公开(公告)号：US20250045413A1

公开(公告)日：2025-02-06

申请号：US18230577

申请日：2023-08-04

Applicant: SAP SE

Inventor： Merve Sahin ,  Marco Rosa

IPC: G06F21/57 ,  G06F21/56

Abstract: Contribution requests to a code repository are analyzed with a machine learning model before publishing. The machine learning model can be trained with past metadata of the contributor. Metadata can be extracted from the requests to determine whether the request is atypical for the contributor via a risk score. Requests determined to be atypical can be flagged for action by a security manager. Realtime assessment of code contributions can increase overall software security in a software development context.

公开(公告)号：US11729213B2

公开(公告)日：2023-08-15

申请号：US17062903

申请日：2020-10-05

Applicant: SAP SE

Inventor： Cedric Hebert ,  Merve Sahin ,  Anderson Santana de Oliveira ,  Rocio Cabrera Lozoya ,  Aicha Mhedhbi

IPC: H04L9/40 ,  G06F9/54 ,  H04L67/133

CPC classification number: H04L63/1491 ,  G06F9/547 ,  H04L63/1416 ,  H04L67/133

Abstract: Systems, methods, and computer media for securing software applications are provided herein. Using deceptive endpoints, attacks directed to API endpoints can be detected, and attackers can be monitored or blocked. Deceptive endpoints can be automatically generated by modifying valid endpoints for an application. Deceptive endpoints are not valid endpoints for the application, so if a deceptive endpoint is accessed, it is an indication of an attack. When a deceptive endpoint is deployed, accessing the deceptive endpoint can cause an alert to be generated, and an account, user, or device associated with accessing the deceptive endpoint can be blocked or monitored.

公开(公告)号：US11483346B2

公开(公告)日：2022-10-25

申请号：US16884521

申请日：2020-05-27

Applicant: SAP SE

Inventor： Anderson Santana De Oliveira ,  Cedric Hebert ,  Merve Sahin

IPC: H04L9/40 ,  G06K9/62

Abstract: Disclosed herein are method, system, and computer-readable storage medium embodiments for reinforcement learning applied to application responses using deception technology. An embodiment includes configuring at least one computer processor to perform operations that include detecting an unauthorized access attempt associated with an attacker, and recording an input log that includes inputs received from the attacker. An embodiment may further include operations of generating a state representation corresponding to an execution state of at least one software application, computing one or more predicted inputs, based at least in part on the input log and the state representation, and modifying, via at least one software agent, the execution state of at least the software application, based at least in part on the one or more predicted input. Types of attacks (unauthorized access attempts) may include cross-site scripting, cross-site request forgery, SQL injection, code injection, brute-force attack, buffer-overflow attack, or a combination thereof.

公开(公告)号：US20210377307A1

公开(公告)日：2021-12-02

申请号：US16884521

申请日：2020-05-27

Applicant: SAP SE

Inventor： Anderson Santana De Oliveira ,  Cedric Hebert ,  Merve Sahin

IPC: H04L29/06 ,  G06K9/62

Abstract: Disclosed herein are method, system, and computer-readable storage medium embodiments for reinforcement learning applied to application responses using deception technology. An embodiment includes configuring at least one computer processor to perform operations that include detecting an unauthorized access attempt associated with an attacker, and recording an input log that includes inputs received from the attacker. An embodiment may further include operations of generating a state representation corresponding to an execution state of at least one software application, computing one or more predicted inputs, based at least in part on the input log and the state representation, and modifying, via at least one software agent, the execution state of at least the software application, based at least in part on the one or more predicted input. Types of attacks (unauthorized access attempts) may include cross-site scripting, cross-site request forgery, SQL injection, code injection, brute-force attack, buffer-overflow attack, or a combination thereof.

公开(公告)号：US20210157917A1

公开(公告)日：2021-05-27

申请号：US16696594

申请日：2019-11-26

Applicant: SAP SE

Inventor： Cedric Hebert ,  Merve Sahin ,  Anderson Santana de Oliveira

IPC: G06F21/56 ,  G06F21/55 ,  G06F21/54 ,  G06F8/65

Abstract: Systems, methods, and computer media for collaboratively securing software applications are provided herein. Through a collaborative approach, the described examples allow detection and management of unauthorized users across applications and application suites. By communicating details regarding cyber-attacks among applications, threats to applications can be managed pre-emptively. For example, applications can use attacks on other applications to implement new honeytokens, threat detection points, and blacklisted usernames or other identifiers to limit data access in future attacks.

