| CPC H04L 63/1433 (2013.01) | 20 Claims |
|
1. A method for identifying exploitable security vulnerabilities in a computing environment, the computing environment comprising a plurality of network resources and network connections therebetween, the method comprising:
using at least one computer hardware processor to perform:
obtaining metadata indicating a set of network resources in the plurality of network resources and network connections among network resources in the set of network resources;
generating, using the metadata, a first relational representation of the set of network resources, the first relational representation comprising at least one network connection table indicating network resources in the set of network resources and network connections among the network resources in the set of network resources;
generating, using the first relational representation, a second relational representation of a plurality of network paths, the second relational representation comprising at least one network path table indicating the plurality of network paths between network resources in the set of network resources, at least one of the plurality of network paths comprising one or more of the set of network resources between a pair of the set of the network resources; and
identifying, from among the plurality of network paths and using the second relational representation and information indicating one or more of the plurality of network resources that have at least one respective security vulnerability, one or more network attack paths that may be used to exploit one or more security vulnerabilities of network resources in the set of network resources.
|