-
公开(公告)号:US20200153850A1
公开(公告)日:2020-05-14
申请号:US16681548
申请日:2019-11-12
申请人: Tala Security, Inc.
IPC分类号: H04L29/06
摘要: Techniques to facilitate operation of a centralized trust authority for web application components are disclosed herein. In at least one implementation, a plurality of web resources used to construct web applications is received. Over a secure application programming interface (API), component registration information associated with each of the plurality of web resources is received, provided by producers of the web resources. The plurality of web resources is analyzed to determine unique identities and security attributes for each of the web resources. A plurality of security risk factors is identified for each of the plurality of web resources based on the component registration information and the security attributes determined for each of the web resources. A security profile is generated for each of the plurality of web resources based on the security risk factors identified for each of the web resources.
-
公开(公告)号:US11314862B2
公开(公告)日:2022-04-26
申请号:US15953953
申请日:2018-04-16
申请人: Tala Security, Inc.
摘要: Disclosed herein are enhancements for operating a communication network to detect malware in scripts of web applications. In one implementation, a method for modeling the structure of embedded unclassified scripts to compare the abstract dynamism of similar scripts. The method may determine structure of unclassified end user browser script by building abstract structure using code from unclassified end user browser script; compare determined structure of unclassified end user browser script with a plurality of generalized abstract structures; if the determined structure of unclassified end user browser script matches within a predetermined threshold of any of the plurality of generalized abstract structures, then the unclassified end user browser script is classified as benign, otherwise the determined structure is classified as malicious. This, in turn, provides a scalable and efficient way of identifying benign, malicious, known and unknown scripts from a script available in full or in part.
-
公开(公告)号:US11336676B2
公开(公告)日:2022-05-17
申请号:US16681548
申请日:2019-11-12
申请人: Tala Security, Inc.
IPC分类号: H04L29/06
摘要: Techniques to facilitate operation of a centralized trust authority for web application components are disclosed herein. In at least one implementation, a plurality of web resources used to construct web applications is received. Over a secure application programming interface (API), component registration information associated with each of the plurality of web resources is received, provided by producers of the web resources. The plurality of web resources is analyzed to determine unique identities and security attributes for each of the web resources. A plurality of security risk factors is identified for each of the plurality of web resources based on the component registration information and the security attributes determined for each of the web resources. A security profile is generated for each of the plurality of web resources based on the security risk factors identified for each of the web resources.
-
公开(公告)号:US20180121659A1
公开(公告)日:2018-05-03
申请号:US15796525
申请日:2017-10-27
申请人: Tala Security, Inc.
发明人: Sanjay Sawhney , Aanand Mahadevan Krishnan , Somesh Jha , Andrew Joseph Davidson , Swapnil Bhalode
CPC分类号: G06F21/577 , G06F21/53 , G06F21/562 , G06F21/566 , G06F2221/033
摘要: Techniques to facilitate security for a software application are disclosed herein. In at least one implementation, static analysis is performed on code resources associated with the software application to generate static analysis results. Dynamic analysis is performed on a running instance of the software application to generate dynamic analysis results. An application information model of the software application is generated based on the static analysis results and the dynamic analysis results. Security policies for the software application are determined based on the application information model.
-
公开(公告)号:US10592676B2
公开(公告)日:2020-03-17
申请号:US15796525
申请日:2017-10-27
申请人: Tala Security, Inc.
发明人: Sanjay Sawhney , Aanand Mahadevan Krishnan , Somesh Jha , Andrew Joseph Davidson , Swapnil Bhalode
摘要: Techniques to facilitate security for a software application are disclosed herein. In at least one implementation, static analysis is performed on code resources associated with the software application to generate static analysis results. Dynamic analysis is performed on a running instance of the software application to generate dynamic analysis results. An application information model of the software application is generated based on the static analysis results and the dynamic analysis results. Security policies for the software application are determined based on the application information model.
-
公开(公告)号:US20180300480A1
公开(公告)日:2018-10-18
申请号:US15953953
申请日:2018-04-16
申请人: Tala Security, Inc.
摘要: Disclosed herein are enhancements for operating a communication network to detect malware in scripts of web applications. In one implementation, a method for modeling the structure of embedded unclassified scripts to compare the abstract dynamism of similar scripts. The method may determine structure of unclassified end user browser script by building abstract structure using code from unclassified end user browser script; compare determined structure of unclassified end user browser script with a plurality of generalized abstract structures; if the determined structure of unclassified end user browser script matches within a predetermined threshold of any of the plurality of generalized abstract structures, then the unclassified end user browser script is classified as benign, otherwise the determined structure is classified as malicious. This, in turn, provides a scalable and efficient way of identifying benign, malicious, known and unknown scripts from a script available in full or in part.
-
-
-
-
-
搜索结果
6 条记录 (耗时 0.014 秒)
