dynamic analysis results. An application information model of the software application is generated based on the static analysis results and the dynamic analysis results. Security policies for the software application are determined based on the application information model.

Abstract: Methods, systems, and computer-readable media are disclosed for packet sanitization. A particular method intercepts a packet of a packet stream, where the packet stream is transmitted in accordance with a particular protocol. The packet is analyzed based on a specification associated with the particular protocol. Based on the analysis, a data value of a field of the packet is replaced with a sanitized data value to create a sanitized packet. The sanitized packet may be injected into the packet stream or may optionally be forwarded to a signature module that checks the sanitized packet for malicious content. When malicious content is found, the sanitized packet may be dropped, the sanitized packet may be logged, the sanitized packet may be redirected, or a notification regarding the sanitized packet may be sent to an administrator.

Abstract: Methods, systems, and computer-readable media are disclosed for packet sanitization. A particular method intercepts a packet of a packet stream, where the packet stream is transmitted in accordance with a particular protocol. The packet is analyzed based on a specification associated with the particular protocol. Based on the analysis, a data value of a field of the packet is replaced with a sanitized data value to create a sanitized packet. The sanitized packet may be injected into the packet stream or may optionally be forwarded to a signature module that checks the sanitized packet for malicious content. When malicious content is found, the sanitized packet may be dropped, the sanitized packet may be logged, the sanitized packet may be redirected, or a notification regarding the sanitized packet may be sent to an administrator.