公开(公告)号：US12003539B2

公开(公告)日：2024-06-04

申请号：US17405267

申请日：2021-08-18

Applicant: SAP SE

Inventor： Cedric R. J. Hebert ,  Merve Sahin

IPC: H04L9/40 ,  G06F9/54

CPC classification number: H04L63/1491 ,  G06F9/547

Abstract: In an example embodiment, rather than merely identifying and patching vulnerabilities, a defender in a computer system is able to utilize deception to set traps for attackers who might attack an application. In this manner, rather than the attacker simply merely needing one entry point to succeed, the attacker would then need to avoid all traps, and the defender only needs one trap to be alerted of the attacker. More particularly, in an example embodiment, traps are set in a way that fools attackers, by blending deceptive but believable network traffic into real traffic to and from the application.

公开(公告)号：US20230125567A1

公开(公告)日：2023-04-27

申请号：US17508513

申请日：2021-10-22

Applicant: SAP SE

Inventor： Cedric Hebert ,  Merve Sahin ,  Anderson Santana De Oliveira

IPC: G06F21/54 ,  G06F21/55 ,  G06F21/44

Abstract: Systems, methods, and computer media for securing software applications against unauthorized access through global lockout and capture are provided herein. For each request to access an application (whether pre- or post-authentication), a passive fingerprint, an active fingerprint, and a cookie are generated. The passive fingerprint represents characteristics of the requester's computing device that are provided with the request, such as source IP address, user agent, etc. The active fingerprint includes the information in the passive fingerprint as well as information that the computing device provides upon request, such as language or display information for the device. The passive fingerprint, active fingerprint, and cookie for a request are then associated together and stored. Access to the application can be managed based on the stored fingerprints and cookies.

公开(公告)号：US11429716B2

公开(公告)日：2022-08-30

申请号：US16696594

申请日：2019-11-26

Applicant: SAP SE

Inventor： Cedric Hebert ,  Merve Sahin ,  Anderson Santana de Oliveira

IPC: G06F21/55 ,  G06F21/53 ,  G06F21/56 ,  G06F8/65 ,  G06F21/54

Abstract: Systems, methods, and computer media for collaboratively securing software applications are provided herein. Through a collaborative approach, the described examples allow detection and management of unauthorized users across applications and application suites. By communicating details regarding cyber-attacks among applications, threats to applications can be managed pre-emptively. For example, applications can use attacks on other applications to implement new honeytokens, threat detection points, and blacklisted usernames or other identifiers to limit data access in future attacks.

公开(公告)号：US20220109692A1

公开(公告)日：2022-04-07

申请号：US17062903

申请日：2020-10-05

Applicant: SAP SE

Inventor： Cedric Hebert ,  Merve Sahin ,  Anderson Santana de Oliveira ,  Rocio Cabrera Lozoya ,  Aicha Mhedhbi

IPC: H04L29/06 ,  G06F9/54

Abstract: Systems, methods, and computer media for securing software applications are provided herein. Using deceptive endpoints, attacks directed to API endpoints can be detected, and attackers can be monitored or blocked. Deceptive endpoints can be automatically generated by modifying valid endpoints for an application. Deceptive endpoints are not valid endpoints for the application, so if a deceptive endpoint is accessed, it is an indication of an attack. When a deceptive endpoint is deployed, accessing the deceptive endpoint can cause an alert to be generated, and an account, user, or device associated with accessing the deceptive endpoint can be blocked or monitored.

公开(公告)号：US11212281B2

公开(公告)日：2021-12-28

申请号：US16549087

申请日：2019-08-23

Applicant: SAP SE

Inventor： Cedric Hebert ,  Anderson Santana De Oliveira ,  Merve Sahin

IPC: H04L29/06

Abstract: Disclosed herein are system, method, and computer program product embodiments for detecting cyber-attack. In an embodiment, a server receives a request to an application from a user device. The server determines that there is no cookie in the received request. The server then generates a new fingerprinting cookie and sends a verification request to the user device to verify the identity of a user. When the server receives the verification reply from the user device, the server determines that the verification reply is valid, marks the new cookie as a verified cookie, and transfers the request to the application for processing. The server can also unverify the verified cookie when the verified cookie is included in a malicious request. The server can determine that a request is malicious by analyzing functions the user wishes to perform using the request.