公开(公告)号：US20240048593A1

公开(公告)日：2024-02-08

申请号：US17882436

申请日：2022-08-05

Applicant: SAP SE

Inventor： Cedric Hebert ,  Merve Sahin

IPC: H04L9/40 ,  G06F16/958 ,  G06F40/143 ,  G06F40/103

CPC classification number: H04L63/20 ,  G06F16/986 ,  H04L63/1433 ,  G06F40/143 ,  G06F40/103

Abstract: The source code of an HTML form can be analyzed to derive parameter rules that are subsequently enforced when apparent content of the HTML form is received. Such parameter rules can be drawn from client-side restrictions that are extracted from the HTML source, which are then enforced to prevent content violating the rules from reaching the backend. A proxy can sit between the application and the apparent browser. Dynamically generated HTML can be supported via a headless browser that mirrors HTML that would be present at a browser. Useful for preventing HTML form-based attacks and identifying clear cases of malicious HTML form requests.

公开(公告)号：US20230068346A1

公开(公告)日：2023-03-02

申请号：US17405267

申请日：2021-08-18

Applicant: SAP SE

Inventor： Cedric R.J. Hebert ,  Merve Sahin

IPC: H04L29/06 ,  G06F9/54

Abstract: In an example embodiment, rather than merely identifying and patching vulnerabilities, a defender in a computer system is able to utilize deception to set traps for attackers who might attack an application. In this manner, rather than the attacker simply merely needing one entry point to succeed, the attacker would then need to avoid all traps, and the defender only needs one trap to be alerted of the attacker. More particularly, in an example embodiment, traps are set in a way that fools attackers, by blending deceptive but believable network traffic into real traffic to and from the application.

公开(公告)号：US20250071133A1

公开(公告)日：2025-02-27

申请号：US18237834

申请日：2023-08-24

Applicant: SAP SE

Inventor： Merve Sahin ,  Cedric Hebert

IPC: H04L9/40

Abstract: Application slicing can be applied to a web application with web application endpoints so that only the endpoints accessible by a given role are present in a given slice. Thus, role-based application slicing can be implemented. Subsequently, when requests for access to endpoints are received, the requests can be directed to a slice associated with a role of the user identifier making the request. Vulnerability chaining can thus be avoided because functionality in the slice is limited to that appropriate for the role of the user. The technologies can also be leveraged by extracting removed endpoints that can be used to detect intrusion in an active defense scenario.

公开(公告)号：US20240275780A1

公开(公告)日：2024-08-15

申请号：US18637239

申请日：2024-04-16

Applicant: SAP SE

Inventor： Cedric Hebert ,  Anderson Santana de Oliveira ,  Merve Sahin

IPC: H04L9/40

CPC classification number: H04L63/0853 ,  H04L63/0281 ,  H04L63/083 ,  H04L63/1416

Abstract: Systems, methods, and computer media for securing software applications are provided herein. Through an enhanced authentication token, an application session request can be deceptively authenticated. When a malicious session request is detected, an enhanced authentication token can be generated that appears to successfully authenticate the session but contains information indicating that the session is malicious. The attacker believes that the session has been authenticated, but the information in the token indicating that the session is malicious causes an application clone session to be established instead of an actual application session. The clone session appears to be an actual application session but protects the valid user's account by including fake data instead of the user's actual data.

公开(公告)号：US20240045955A1

公开(公告)日：2024-02-08

申请号：US17880385

申请日：2022-08-03

Applicant: SAP SE

Inventor： Merve Sahin ,  Cedric Hebert ,  Noemi Daniele ,  Francesco Di Cerbo

IPC: G06F21/56 ,  G06F21/55 ,  G06N20/00

CPC classification number: G06F21/563 ,  G06F21/552 ,  G06N20/00 ,  G06F2221/033

Abstract: A trained machine learning model can determine whether a portion of programming code contains a security event. The determination can be included in a security assessment. The category of security event can also be determined. During training, observed portions of programming code labeled according to whether they contain a security event and the category of security event can be tokenized. Vectors can be generated from the tokens. The machine learning model can generate a new vector for an incoming portion of programming code and compare against combined vectors for the observed portions of programming code. A security assessment can indicate whether the incoming portion of programming code contains a security event, the category of the event, or both. For training purposes, security logging statements can be removed from training code.

