公开(公告)号：US20230177166A1

公开(公告)日：2023-06-08

申请号：US17542939

申请日：2021-12-06

Applicant: SAP SE

Inventor： Souphiane Bensalim ,  Thomas Barber ,  David Klein ,  Martin Johns

IPC: G06F21/57

CPC classification number: G06F21/577 ,  G06F2221/033

Abstract: Embodiments relate to improving accuracy of security vulnerability detection by determining a context of a data flow from a target, generating an exploit, and injecting the exploit based upon the context to create a vulnerable Uniform Resource Locator (URL). The context may comprise a HTML context, a URL context, a JavaScript context, or a JSON context. Communication of the vulnerable URL to a testing platform results in validation of the presence of a security vulnerability. Embodiments may find particular value in detecting vulnerability to a client-side XSS attack, by generating a vulnerable URL containing an exploit that is injected based upon a collected taint flow. Where the target is a website, embodiments improve accuracy of client-side XSS validation exploits by identifying which characters of a URL enter a specific context (e.g., HTML or JavaScript), and replacing these characters with a payload designed to trigger code execution for validation.

公开(公告)号：US10834102B2

公开(公告)日：2020-11-10

申请号：US15862830

申请日：2018-01-05

Applicant: SAP SE

Inventor： Martin Johns ,  Martin Haerterich ,  Christoph Haefner

IPC: H04L29/06 ,  G06F21/57 ,  G06F21/54 ,  G06N20/00

Abstract: A client comprising a web browser is provided. The client is configured to: run an application in the web browser, the application comprising a sensor including sensor JavaScript code, wherein running the application comprises executing the sensor JavaScript code as the first JavaScript code in the web browser to activate the sensor; and wherein the sensor is configured to: gather data with respect to the application at runtime; and check predetermined application-specific rules against the gathered data for detecting client-side attacks at runtime.

公开(公告)号：US10061925B2

公开(公告)日：2018-08-28

申请号：US15187703

申请日：2016-06-20

Applicant: SAP SE

Inventor： Martin Haerterich ,  Martin Johns

IPC: G06F21/56 ,  G06F21/52 ,  G06F21/55

CPC classification number: G06F21/552 ,  G06F2221/034 ,  G06F2221/2101

Abstract: A number of events are counted in different layers of a computing environment during execution of a software application. The number of counted events can be compared to a previously generated cluster set to determine that at least one of the counted events is an outlier. Data can then be provided that characterizes the at least one of the counted events determined to be an outlier. In some cases, some or all of the functionality of the software application can be selectively disabled. Related apparatus, systems, techniques and articles are also described.

公开(公告)号：US20180239898A1

公开(公告)日：2018-08-23

申请号：US15435961

申请日：2017-02-17

Applicant: SAP SE

Inventor： Martin Haerterich ,  Martin Johns

IPC: G06F21/56

CPC classification number: G06F21/563 ,  G06F8/71 ,  G06F21/562 ,  G06F21/577 ,  G06F2221/033

Abstract: Various examples are directed to detecting anomalous modifications to a software component, For example, a computing device may receive, from a version control system, version metadata describing properties of a plurality of commits for the software component. The computing device may generate a plurality of commit clusters based, at least in part, on the properties of the plurality of commits. The computing device may determine a first anomalous commit of the plurality of commits and generate an alert message indicating a first code segment modified by the first commit.

公开(公告)号：US20180198807A1

公开(公告)日：2018-07-12

申请号：US15862830

申请日：2018-01-05

Applicant: SAP SE

Inventor： Martin Johns ,  Martin Haerterich ,  Christoph Haefner

IPC: H04L29/06 ,  G06F21/57 ,  G06F21/54

CPC classification number: H04L63/1416 ,  G06F21/54 ,  G06F21/577 ,  G06N20/00 ,  H04L63/1425 ,  H04L63/1433

Abstract: A client comprising a web browser is provided. The client is configured to: run an application in the web browser, the application comprising a sensor including sensor JavaScript code, wherein running the application comprises executing the sensor JavaScript code as the first JavaScript code in the web browser to activate the sensor; and wherein the sensor is configured to: gather data with respect to the application at runtime; and check predetermined application-specific rules against the gathered data for detecting client-side attacks at runtime.

