Abstract: A method includes extracting from a computer-based system, (e.g., a role-based access control system) information identifying users and information identifying one or more profiles for each of the users, creating one computer-based user bloom filter for each one of the users, creating one computer-based profile bloom filter for each one of the profiles and creating one action bloom filter for each of a plurality of possible end user queries. Each profile corresponds to one or more assigned authorizations, each user bloom filter correlates an associated one of the users to one or more of the assigned profiles, each profile bloom filter correlates an associated one of the profiles to one or more of the assigned authorizations, and each action bloom filter correlates an associated one of the possible end user queries to a set of users that are authorized to perform the action associated with the corresponding end user query.

Abstract: A method includes extracting from a computer-based system, (e.g., a role-based access control system) information identifying users and information identifying one or more profiles for each of the users, creating one computer-based user bloom filter for each one of the users, creating one computer-based profile bloom filter for each one of the profiles and creating one action bloom filter for each of a plurality of possible end user queries. Each profile corresponds to one or more assigned authorizations, each user bloom filter correlates an associated one of the users to one or more of the assigned profiles, each profile bloom filter correlates an associated one of the profiles to one or more of the assigned authorizations, and each action bloom filter correlates an associated one of the possible end user queries to a set of users that are authorized to perform the action associated with the corresponding end user query.

Abstract: A system for providing automated computer security compromise as a service, contains a web server having a web front end running on the web server. The Web server has stored therein pentest definitions. A command and control component processes the pentest definitions, builds pentest task tickets and reporting task tickets, and monitors at least one penetration tester component and/or at least one report generator component. The command and control component interacts with a cloud computing environment to scale up or down the number of penetration tester components and the number of report generator components, and assigns task tickets to the penetration tester and report generator components. At least one penetration tester component runs penetration testing modules available inside the penetration testing framework as instructed by the pentest task tickets. At least one reporter generator component generates reports based on the reporting tasks tickets generated by the command and control service.

Abstract: A system for providing automated computer security compromise as a service, contains a web server having a web front end running on the web server. The Web server has stored therein pentest definitions. A command and control component processes the pentest definitions, builds pentest task tickets and reporting task tickets, and monitors at least one penetration tester component and/or at least one report generator component. The command and control component interacts with a cloud computing environment to scale up or down the number of penetration tester components and the number of report generator components, and assigns task tickets to the penetration tester and report generator components. At least one penetration tester component runs penetration testing modules available inside the penetration testing framework as instructed by the pentest task tickets. At least one reporter generator component generates reports based on the reporting tasks tickets generated by the command and control service.