公开(公告)号：US20210160277A1

公开(公告)日：2021-05-27

申请号：US16696588

申请日：2019-11-26

Applicant: SAP SE

Inventor： Cedric Hebert ,  Andrea Palmieri ,  Merve Sahin ,  Anderson Santana de Oliveira

IPC: H04L29/06

Abstract: Systems, methods, and computer media for securing software applications are provided herein. The multi-factor fingerprints allow attackers to be distinguished from authorized users and allow different types of attacks to be distinguished. The multi-factor fingerprint can include, for example, a session identifier component, a software information component, and a hardware information component. The different components can be separately compared to components of stored fingerprints to determine whether an application session request is malicious, and if so, what type of attack, such as session cookie theft or a spoofing attack, is occurring.

公开(公告)号：US11979395B2

公开(公告)日：2024-05-07

申请号：US17034487

申请日：2020-09-28

Applicant: SAP SE

Inventor： Cedric Hebert ,  Anderson Santana de Oliveira ,  Merve Sahin

IPC: H04L29/06 ,  H04L9/40

CPC classification number: H04L63/0853 ,  H04L63/0281 ,  H04L63/083 ,  H04L63/1416

Abstract: Systems, methods, and computer media for securing software applications are provided herein. Through an enhanced authentication token, an application session request can be deceptively authenticated. When a malicious session request is detected, an enhanced authentication token can be generated that appears to successfully authenticate the session but contains information indicating that the session is malicious. The attacker believes that the session has been authenticated, but the information in the token indicating that the session is malicious causes an application clone session to be established instead of an actual application session. The clone session appears to be an actual application session but protects the valid user's account by including fake data instead of the user's actual data.

公开(公告)号：US11539742B2

公开(公告)日：2022-12-27

申请号：US16696588

申请日：2019-11-26

Applicant: SAP SE

Inventor： Cedric Hebert ,  Andrea Palmieri ,  Merve Sahin ,  Anderson Santana de Oliveira

IPC: H04L29/06 ,  H04L9/40

Abstract: Systems, methods, and computer media for securing software applications are provided herein. The multi-factor fingerprints allow attackers to be distinguished from authorized users and allow different types of attacks to be distinguished. The multi-factor fingerprint can include, for example, a session identifier component, a software information component, and a hardware information component. The different components can be separately compared to components of stored fingerprints to determine whether an application session request is malicious, and if so, what type of attack, such as session cookie theft or a spoofing attack, is occurring.

公开(公告)号：US11425166B2

公开(公告)日：2022-08-23

申请号：US16552951

申请日：2019-08-27

Applicant: SAP SE

Inventor： Cedric Hebert ,  Merve Sahin ,  Anderson Santana de Oliveira

IPC: H04L9/40 ,  H04L67/146 ,  H04L29/06

Abstract: Systems, methods, and computer media for securing software applications are provided herein. Through the use of an identifier such as a digital fingerprint, application sessions or session requests that use the same credentials can be distinguished, and malicious users can be detected and managed. A request to establish a session with an application can be received. Based on a digital fingerprint associated with the request, it can be determined that although a credential included in the request is valid, the request is unauthorized by comparing the digital fingerprint to known malicious fingerprints. When the fingerprint is found to be malicious, a cloned application session having at least partially fake data can be established instead of the requested application, thus limiting an attacker's access to real application data without revealing to the attacker that the attack has been detected.

公开(公告)号：US20220103545A1

公开(公告)日：2022-03-31

申请号：US17034487

申请日：2020-09-28

Applicant: SAP SE

Inventor： Cedric Hebert ,  Anderson Santana de Oliveira ,  Merve Sahin

IPC: H04L29/06

Abstract: Systems, methods, and computer media for securing software applications are provided herein. Through an enhanced authentication token, an application session request can be deceptively authenticated. When a malicious session request is detected, an enhanced authentication token can be generated that appears to successfully authenticate the session but contains information indicating that the session is malicious. The attacker believes that the session has been authenticated, but the information in the token indicating that the session is malicious causes an application clone session to be established instead of an actual application session. The clone session appears to be an actual application session but protects the valid user's account by including fake data instead of the user's actual data.