Embodiments are directed to using a hash signature of a rendered DOM object of a website to find similar content and behavior on other websites. Embodiments break a DOM into a large number of data portions (i.e., “shingles”), apply a hashing algorithm to the shingles, select a predetermined number of hashes from the hashed shingles according to a selection criteria to create a hash signature, and compare the hash signature to that of a reference page to determine similarity of website DOM object content. Embodiments can be used to identify phishing websites, defaced websites, spam websites, significant changes in the content of a webpage, copyright infringement, and any other suitable purposes related to the similarity between website DOM object content.

A method for enforcing entitlements includes configuring a wide variety of entitlements at a server; determining applicable combination of entitlements for a given client request; sending entitlements to the requesting client securely; handling entitlement information securely on a plurality of client devices at run time; storing entitlement information securely on a plurality of client devices for offline use; and enforcing entitlements on a plurality of client devices. The method employs manipulation of manifest files by a proxy that may be included in the client device or located in the network.

The present disclosure provides a method and system for transforming web application output that is vulnerable to XSS attacks to CSP-compliant web application output. This transformation is accomplished by parsing the output code to identify headers and script and splitting the headers and script to form CSP-compliant web application output.

In one aspect, computerized method for hardening security of an application includes the step of modifying a set of instructions of an application to include at least one sensor adapted to capture a set of information snapshots from within the application in a running state. The method includes the step of analyzing, from within the application, the set of information snapshots from the at least one sensor. The method includes the step of detecting a presence, a status, and a configuration of a security defense mechanism based on an analysis of the information snapshots; invoking an appropriate hardening action to improve the security defense mechanism of the application.

A method for remotely verifying a non-resident alien's identity, includes: receiving a request to establish a communication session from a user device; analyzing the request to determine whether the user device is compromised; in response to determining that the user device is not compromised, providing a page flow to the user device to solicit information from the non-resident alien, the information including identity information associated with a local foreign government identification document (ID), and other information not shown on the local foreign government ID; querying one or more foreign governmental data stores to identify foreign data associated with the non-resident alien based on a unique identifier associated with the local foreign government ID; comparing the information with the foreign data; and verifying an identity of the non-resident alien based on the comparing, wherein the verifying includes determining that at least one of the other information matches the foreign data.

Systems and methods discussed for redirection of launch requests for local applications to corresponding remote applications, such as SaaS or network applications provided by an application server, and access of the corresponding remote application via an embedded browser of a client application. A client application executed by a client device may detect a request of a user to launch a local application of the client device. The client application may determine that the local application corresponds to a network application provided by an application server. The client application may intercept the request to launch the local application, responsive to the determination. An embedded browser of the client application may access the network application from the application server, responsive to interception of the request.

Techniques are described for promoting content items in a page to load in a different order than the order in which they were initially designated to load in the page source. A page may include critical content items designated to load earlier than non-critical content items. In instances where there is a delay due to latency in generating or retrieving the critical content items, one or more non-critical content items may be promoted to be sent earlier than initially designated. Promotion may include frame reordering, such that communication frames including non-critical content items are sent to a user device prior to the frames that include critical content items. By promoting non-critical content items to be sent during the period in which the loading of the page may otherwise be stalled, overall page load times may be reduced.

A method may include receiving a selection of a task object for execution, the task object related to an application programming interface (API), determining whether the task object includes a placeholder value in the task object, and based on the task object including a placeholder value, producing an interface via which a user submits user input related to the placeholder value as described in the task object. The method may also include replacing the placeholder value with a new value that is based on the user input received via the interface, and generating an API call to the API in a target programming language, where the API call includes the new value. The method may also include deploying the generated API call on a target platform for execution, and obtaining results of the API call.

The subject matter of this specification can be embodied in, among other things, a method that includes receiving, by one or more servers associated with an application marketplace, a policy that includes data that identifies one or more users, and a restricted permission. A request is received, by the servers associated with the application marketplace, to access one or more applications that are distributed through the application marketplace, wherein the request includes data that identifies a particular one of the users. One or more of the applications that are associated with the restricted permission are identified by the servers associated with the application marketplace, and access by the particular user to the applications that are associated with the restricted permission is restricted by the servers associated with the application marketplace.

A method, computer program product and computer system are provided to promote device usage compliance. A processor retrieves a current position for a device. A processor determines at least one nearby location based on the current position of the device. A processor retrieves search data regarding the at least one nearby location. A processor determines compliance information regarding the at least one location based, at least in part, on the search data. A processor configures the device based on the compliance information regarding the at least one location.