公开(公告)号：US11539742B2

公开(公告)日：2022-12-27

申请号：US16696588

申请日：2019-11-26

Applicant: SAP SE

Inventor： Cedric Hebert ,  Andrea Palmieri ,  Merve Sahin ,  Anderson Santana de Oliveira

IPC: H04L29/06 ,  H04L9/40

Abstract: Systems, methods, and computer media for securing software applications are provided herein. The multi-factor fingerprints allow attackers to be distinguished from authorized users and allow different types of attacks to be distinguished. The multi-factor fingerprint can include, for example, a session identifier component, a software information component, and a hardware information component. The different components can be separately compared to components of stored fingerprints to determine whether an application session request is malicious, and if so, what type of attack, such as session cookie theft or a spoofing attack, is occurring.

公开(公告)号：US11425166B2

公开(公告)日：2022-08-23

申请号：US16552951

申请日：2019-08-27

Applicant: SAP SE

Inventor： Cedric Hebert ,  Merve Sahin ,  Anderson Santana de Oliveira

IPC: H04L9/40 ,  H04L67/146 ,  H04L29/06

Abstract: Systems, methods, and computer media for securing software applications are provided herein. Through the use of an identifier such as a digital fingerprint, application sessions or session requests that use the same credentials can be distinguished, and malicious users can be detected and managed. A request to establish a session with an application can be received. Based on a digital fingerprint associated with the request, it can be determined that although a credential included in the request is valid, the request is unauthorized by comparing the digital fingerprint to known malicious fingerprints. When the fingerprint is found to be malicious, a cloned application session having at least partially fake data can be established instead of the requested application, thus limiting an attacker's access to real application data without revealing to the attacker that the attack has been detected.

公开(公告)号：US20220103545A1

公开(公告)日：2022-03-31

申请号：US17034487

申请日：2020-09-28

Applicant: SAP SE

Inventor： Cedric Hebert ,  Anderson Santana de Oliveira ,  Merve Sahin

IPC: H04L29/06

Abstract: Systems, methods, and computer media for securing software applications are provided herein. Through an enhanced authentication token, an application session request can be deceptively authenticated. When a malicious session request is detected, an enhanced authentication token can be generated that appears to successfully authenticate the session but contains information indicating that the session is malicious. The attacker believes that the session has been authenticated, but the information in the token indicating that the session is malicious causes an application clone session to be established instead of an actual application session. The clone session appears to be an actual application session but protects the valid user's account by including fake data instead of the user's actual data.

公开(公告)号：US20210067552A1

公开(公告)日：2021-03-04

申请号：US16552959

申请日：2019-08-27

Applicant: SAP SE

Inventor： Cedric Hebert ,  Manuel Karl

IPC: H04L29/06

Abstract: Systems, methods, and computer media for securing software applications are provided herein. By recording path data representing interactions between an application and other components, it can be determined what data an attacker has received by the time malicious activity is detected. During a session with an application, queries made to a dataset by the application can be recorded. After the session is found to be malicious, the session is transferred to a cloned application session in which access to the dataset is blocked. Based on the recorded queries, an alternative dataset for queries made in the cloned application session is generated that includes a subset of the original dataset, thus limiting future queries of the attacker in the cloned application session to data already received before the malicious activity was detected.

公开(公告)号：US10140447B2

公开(公告)日：2018-11-27

申请号：US14966885

申请日：2015-12-11

Applicant: SAP SE

Inventor： Mohammad Ashiqur Rahaman ,  Cedric Hebert ,  Juergen Frank

IPC: G06F21/55 ,  G06N5/04 ,  G06N99/00 ,  G06F21/56

Abstract: Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for receiving parameters defining a detection technique, an attack scenario, and detection logic, receiving configuration data that is specific to a target system that is to be monitored, providing an attack pattern based on the parameters and the configuration data, monitoring the target system based on the attack pattern and data provided by one or more logs of the target system, and selectively generating, based on monitoring, an alert indicating a potential end-to-end intrusion into the target system.

公开(公告)号：US09894090B2

公开(公告)日：2018-02-13

申请号：US14799176

申请日：2015-07-14

Applicant: SAP SE

Inventor： Cedric Hebert ,  Laurent Gomez

IPC: H04L29/06 ,  G06F17/30 ,  G06F21/55 ,  G06F21/57

CPC classification number: H04L63/1433 ,  G06F17/30327 ,  G06F17/30377 ,  G06F21/552 ,  G06F21/577 ,  H04L63/1408

Abstract: Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for receiving goal data and start-up information, the goal data indicating a goal to be achieved during a penetration test, the start-up information indicating initial data for beginning the penetration test, receiving tool data from a register of tools, the tool data including one or more tools that can be used during the penetration test, and, for each tool, input data required to execute the tool and output data provided by the tool, processing the goal data, the start-up information and the tool data to automatically generate attack tree data, the attack tree data including a plurality of data sets and links between data sets, and providing the attack tree data to display a graphical representation of an attack tree on a display.

