公开(公告)号：US11010385B2

公开(公告)日：2021-05-18

申请号：US16598473

申请日：2019-10-10

Applicant: SAP SE

Inventor： Cedric Hebert ,  Manuel Karl

IPC: G06F16/242 ,  G06F16/2453 ,  G06F16/248 ,  G06F21/62 ,  G06F40/221

Abstract: Systems, methods, and computer media for securing data accessible through software applications are provided herein. By capturing path data such as returned results for a query and displayed results provided by an application (e.g., to or by a web browser) for an operation, it can be determined if the query returned more data than was needed for what was displayed. The query can be refined to limit the data returned and reduce the security risk of such over-provisioning of data.

公开(公告)号：US20210109931A1

公开(公告)日：2021-04-15

申请号：US16598473

申请日：2019-10-10

Applicant: SAP SE

Inventor： Cedric Hebert ,  Manuel Karl

IPC: G06F16/2453 ,  G06F16/242 ,  G06F16/248 ,  G06F17/27 ,  G06F21/62

Abstract: Systems, methods, and computer media for securing data accessible through software applications are provided herein. By capturing path data such as returned results for a query and displayed results provided by an application (e.g., to or by a web browser) for an operation, it can be determined if the query returned more data than was needed for what was displayed. The query can be refined to limit the data returned and reduce the security risk of such over-provisioning of data.

公开(公告)号：US20210067552A1

公开(公告)日：2021-03-04

申请号：US16552959

申请日：2019-08-27

Applicant: SAP SE

Inventor： Cedric Hebert ,  Manuel Karl

IPC: H04L29/06

Abstract: Systems, methods, and computer media for securing software applications are provided herein. By recording path data representing interactions between an application and other components, it can be determined what data an attacker has received by the time malicious activity is detected. During a session with an application, queries made to a dataset by the application can be recorded. After the session is found to be malicious, the session is transferred to a cloned application session in which access to the dataset is blocked. Based on the recorded queries, an alternative dataset for queries made in the cloned application session is generated that includes a subset of the original dataset, thus limiting future queries of the attacker in the cloned application session to data already received before the malicious activity was detected.

公开(公告)号：US11546378B2

公开(公告)日：2023-01-03

申请号：US16552959

申请日：2019-08-27

Applicant: SAP SE

Inventor： Cedric Hebert ,  Manuel Karl

IPC: H04L29/06 ,  H04L9/40

Abstract: Systems, methods, and computer media for securing software applications are provided herein. By recording path data representing interactions between an application and other components, it can be determined what data an attacker has received by the time malicious activity is detected. During a session with an application, queries made to a dataset by the application can be recorded. After the session is found to be malicious, the session is transferred to a cloned application session in which access to the dataset is blocked. Based on the recorded queries, an alternative dataset for queries made in the cloned application session is generated that includes a subset of the original dataset, thus limiting future queries of the attacker in the cloned application session to data already received before the malicious activity was detected.