Disclosed herein are techniques for visualizing and configuring controller function sequences. Techniques include identifying at least one executable code segment associated with a controller; analyzing the at least one executable code segment to determine at least one function and at least one functional relationship associated with the at least one code segment; constructing, a software functionality line-of-code behavior and relation model visually depicting the determined at least one function and at least one functional relationship; displaying the software functionality line-of-code behavior and relation model at a user interface; receiving a first input at the interface; in response to the received first input, animating the line-of-code behavior and relation model to visually depict execution of the at least one executable code segment on the controller; receiving a second input at the interface; and in response to the received second input, animating an update to the line-of-code behavior and relation model.

Computing systems with dynamic architectures may be used to secure against code-injection attacks and other exploits. A system may generate multiple representations of instructions or other data associated with each of a set of configurations of the system. The system may periodically or randomly change configurations such that malicious code that is executable in one configuration cannot be executed in another configuration. A system may also detect malicious code by comparing code previously generated in one representation with different representations of the same code. If, during execution of a representation of a program code, the system determines that the representation specifies instructions that differ from other representations of the same program code, they system may stop executing the compromised program code, change its configuration, and continue to execute another representation of the program code that has not been compromised.

Computing systems with dynamic architectures may be used to secure against code-injection attacks and other exploits. A system may generate multiple representations of instructions or other data associated with each of a set of configurations of the system. The system may periodically or randomly change configurations such that malicious code that is executable in one configuration cannot be executed in another configuration. A system may also detect malicious code by comparing code previously generated in one representation with different representations of the same code. If, during execution of a representation of a program code, the system determines that the representation specifies instructions that differ from other representations of the same program code, they system may stop executing the compromised program code, change its configuration, and continue to execute another representation of the program code that has not been compromised.

Embodiments address the problem of detecting anomalies in data sets with respect to well-defined normal behavior. Deviations of data collected in real-time are detected using a previously observed distribution of data known to be benign. Embodiments provide techniques to detect varying types of anomalies by creating multiple aggregation layers having varying granularities on top of the lowest level of data collection. This allows detection of fine anomalies that strongly impact single data points, as well as coarse anomalies that detect multiple data points less strongly. Machine learning models are trained and used to compare real-time data sets against behavior of a benign data set in order to detect differences and to flag anomalous behavior.

There is disclosed a method of preventing privileged web browser extensions installed in a web browser from interfering in interactions between a user of the web browser and a web application server accessible via the web browser, the method including transmitting a web browser-intelligible file to the web browser (including a custom element designating an enclave portion); creating a sandboxed page; copying at least part of the enclave portion to the sandboxed page to create a local enclave; embedding the sandboxed page in a first iframe for rendering; embedding the first iframe in a second iframe; providing an API for the local enclave using web-accessible resources for access to entities outside the local enclave; providing a software agent in the second iframe to act as a proxy between the first iframe and external entities; and encapsulating the second iframe in a shadow document object model associated with a host page.

There is disclosed a method of preventing privileged web browser extensions installed in a web browser from interfering in interactions between a user of the web browser and a web application server accessible via the web browser, the method including transmitting a web browser-intelligible file to the web browser (including a custom element designating an enclave portion); creating a sandboxed page; copying at least part of the enclave portion to the sandboxed page to create a local enclave; embedding the sandboxed page in a first iframe for rendering; embedding the first iframe in a second iframe; providing an API for the local enclave using web-accessible resources for access to entities outside the local enclave; providing a software agent in the second iframe to act as a proxy between the first iframe and external entities; and encapsulating the second iframe in a shadow document object model associated with a host page.

A computer-implemented method includes obtaining, by a processor, existing security information for static application security testing (SAST). The method also includes using, by the processor, the existing security information to discover, by a machine capable of learning, new security information. The method also includes improving, by the processor, security of a computer using the new security information.

A computer-implemented method includes obtaining, by a processor, existing security information for static application security testing (SAST). The method also includes using, by the processor, the existing security information to discover, by a machine capable of learning, new security information. The method also includes improving, by the processor, security of a computer using the new security information.

Examples of the present disclosure describe systems and methods for malicious software detection based on API trust. In an example, a set of software instructions executed by a computing device may call an API. A hook may be generated on the API, such that a threat processor may receive an indication when the API is called. Accordingly, the threat processor may generate a trust metric based on the execution of the set of software instructions, which may be used to determine whether the set of software instructions poses a potential threat. For example, one or more call stack frames may be evaluated to determine whether a return address is preceded by a call instruction, whether the return address is associated with a set of software instructions or memory associated with a set of software instructions, and/or whether the set of software instructions satisfies a variety of security criteria.

In accordance with some embodiments, an apparatus for privacy protection is provided. The apparatus includes a housing arranged to hold a personal communication device and a peripheral interface supported by the housing, where the peripheral interface is connectable to a supplemental functional device. The apparatus further includes a local communication device coupled to the peripheral interface and supported by the housing, where the local communication device includes a personal communication device interface modem operable to provide a communication channel between the peripheral interface and the personal communication device. The apparatus further includes a controller coupled to the peripheral interface and the local communication device, where the controller is operable to manage the communication channel between the supplemental functional device and the personal communication device.