公开(公告)号：US20220197998A1

公开(公告)日：2022-06-23

申请号：US17127772

申请日：2020-12-18

Applicant: SAP SE

Inventor： Thomas Barber ,  David Klein ,  Martin Johns

IPC: G06F21/54 ,  G06F21/56 ,  G06F21/55 ,  G06F21/62

Abstract: Various embodiments of systems and methods to track tainting information via non-intrusive bytecode instrumentation are described herein. The described techniques include, at one aspect, defining a taint-aware class to shadow an original data class. The taint-aware class includes a payload field to store objects of the original data class, a metadata field to store tainting information corresponding to the objects of the original data class, and a method proxying a corresponding method of the original data class. In another aspect, the instances of the original data class are replaced with corresponding instances of the taint-aware class in an application bytecode. Further, in a yet another aspect, when executing the application in a runtime environment, the method propagates the content of the metadata filed and calls the corresponding method of the original data class to manage the content of the payload field.

公开(公告)号：US20230177166A1

公开(公告)日：2023-06-08

申请号：US17542939

申请日：2021-12-06

Applicant: SAP SE

Inventor： Souphiane Bensalim ,  Thomas Barber ,  David Klein ,  Martin Johns

IPC: G06F21/57

CPC classification number: G06F21/577 ,  G06F2221/033

Abstract: Embodiments relate to improving accuracy of security vulnerability detection by determining a context of a data flow from a target, generating an exploit, and injecting the exploit based upon the context to create a vulnerable Uniform Resource Locator (URL). The context may comprise a HTML context, a URL context, a JavaScript context, or a JSON context. Communication of the vulnerable URL to a testing platform results in validation of the presence of a security vulnerability. Embodiments may find particular value in detecting vulnerability to a client-side XSS attack, by generating a vulnerable URL containing an exploit that is injected based upon a collected taint flow. Where the target is a website, embodiments improve accuracy of client-side XSS validation exploits by identifying which characters of a URL enter a specific context (e.g., HTML or JavaScript), and replacing these characters with a payload designed to trigger code execution for validation.

公开(公告)号：US12182273B2

公开(公告)日：2024-12-31

申请号：US17665319

申请日：2022-02-04

Applicant: SAP SE

Inventor： Thomas Barber ,  David Klein ,  Martin Johns

IPC: H04L29/00 ,  G06F21/57

Abstract: Code injection is a type of security vulnerability in which an attacker injects client-side scripts modifying the content being delivered. A sanitizer function may provide defense against such attacks by removing certain characters (e.g., characters causing state transitions in HTML). A string sanitizer may be modeled in order to determine its effectiveness by obtaining data flow information indicating string operations that used an input string or information derived therefrom, including a string sanitizer function. A deterministic finite automata representing string values of the output parameter may be generated based on a graph generated from the data flow information, where the automata accepts possible output string values of the sanitizer. It can be determined whether there is a non-empty intersection between the automata for the sanitizer output and an automata representing a security exploit, which would indicate that the sanitizer function is vulnerable to the exploit.

公开(公告)号：US20240291858A1

公开(公告)日：2024-08-29

申请号：US18114895

申请日：2023-02-27

Applicant: SAP SE

Inventor： Cedric Hebert ,  Thomas Barber ,  Suv Sanjit Patnaik

IPC: H04L9/40

CPC classification number: H04L63/1466 ,  H04L63/1425

Abstract: A tainting engine can work in conjunction with a syntax attack detection template to identify when a threat actor attempts a malicious attack in a cloud application scenario. Non-intrusive instrumentation can be used to provide detection of an attempted attack regardless of whether the cloud application is vulnerable to such attacks. Detection of attempted attacks can be an important part of maintaining network security, even in cases where an application itself is not vulnerable to such attacks. Further details about the attempted attack can be assembled, and a variety of actions can be taken in response to detection.

公开(公告)号：US20230252159A1

公开(公告)日：2023-08-10

申请号：US17665319

申请日：2022-02-04

Applicant: SAP SE

Inventor： Thomas Barber ,  David Klein ,  Martin Johns

IPC: G06F21/57

CPC classification number: G06F21/577 ,  G06F2221/034

Abstract: Code injection is a type of security vulnerability in which an attacker injects client-side scripts modifying the content being delivered. A sanitizer function may provide defense against such attacks by removing certain characters (e.g., characters causing state transitions in HTML). A string sanitizer may be modeled in order to determine its effectiveness by obtaining data flow information indicating string operations that used an input string or information derived therefrom, including a string sanitizer function. A deterministic finite automata representing string values of the output parameter may be generated based on a graph generated from the data flow information, where the automata accepts possible output string values of the sanitizer. It can be determined whether there is a non-empty intersection between the automata for the sanitizer output and an automata representing a security exploit, which would indicate that the sanitizer function is vulnerable to the exploit.

公开(公告)号：US11526600B2

公开(公告)日：2022-12-13

申请号：US17127772

申请日：2020-12-18

Applicant: SAP SE

Inventor： Thomas Barber ,  David Klein ,  Martin Johns

IPC: G06F21/54 ,  G06F21/62 ,  G06F21/55 ,  G06F21/56

Abstract: Various embodiments of systems and methods to track tainting information via non-intrusive bytecode instrumentation are described herein. The described techniques include, at one aspect, defining a taint-aware class to shadow an original data class. The taint-aware class includes a payload field to store objects of the original data class, a metadata field to store tainting information corresponding to the objects of the original data class, and a method proxying a corresponding method of the original data class. In another aspect, the instances of the original data class are replaced with corresponding instances of the taint-aware class in an application bytecode. Further, in a yet another aspect, when executing the application in a runtime environment, the method propagates the content of the metadata filed and calls the corresponding method of the original data class to manage the content of the payload field.