-
公开(公告)号:US12182273B2
公开(公告)日:2024-12-31
申请号:US17665319
申请日:2022-02-04
Applicant: SAP SE
Inventor: Thomas Barber , David Klein , Martin Johns
Abstract: Code injection is a type of security vulnerability in which an attacker injects client-side scripts modifying the content being delivered. A sanitizer function may provide defense against such attacks by removing certain characters (e.g., characters causing state transitions in HTML). A string sanitizer may be modeled in order to determine its effectiveness by obtaining data flow information indicating string operations that used an input string or information derived therefrom, including a string sanitizer function. A deterministic finite automata representing string values of the output parameter may be generated based on a graph generated from the data flow information, where the automata accepts possible output string values of the sanitizer. It can be determined whether there is a non-empty intersection between the automata for the sanitizer output and an automata representing a security exploit, which would indicate that the sanitizer function is vulnerable to the exploit.
-
公开(公告)号:US11386214B2
公开(公告)日:2022-07-12
申请号:US16218781
申请日:2018-12-13
Applicant: SAP SE
Inventor: Martin Johns
Abstract: Various examples are directed to systems and methods for executing a web application with client-side encryption. A web browser can receive a document comprising a plurality of data elements including a secure element that comprises an encrypted value. An extension component may generate a secure container element to replace the secure element. The extension component can also insert a subdocument into the secure container element. The web browser may be configured to prevent web applications from accessing the subdocument. The extension component may also decrypt the encrypted value to generate a clear value and write the clear value to the subdocument. The web browser may render the document using the clear value.
-
公开(公告)号:US11374966B2
公开(公告)日:2022-06-28
申请号:US16218752
申请日:2018-12-13
Applicant: SAP SE
Inventor: Martin Johns
IPC: G06F16/245 , G06F16/25 , G06F16/248 , G06F16/22 , H04L9/40
Abstract: Methods, systems, and computer-readable storage media for receiving, by a database connector having a taint extension, a SQL request from an application, sending, by the taint extension, the SQL request to a SQL parser, receiving, by the taint extension, a structural representation of the SQL request from the SQL parser, adding, by the taint extension, taint information corresponding to data within the SQL request to provide an enhanced SQL statement, and transmitting, by the database connector, the enhanced SQL statement to a database for storing the taint information with the data.
-
公开(公告)号:US10552642B2
公开(公告)日:2020-02-04
申请号:US15650064
申请日:2017-07-14
Applicant: SAP SE
Inventor: Benny Rolle , Martin Johns
Abstract: Data use restrictions are linked with a data value for a data instance, such as in a data type implementation. The data use restrictions can be compared with a purpose associated with an operation request, such as an operation request from a software application, to determine whether the operation is permitted or prohibited. The data use restrictions can be automatically propagated to derivative data. Log entries can be generated for operations involving the data. The data use restrictions can include a data subject identifier and a data identifier, which may be used to locate related data and data associated with a particular data subject.
-
公开(公告)号:US10397243B2
公开(公告)日:2019-08-27
申请号:US14341585
申请日:2014-07-25
Applicant: SAP SE
Inventor: Martin Johns , Sebastian Lekies
IPC: H04L29/06 , H04L29/08 , G06F16/958 , G06F21/44
Abstract: A widget generator may be configured to provide, to a browser application, a widget that is executable to be rendered in conjunction with a page rendered by the browser application. A protection manager may be configured to provide, to the browser application and in conjunction with the widget, a protection script that is executable within a page context of the page and separate from a widget context of the widget. The protection script, during execution, validates a condition associated with a frame of the page that is used to render the widget, and enables functionality of the widget within the page, based on validation of the condition.
