-
公开(公告)号:US11429716B2
公开(公告)日:2022-08-30
申请号:US16696594
申请日:2019-11-26
Applicant: SAP SE
Inventor: Cedric Hebert , Merve Sahin , Anderson Santana de Oliveira
Abstract: Systems, methods, and computer media for collaboratively securing software applications are provided herein. Through a collaborative approach, the described examples allow detection and management of unauthorized users across applications and application suites. By communicating details regarding cyber-attacks among applications, threats to applications can be managed pre-emptively. For example, applications can use attacks on other applications to implement new honeytokens, threat detection points, and blacklisted usernames or other identifiers to limit data access in future attacks.
-
公开(公告)号:US20220109692A1
公开(公告)日:2022-04-07
申请号:US17062903
申请日:2020-10-05
Applicant: SAP SE
Inventor: Cedric Hebert , Merve Sahin , Anderson Santana de Oliveira , Rocio Cabrera Lozoya , Aicha Mhedhbi
Abstract: Systems, methods, and computer media for securing software applications are provided herein. Using deceptive endpoints, attacks directed to API endpoints can be detected, and attackers can be monitored or blocked. Deceptive endpoints can be automatically generated by modifying valid endpoints for an application. Deceptive endpoints are not valid endpoints for the application, so if a deceptive endpoint is accessed, it is an indication of an attack. When a deceptive endpoint is deployed, accessing the deceptive endpoint can cause an alert to be generated, and an account, user, or device associated with accessing the deceptive endpoint can be blocked or monitored.
-
Patent Agency Ranking
公开(公告)号:US11212281B2
公开(公告)日:2021-12-28
申请号:US16549087
申请日:2019-08-23
Applicant: SAP SE
Inventor: Cedric Hebert , Anderson Santana De Oliveira , Merve Sahin
IPC: H04L29/06
Abstract: Disclosed herein are system, method, and computer program product embodiments for detecting cyber-attack. In an embodiment, a server receives a request to an application from a user device. The server determines that there is no cookie in the received request. The server then generates a new fingerprinting cookie and sends a verification request to the user device to verify the identity of a user. When the server receives the verification reply from the user device, the server determines that the verification reply is valid, marks the new cookie as a verified cookie, and transfers the request to the application for processing. The server can also unverify the verified cookie when the verified cookie is included in a malicious request. The server can determine that a request is malicious by analyzing functions the user wishes to perform using the request.
-
公开(公告)号:US10958685B2
公开(公告)日:2021-03-23
申请号:US16211802
申请日:2018-12-06
Applicant: SAP SE
Inventor: Cedric Hebert , Anderson Santana de Oliveira , Lorenzo Frigerio
Abstract: Data is received that includes a plurality of fields. These fields are modified using at least one differential privacy algorithm to result in fake data. This fake data is subsequently used to seed and enable a honeypot so that access to such honeypot and fake data can be monitored and/or logged. Related apparatus, systems, techniques and articles are also described.
-
公开(公告)号:US20210067551A1
公开(公告)日:2021-03-04
申请号:US16552951
申请日:2019-08-27
Applicant: SAP SE
Inventor: Cedric Hebert , Merve Sahin , Anderson Santana de Oliveira
IPC: H04L29/06
Abstract: Systems, methods, and computer media for securing software applications are provided herein. Through the use of an identifier such as a digital fingerprint, application sessions or session requests that use the same credentials can be distinguished, and malicious users can be detected and managed. A request to establish a session with an application can be received. Based on a digital fingerprint associated with the request, it can be determined that although a credential included in the request is valid, the request is unauthorized by comparing the digital fingerprint to known malicious fingerprints. When the fingerprint is found to be malicious, a cloned application session having at least partially fake data can be established instead of the requested application, thus limiting an attacker's access to real application data without revealing to the attacker that the attack has been detected.
-
公开(公告)号:US20200186567A1
公开(公告)日:2020-06-11
申请号:US16211802
申请日:2018-12-06
Applicant: SAP SE
Inventor: Cedric Hebert , Anderson Santana de Oliveira , Lorenzo Frigerio
Abstract: Data is received that includes a plurality of fields. These fields are modified using at least one differential privacy algorithm to result in fake data. This fake data is subsequently used to seed and enable a honeypot so that access to such honeypot and fake data can be monitored and/or logged. Related apparatus, systems, techniques and articles are also described.
-
公开(公告)号:US09798526B2
公开(公告)日:2017-10-24
申请号:US14978713
申请日:2015-12-22
Applicant: SAP SE
Inventor: Gilles Montagnon , Cedric Hebert , Elton Mathias , Wihem Arsac , Jakub Sendor
Abstract: A multi-domain decision manager facilitates software development of a software application across knowledge domains, based on relationships between a first knowledge domain and a second knowledge domain. The multi-domain decision manager includes an assessment engine configured to construct a first assessment as an instantiation of a first knowledge base model of the first knowledge domain, and a second assessment as an instantiation of a second knowledge base model of the second knowledge domain. A relationship engine may be configured to characterize relationships between the first assessment and the second assessment, wherein the relationships characterize a likelihood that inclusion of a first selectable assessment option of the first assessment is associated with inclusion of a second selectable assessment option of the second assessment. A relationship analyzer may be configured to provide a relationship analysis characterizing a cumulative impact of the relationships on the first assessment and the second assessment.
-
-
-
-
-
-
Search Results
37
records
(took 0.025 seconds)
