公开(公告)号：US10650148B2

公开(公告)日：2020-05-12

申请号：US15500521

申请日：2014-09-04

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Sasi Muthurajan ,  Matias Madou ,  Ronald J. Sechman ,  Jeremy Brooks

IPC: G06F21/00 ,  G06F21/57 ,  H04L29/06 ,  H04L29/08 ,  G06F21/52 ,  G06F11/36

Abstract: Example embodiments disclosed herein relate to determining whether a protective measure meeting criteria has been performed on data. Execution of an application under test (AUT) is monitored. A message that a field of the AUT should be considered sensitive is received. Data is determined to be entered into the field. The data is monitored during execution of the AUT to determine whether the protective measure that meets the criteria has been performed on the data.

公开(公告)号：US10242199B2

公开(公告)日：2019-03-26

申请号：US15031454

申请日：2014-01-31

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Sasi Siddharth Muthurajan ,  Matias Madou ,  Prajakta Jagdale ,  Jeremy Brooks

IPC: G06F21/57 ,  H04L29/06

Abstract: Example embodiments disclosed herein relate to a security test. A crawl of an application under test (AUT) is performed to determine an attack surface using crawl sessions. One or more parameters of the attack surface are probed during the respective crawl sessions. A trace is requested from an observer for the probe of the one or more parameters. Attack suggestions are received from the observer based on the trace of the one or more parameters.

公开(公告)号：US20170187743A1

公开(公告)日：2017-06-29

申请号：US15312645

申请日：2014-05-20

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Matias Madou ,  Ronald J. SECHMAN ,  Sam NG MING SUM

IPC: H04L29/06

CPC classification number: H04L63/1433 ,  G06F21/566 ,  G06F21/577 ,  G06F2221/033 ,  H04L63/1441

Abstract: Example embodiments disclosed herein relate to generating a point-wise protection based on dynamic security analysis. Vulnerability solution recommendation are provided based on the dynamic security analysis. A point-wise protection is generated based on a selection of the vulnerability solution recommendation.

公开(公告)号：US20170220798A1

公开(公告)日：2017-08-03

申请号：US15500528

申请日：2014-12-16

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Matias Madou ,  Benjamin Seth HEILERS

IPC: G06F21/55 ,  G06F21/62

CPC classification number: G06F21/552 ,  G06F21/53 ,  G06F21/554 ,  G06F21/6227 ,  G06F2221/034

Abstract: Example embodiments disclosed herein relate to determining permissible activity in an application. Application programming interfaces (APIs) of an application are monitored using a runtime agent. Information about the APIs is provided to a rules engine. A set of rules describing permissible activity is received from the rules engine.

公开(公告)号：US20160267277A1

公开(公告)日：2016-09-15

申请号：US15031454

申请日：2014-01-31

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Sasi Siddharth Muthurajan ,  Matias Madou ,  Prajakta Jagdale ,  Jeremy Brooks

IPC: G06F21/57

CPC classification number: G06F21/577 ,  G06F2221/033

Abstract: Example embodiments disclosed herein relate to a security test. A crawl of an application under test (AUT) is performed to determine an attack surface using crawl sessions. One or more parameters of the attack surface are probed during the respective crawl sessions. A trace is requested from an observer for the probe of the one or more parameters. Attack suggestions are received from the observer based on the trace of the one or more parameters.

Abstract translation: 本文公开的示例实施例涉及安全测试。 执行被测试应用程序（AUT）的爬取，以使用爬网会话确定攻击面。 攻击表面的一个或多个参数在相应的爬网会话期间被探测。 从观察者请求跟踪以探测一个或多个参数。 基于一个或多个参数的跟踪，从观察者接收到攻击建议。

公开(公告)号：US11057395B2

公开(公告)日：2021-07-06

申请号：US15128501

申请日：2014-03-24

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Ming Sum Sam Ng ,  Ronald Joseph Sechman ,  Matias Madou

IPC: H04L29/06 ,  G06F21/57 ,  G06F21/31 ,  G06F21/41 ,  G06F21/10 ,  H04L29/08 ,  H04L12/26 ,  H04L29/12

Abstract: Information stored in a Hypertext Transfer Protocol (HTTP) session is monitored. Based on the monitoring, authentication information in the information stored in the HTTP session is identified.

公开(公告)号：US10423793B2

公开(公告)日：2019-09-24

申请号：US15317206

申请日：2014-06-19

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Matias Madou ,  Ronald J. Sechman ,  Sam Ng Ming Sum

IPC: G06F21/57 ,  G06F11/36

Abstract: Example embodiments disclosed herein relate to an approach for installing a runtime agent during a security test. A security test is initiated or performed on an application under test executing on a server. An application vulnerability associated with the application under test is determined. The application vulnerability is exploited to install the runtime agent on the server. The security test is continued using the runtime agent to receive additional information about the application under test.

公开(公告)号：US10318728B2

公开(公告)日：2019-06-11

申请号：US15500528

申请日：2014-12-16

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Matias Madou ,  Benjamin Seth Heilers

IPC: H04L29/06 ,  G06F21/55 ,  G06F21/62 ,  G06F21/53

Abstract: Example embodiments disclosed herein relate to determining permissible activity in an application. Application programming interfaces (APIs) of an application are monitored using a runtime agent. Information about the APIs is provided to a rules engine. A set of rules describing permissible activity is received from the rules engine.