-
公开(公告)号:US20220272127A1
公开(公告)日:2022-08-25
申请号:US17386870
申请日:2021-07-28
申请人: Tala Security, Inc.
发明人: Siddhesh Shripad Yawalkar , Hemant Puri , Nicholas Maxwell , Sandeep Bhatkar , Nhan Nyugen , Anindita Bhattacharjee
IPC分类号: H04L29/06
摘要: Techniques to facilitate automatic insertion of security policies for web applications are disclosed herein. In at least one implementation, security configuration information for a web application is received. A web request for a web resource is received and processed to determine an HTTP security header for insertion into a web response to the web request based on properties of the web request. The web response is intercepted and the HTTP security header is inserted into the web response to generate a modified web response. The web response is processed to determine a security enhancement to apply to the web resource based on the security configuration information. The security enhancement is applied to the web resource to generate a modified web resource. The modified web response and the modified web resource are provided to a client application in response to the web request for the web resource.
-
公开(公告)号:US11314862B2
公开(公告)日:2022-04-26
申请号:US15953953
申请日:2018-04-16
申请人: Tala Security, Inc.
摘要: Disclosed herein are enhancements for operating a communication network to detect malware in scripts of web applications. In one implementation, a method for modeling the structure of embedded unclassified scripts to compare the abstract dynamism of similar scripts. The method may determine structure of unclassified end user browser script by building abstract structure using code from unclassified end user browser script; compare determined structure of unclassified end user browser script with a plurality of generalized abstract structures; if the determined structure of unclassified end user browser script matches within a predetermined threshold of any of the plurality of generalized abstract structures, then the unclassified end user browser script is classified as benign, otherwise the determined structure is classified as malicious. This, in turn, provides a scalable and efficient way of identifying benign, malicious, known and unknown scripts from a script available in full or in part.
-
公开(公告)号:US20220021691A1
公开(公告)日:2022-01-20
申请号:US17375419
申请日:2021-07-14
申请人: Tala Security, Inc.
发明人: Sandeep Bhatkar , Nicholas Maxwell , Aditya Kumar , Siddhesh Yawalkar , Nhan Nguyen , Ravi Bajpai , Swapnil Bhalode , Hemant Puri
IPC分类号: H04L29/06
摘要: Techniques to facilitate protection of web application components are disclosed herein. In at least one implementation, a plurality of web resources associated with a web applications is received. The plurality of web resources is processed to generate individual generalized code templates for each of the web resources by removing data constants and code formatting elements from the web resources. A set of the individual generalized code templates for each of the web resources is stored in a probabilistic data structure. A security web module comprising the probabilistic data structure having the set of the individual generalized code templates for each of the web resources stored therein is deployed to protect the web application.
-
公开(公告)号:US11336676B2
公开(公告)日:2022-05-17
申请号:US16681548
申请日:2019-11-12
申请人: Tala Security, Inc.
IPC分类号: H04L29/06
摘要: Techniques to facilitate operation of a centralized trust authority for web application components are disclosed herein. In at least one implementation, a plurality of web resources used to construct web applications is received. Over a secure application programming interface (API), component registration information associated with each of the plurality of web resources is received, provided by producers of the web resources. The plurality of web resources is analyzed to determine unique identities and security attributes for each of the web resources. A plurality of security risk factors is identified for each of the plurality of web resources based on the component registration information and the security attributes determined for each of the web resources. A security profile is generated for each of the plurality of web resources based on the security risk factors identified for each of the web resources.
-
公开(公告)号:US20220345497A1
公开(公告)日:2022-10-27
申请号:US17729852
申请日:2022-04-26
申请人: Tala Security, Inc.
IPC分类号: H04L9/40
摘要: Techniques to facilitate adaptive sampling of security policy violations are disclosed herein. In at least one implementation, a variable sampling rate for sampling a fixed amount of security policy violation reports per unit time based on a violation rate is determined. The variable sampling rate is applied to sample the fixed amount of the security policy violation reports per unit time. When the violation rate exceeds a threshold, the variable sampling rate is switched to a fixed sampling rate for sampling a variable amount of the security policy violation reports per unit time. The fixed sampling rate is applied to sample the variable amount of the security policy violation reports per unit time.
-
公开(公告)号:US10592676B2
公开(公告)日:2020-03-17
申请号:US15796525
申请日:2017-10-27
申请人: Tala Security, Inc.
发明人: Sanjay Sawhney , Aanand Mahadevan Krishnan , Somesh Jha , Andrew Joseph Davidson , Swapnil Bhalode
摘要: Techniques to facilitate security for a software application are disclosed herein. In at least one implementation, static analysis is performed on code resources associated with the software application to generate static analysis results. Dynamic analysis is performed on a running instance of the software application to generate dynamic analysis results. An application information model of the software application is generated based on the static analysis results and the dynamic analysis results. Security policies for the software application are determined based on the application information model.
-
-
-
-
-
搜索结果
6 条记录 (耗时 0.011 秒)