公开(公告)号：US20230252159A1

公开(公告)日：2023-08-10

申请号：US17665319

申请日：2022-02-04

Applicant: SAP SE

Inventor： Thomas Barber ,  David Klein ,  Martin Johns

IPC: G06F21/57

CPC classification number: G06F21/577 ,  G06F2221/034

Abstract: Code injection is a type of security vulnerability in which an attacker injects client-side scripts modifying the content being delivered. A sanitizer function may provide defense against such attacks by removing certain characters (e.g., characters causing state transitions in HTML). A string sanitizer may be modeled in order to determine its effectiveness by obtaining data flow information indicating string operations that used an input string or information derived therefrom, including a string sanitizer function. A deterministic finite automata representing string values of the output parameter may be generated based on a graph generated from the data flow information, where the automata accepts possible output string values of the sanitizer. It can be determined whether there is a non-empty intersection between the automata for the sanitizer output and an automata representing a security exploit, which would indicate that the sanitizer function is vulnerable to the exploit.

公开(公告)号：US11537760B2

公开(公告)日：2022-12-27

申请号：US17031448

申请日：2020-09-24

Applicant: SAP SE

Inventor： Martin Johns

IPC: G06F21/84 ,  H04L9/40 ,  G06F21/60 ,  G06F16/958 ,  G06F21/83

Abstract: Various examples are directed to systems and methods for executing a web application with client-side encryption. A web application may execute in a web browser at a client computing device. The web browser may generate a document comprising a secure display element. The web browser may request to render the document at the client computing device. A cryptographic tool of the web browser may decrypt the first encrypted value to generate a first clear value. The web browser may render the document at an output device of the client computing device using the clear value. The web browser may also be programmed to prevent the web application from accessing the first clear value.

公开(公告)号：US10972481B2

公开(公告)日：2021-04-06

申请号：US16002372

申请日：2018-06-07

Applicant: SAP SE

Inventor： Martin Johns

IPC: H04L29/06 ,  H04L29/08

Abstract: Various examples are directed to systems and methods for secure communication sessions between a web application and a server. A session identifier routine executing at a computing device may receive a first request message comprising a session identifier field, the session identifier field comprising a client session identifier describing a communication session between the web application executing at the computing device and the server computing device. The session identifier routine may transform the client session identifier to a server session identifier using session identifier transformation data accessed from session vault persistence at the computing device. The session identifier routine may write the server session identifier to the session identifier field of the first request message and initiate sending the request message including the server session identifier to the server computing device.

公开(公告)号：US10560539B1

公开(公告)日：2020-02-11

申请号：US16136628

申请日：2018-09-20

Applicant: SAP SE

Inventor： Florian Loch ,  Martin Johns

IPC: G06F9/44 ,  H04L29/08 ,  G06F11/36 ,  G06F9/445 ,  G06F16/95

Abstract: In an example embodiment, a proxy server receives a request from a web browser operated on a client device, the request including a call for computer code written in a scripting language. The request is forwarded to a web server to obtain the computer code written in the scripting language. The computer code written in the scripting language is automatically instrumented by adding instrumentation code to the computer code written in the scripting language, the instrumentation code configured to, when executed, measure one or more metrics and report the resultant measurements. Then the instrumented computer code written in the scripting language is sent to the web browser for execution.

公开(公告)号：US20190205532A1

公开(公告)日：2019-07-04

申请号：US15862347

申请日：2018-01-04

Applicant: SAP SE

Inventor： Florian Loch ,  Martin Johns

IPC: G06F21/55 ,  H04L29/06 ,  G06F3/06 ,  G06F12/14 ,  G06F21/53

Abstract: Systems and methods are provided herein for dynamic, non-invasive taint tracking using auto-generated datatypes. A proxy entry point component of a taint-aware environment continuously monitors for a request to initiate an application. The application has an associated runtime environment and profile parameters specific to the application. Upon identifying the request, a core component of the taint-aware environment generates a set of augmented classes based on the profile parameters. The set of augmented classes contains taint-tracking functionality. The proxy entry point component modifies an initiation pathway of the application to force the runtime environment to retrieve the set of augmented classes prior to execution of the application. The runtime environment continuously monitors for tainted data or tainted code passed through or contained within the application based on the taint-tracking functionality of the set of augmented classes.