公开(公告)号：US20170019421A1

公开(公告)日：2017-01-19

申请号：US14799176

申请日：2015-07-14

Applicant: SAP SE

Inventor： Cedric Hebert ,  Laurent Gomez

IPC: H04L29/06 ,  G06F17/30

CPC classification number: H04L63/1433 ,  G06F17/30327 ,  G06F17/30377 ,  G06F21/552 ,  G06F21/577 ,  H04L63/1408

Abstract: Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for receiving goal data and start-up information, the goal data indicating a goal to be achieved during a penetration test, the start-up information indicating initial data for beginning the penetration test, receiving tool data from a register of tools, the tool data including one or more tools that can be used during the penetration test, and, for each tool, input data required to execute the tool and output data provided by the tool, processing the goal data, the start-up information and the tool data to automatically generate attack tree data, the attack tree data including a plurality of data sets and links between data sets, and providing the attack tree data to display a graphical representation of an attack tree on a display.

Abstract translation: 本公开的实现包括用于接收目标数据和启动信息的方法，系统和计算机可读存储介质，目标数据指示在穿透测试期间要实现的目标，启动信息指示初始数据开始 穿透测试，从工具寄存器接收工具数据，工具数据包括在穿透测试期间可以使用的一个或多个工具，以及对于每个工具，执行工具所需的输入数据和由工具提供的输出数据 ，处理目标数据，启动信息和工具数据以自动生成攻击树数据，攻击树数据包括多个数据集和数据集之间的链接，并提供攻击树数据以显示图形表示 在显示器上的攻击树。

公开(公告)号：US20230125567A1

公开(公告)日：2023-04-27

申请号：US17508513

申请日：2021-10-22

Applicant: SAP SE

Inventor： Cedric Hebert ,  Merve Sahin ,  Anderson Santana De Oliveira

IPC: G06F21/54 ,  G06F21/55 ,  G06F21/44

Abstract: Systems, methods, and computer media for securing software applications against unauthorized access through global lockout and capture are provided herein. For each request to access an application (whether pre- or post-authentication), a passive fingerprint, an active fingerprint, and a cookie are generated. The passive fingerprint represents characteristics of the requester's computing device that are provided with the request, such as source IP address, user agent, etc. The active fingerprint includes the information in the passive fingerprint as well as information that the computing device provides upon request, such as language or display information for the device. The passive fingerprint, active fingerprint, and cookie for a request are then associated together and stored. Access to the application can be managed based on the stored fingerprints and cookies.

公开(公告)号：US20230102162A1

公开(公告)日：2023-03-30

申请号：US17486403

申请日：2021-09-27

Applicant: SAP SE

Inventor： Anderson Santana De Oliveira ,  Cedric Hebert

IPC: G06F16/23 ,  G06F16/215

Abstract: Systems, methods, and computer media are described for accelerated fact checking using distributed storage platforms (e.g., a blockchain or other distributed ledger) and trusted software providers. A claim for fact checking is received from a user (e.g., organization) of a software application managed by the trusted software provider. User-specific data associated with both the user and the application that is related to the claim can then be accessed (e.g., retrieved from a data store through queries). It can then be determined whether the claim is supported based on the user's own data. If the claim is supported, verification data for the claim can be generated and stored in a distributed storage platform (e.g., blockchain), where the verification data is available for others to use in fact checking.

公开(公告)号：US11546378B2

公开(公告)日：2023-01-03

申请号：US16552959

申请日：2019-08-27

Applicant: SAP SE

Inventor： Cedric Hebert ,  Manuel Karl

IPC: H04L29/06 ,  H04L9/40

Abstract: Systems, methods, and computer media for securing software applications are provided herein. By recording path data representing interactions between an application and other components, it can be determined what data an attacker has received by the time malicious activity is detected. During a session with an application, queries made to a dataset by the application can be recorded. After the session is found to be malicious, the session is transferred to a cloned application session in which access to the dataset is blocked. Based on the recorded queries, an alternative dataset for queries made in the cloned application session is generated that includes a subset of the original dataset, thus limiting future queries of the attacker in the cloned application session to data already received before the malicious activity was detected.