Abstract: Systems and methods detect and prevent changes in business applications that modify its state to non-secure and/or non-compliant. A system may include a processor set up to perform: defining a compliant state of a computer software configuration, monitoring a state of the computer software configuration, detecting a change in the state of the computer software configuration, wherein the change causes a changed state, and comparing the compliant state and the changed state, wherein if the changed state conflicts with the compliant state, stopping the change.

Abstract: Systems and methods detect and prevent changes in business applications that modify its state to non-secure and/or non-compliant. A system may include a processor set up to perform: defining a compliant state of a computer software configuration, monitoring a state of the computer software configuration, detecting a change in the state of the computer software configuration, wherein the change causes a changed state, and comparing the compliant state and the changed state, wherein if the changed state conflicts with the compliant state, stopping the change.

Abstract: A computer-based method of analyzing a business-critical application computer system includes extracting a plurality of software objects from the business-critical application computer system, storing the extracted software objects in a computer-based search platform, finding relationships between the extracted software objects that are stored in the computer-based search platform, and creating a database that represents the extracted software objects and the relationships between the extracted software objects. Each software object (a unique piece of code, a file, a data string, or other aspect of the business-critical application computer system) may represent an element of the business-critical application computer system whose graphical representation as a node connected to another node based on relationships, functional or otherwise, between the corresponding elements is desirable in view of a particular goal of the analysis.

Abstract: A computer-based method is disclosed for assessing impact of a patch on a target business-critical application computer system. The method includes receiving information at a computer-based impact assessment system about end-user activities on the target business-critical application computer system over a specified period of time; identifying, with a computer-based fixed objects identifier, one or more software objects in the target business-critical application computer system fixed by the patch; identifying, with a computer-based entry point finder, one or more entry points associated with the fixed software object(s) at the target business-critical application system; and cross-referencing the information about the end-user activities on the target business-critical application system against the one or more entry points associated with the fixed software object(s) at the target business-critical application system.

Abstract: A computer-based method is disclosed for checking a target computer system for unnecessary privileges. The method includes receiving, at a computer-based privileges checking system, a listing of all privileges available the target computer system; receiving, at the computer-based privileges checking system, information about end-user activities on the target computer system over a specified period of time; for each respective one of the end-user activities, querying a computer-based entry point finder for any privileges that were checked at the target system for that activity; and removing the privileges that were checked at the target system for the end-user activities from the listing of all privileges available at the target system to produce a listing of unnecessary privileges at the target system.

Abstract: Systems and methods detect and prevent changes in business applications that modify its state to non-secure and/or non-compliant. A system may include a processor set up to perform: defining a compliant state of a computer software configuration, monitoring a state of the computer software configuration, detecting a change in the state of the computer software configuration, wherein the change causes a changed state, and comparing the compliant state and the changed state, wherein if the changed state conflicts with the compliant state, stopping the change.

Abstract: A computer-based method is disclosed for assessing impact of a patch on a target business-critical application computer system. The method includes receiving information at a computer-based impact assessment system about end-user activities on the target business-critical application computer system over a specified period of time; identifying, with a computer-based fixed objects identifier, one or more software objects in the target business-critical application computer system fixed by the patch; identifying, with a computer-based entry point finder, one or more entry points associated with the fixed software object(s) at the target business-critical application system; and cross-referencing the information about the end-user activities on the target business-critical application system against the one or more entry points associated with the fixed software object(s) at the target business-critical application system.

Abstract: A computer-based method is disclosed for checking a target computer system for unnecessary privileges. The method includes receiving, at a computer-based privileges checking system, a listing of all privileges available the target computer system; receiving, at the computer-based privileges checking system, information about end-user activities on the target computer system over a specified period of time; for each respective one of the end-user activities, querying a computer-based entry point finder for any privileges that were checked at the target system for that activity; and removing the privileges that were checked at the target system for the end-user activities from the listing of all privileges available at the target system to produce a listing of unnecessary privileges at the target system.

Abstract: A computer-based method of analyzing a business-critical application computer system includes extracting a plurality of software objects from the business-critical application computer system, storing the extracted software objects in a computer-based search platform, finding relationships between the extracted software objects that are stored in the computer-based search platform, and creating a database that represents the extracted software objects and the relationships between the extracted software objects. Each software object (a unique piece of code, a file, a data string, or other aspect of the business-critical application computer system) may represent an element of the business-critical application computer system whose graphical representation as a node connected to another node based on relationships, functional or otherwise, between the corresponding elements is desirable in view of a particular goal of the analysis.

Abstract: A computer-based method is disclosed for generating rules to detect security vulnerabilities in a target business-critical application computer system based on vulnerability primitives. The method includes running a computer-based entry point finder at the target business-critical application computer system so that the entry point finder can access and extract information about source code that is actually installed at the target business-critical application computer system. The computer-based entry point finder creates a graphical-style database that represents software objects extracted from the target business-critical application computer system and relationships between the extracted software objects.