-
Patent Agency Ranking
公开(公告)号:US20190228150A1
公开(公告)日:2019-07-25
申请号:US15880398
申请日:2018-01-25
Applicant: SAP SE
Inventor: Martin Johns
Abstract: Embodiments protect against security vulnerabilities arising from 3rd party JavaScript code. A browser receives from a server, a document including a first JavaScript. The browser in turn references a list stored in a database to recognize the first JavaScript as originating from other than the server. This recognition process may involve obtaining a stacktrace. The browser then references a second JavaScript in order to instrument a document object model (DOM) feature (e.g., global API, DOM element-attached API, DOM node property) to sanitize the first JavaScript. For instrumenting a global API, this may comprise overwriting a global reference in the first JavaScript with a replacement reference to a sanitization function. For instrumenting the DOM element-attached API or the DOM node property, the instrumenting may comprise altering a prototype of the DOM node element. The browser causes the DOM feature to sanitize the first JavaScript, and passes a sanitized JavaScript for execution.
-
公开(公告)号:US10339311B2
公开(公告)日:2019-07-02
申请号:US15435961
申请日:2017-02-17
Applicant: SAP SE
Inventor: Martin Haerterich , Martin Johns
Abstract: Various examples are directed to detecting anomalous modifications to a software component. For example, a computing device may receive, from a version control system, version metadata describing properties of a plurality of commits for the software component. The computing device may generate a plurality of commit clusters based, at least in part, on the properties of the plurality of commits. The computing device may determine a first anomalous commit of the plurality of commits and generate an alert message indicating a first code segment modified by the first commit.
-
公开(公告)号:US20190020683A1
公开(公告)日:2019-01-17
申请号:US15650974
申请日:2017-07-17
Applicant: SAP SE
Inventor: MARTIN HAERTERICH , Martin Johns , Marius Musch
IPC: H04L29/06
Abstract: Various embodiments of systems, computer program products, and methods to automatically generate low-interaction honeypots to protect application landscapes through are described herein. In an aspect, representative applications associated with resources in a network are identified. The low-interaction honeypots are automatically generated for the identified representative applications. Further, the representative applications are probed to retrieve responses corresponding to different requests. Templates are generated corresponding to request-response pairs by parsing the responses and the requests. During operation, new requests for accessing the resources are responded based on the generated templates. The new requests and corresponding responses are recorded.
-
公开(公告)号:US20190018985A1
公开(公告)日:2019-01-17
申请号:US15650064
申请日:2017-07-14
Applicant: SAP SE
Inventor: Benny Rolle , Martin Johns
CPC classification number: G06F21/71 , G06F16/14 , G06F21/6209 , H04L29/06 , H04L67/1097 , H04M3/38
Abstract: Data use restrictions are linked with a data value for a data instance, such as in a data type implementation. The data use restrictions can be compared with a purpose associated with an operation request, such as an operation request from a software application, to determine whether the operation is permitted or prohibited. The data use restrictions can be automatically propagated to derivative data. Log entries can be generated for operations involving the data. The data use restrictions can include a data subject identifier and a data identifier, which may be used to locate related data and data associated with a particular data subject.
-
公开(公告)号:US20180349602A1
公开(公告)日:2018-12-06
申请号:US15615603
申请日:2017-06-06
Applicant: SAP SE
Inventor: Martin Johns
Abstract: A web application security testing framework includes a HTTP browser engine replaying recorded sessions to identify candidate traces indicative of attack. A mutation engine changes values in the attack candidate traces to generate additional traces posed against a virtualized server-side platform. The virtualized server-side platform creates snapshots of application state for testing, avoiding permanent damage to application persistence. The virtualized server-side platform includes persistence monitoring sensors (e.g., at connectors to the database or file system) for detecting vulnerability classes including Cross-Site Request Forgery (CSRF) and SQL injection attacks. For remote command execution attack detection, a server-side vulnerability validation interface records strings passed to code generating application program interfaces (APIs). For possible Cross-Site Scripting (XSS) attacks, the mutation engine may detect HTTP responses for examination of generated web code, and the HTTP browser may be extended to include a vulnerability validation API that is automatically called by successfully injected attack payloads.
-
-
-
-
-
-
-
-
-
Search Results
41
records
(took 0.026 seconds)
