Abstract: Various embodiments comprise systems and methods to generate privacy audit reports for web applications. In some examples a computing system comprises a data extraction component, a risk assessment component, and an exposure component. The data extraction component crawls a web application and identifies data, data exposure points, and security policies implemented by the web application. The risk assessment component generates a risk score for the web application based on the amount data, the data sensitivity, the amount and type of data exposure points, and the security policies. The risk assessment component generates the privacy audit report for the web application. The privacy audit report comprises the risk score, an inventory of data types, an inventory of the data exposure points, and a graphical representation of historical risk scores. The exposure component transfers the privacy audit report for delivery to an operator of the web application.

Abstract: The technology described herein is directed towards a system that provides a user propagated search platform. The system maintains campaign data for offers that when active, are made available to users of the platform. When a user of a (typically mobile) device selectively attaches to an active offer, the user device clones that offer, and as the user device travels, propagates the clone of the offer to other users (their user devices) for potential attachment. Those other users can in turn attach to the clone, to facilitate further propagation. The campaign data, as provided by a campaign producer such as a merchant, can specify various parameters, including location areas for attachment and clone travel, start and end times for a campaign's offer, different zones that can control different clone-related actions, and incentives for a user to attach to and propagate a clone of an offer.

Abstract: Techniques to facilitate adaptive sampling of security policy violations are disclosed herein. In at least one implementation, a variable sampling rate for sampling a fixed amount of security policy violation reports per unit time based on a violation rate is determined. The variable sampling rate is applied to sample the fixed amount of the security policy violation reports per unit time. When the violation rate exceeds a threshold, the variable sampling rate is switched to a fixed sampling rate for sampling a variable amount of the security policy violation reports per unit time. The fixed sampling rate is applied to sample the variable amount of the security policy violation reports per unit time.

Abstract: Techniques to facilitate automatic insertion of security policies for web applications are disclosed herein. In at least one implementation, security configuration information for a web application is received. A web request for a web resource is received and processed to determine an HTTP security header for insertion into a web response to the web request based on properties of the web request. The web response is intercepted and the HTTP security header is inserted into the web response to generate a modified web response. The web response is processed to determine a security enhancement to apply to the web resource based on the security configuration information. The security enhancement is applied to the web resource to generate a modified web resource. The modified web response and the modified web resource are provided to a client application in response to the web request for the web resource.

Abstract: Techniques to facilitate operation of a centralized trust authority for web application components are disclosed herein. In at least one implementation, a plurality of web resources used to construct web applications is received. Over a secure application programming interface (API), component registration information associated with each of the plurality of web resources is received, provided by producers of the web resources. The plurality of web resources is analyzed to determine unique identities and security attributes for each of the web resources. A plurality of security risk factors is identified for each of the plurality of web resources based on the component registration information and the security attributes determined for each of the web resources. A security profile is generated for each of the plurality of web resources based on the security risk factors identified for each of the web resources.

Abstract: Techniques to facilitate protection of web application components are disclosed herein. In at least one implementation, a plurality of web resources associated with a web applications is received. The plurality of web resources is processed to generate individual generalized code templates for each of the web resources by removing data constants and code formatting elements from the web resources. A set of the individual generalized code templates for each of the web resources is stored in a probabilistic data structure. A security web module comprising the probabilistic data structure having the set of the individual generalized code templates for each of the web resources stored therein is deployed to protect the web application.

Abstract: The technology described herein is directed towards a system that provides a user propagated search platform. The system maintains campaign data for offers that when active, are made available to users of the platform. When a user of a (typically mobile) device selectively attaches to an active offer, the user device clones that offer, and as the user device travels, propagates the clone of the offer to other users (their user devices) for potential attachment. Those other users can in turn attach to the clone, to facilitate further propagation. The campaign data, as provided by a campaign producer such as a merchant, can specify various parameters, including location areas for attachment and clone travel, start and end times for a campaign's offer, different zones that can control different clone-related actions, and incentives for a user to attach to and propagate a clone of an offer.

Abstract: Techniques to facilitate operation of a centralized trust authority for web application components are disclosed herein. In at least one implementation, a plurality of web resources used to construct web applications is received. Over a secure application programming interface (API), component registration information associated with each of the plurality of web resources is received, provided by producers of the web resources. The plurality of web resources is analyzed to determine unique identities and security attributes for each of the web resources. A plurality of security risk factors is identified for each of the plurality of web resources based on the component registration information and the security attributes determined for each of the web resources. A security profile is generated for each of the plurality of web resources based on the security risk factors identified for each of the web resources.

Abstract: In a turbomachine having an inlet, a compressor, and a turbine, a closed loop sends fluid from a stage of the compressor to a heat exchanger in the turbine and to the inlet. The closed loop heats the fluid, cools the turbine, and delivers heated fluid to the inlet. A mixer can be interposed between the heat exchanger and the inlet to mix fluid from the heat exchanger with compressor discharge fluid, delivering the mixed fluid to the inlet. The mixer can control flow received so that desired temperature and/or flow rate can be provided to the inlet.

Abstract: A computer-implemented method for enhancing social networking content may include 1) identifying social networking content accessed from a social networking site, 2) parsing the social networking content to identify at least one content item that is potentially referenced in at least one of a plurality of social networking sites, 3) searching the plurality of social networking sites for an additional content item that relates to the content item, and 4) enhancing the social networking content with the additional content item. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: In a turbomachine having an inlet, a compressor, and a turbine, a closed loop sends fluid from a stage of the compressor to a heat exchanger in the turbine and to the inlet. The closed loop heats the fluid, cools the turbine, and delivers heated fluid to the inlet. A mixer can be interposed between the heat exchanger and the inlet to mix fluid from the heat exchanger with compressor discharge fluid, delivering the mixed fluid to the inlet. The mixer can control flow received so that desired temperature and/or flow rate can be provided to the inlet.

Abstract: A computer-implemented method for using cloud-based storage to optimize data-storage operations may include: 1) receiving a request from a client device for instructions or directions for storing a data object, 2) accessing a data-placement policy that contains criteria for identifying storage systems suitable for storing the data object, 3) identifying, based at least in part on the data-placement policy, a plurality of storage systems for storing the data object, at least one of the storage systems including a third-party Internet-based storage system, and then 4) directing the client device to store the data object on the identified storage systems.

Abstract: A computer-implemented method for monitoring a mobile-computing device using geo-location information is disclosed. The method may include a learning phase. During the learning phase, a user may be located within a first range of physical locations during a recurring time period. The method may include generating a location profile for a mobile-computing device of the user and receiving a device-monitoring policy for the mobile-computing device from an administrator. The location profile may correlate the first range of physical locations with the recurring time period. The method may further include detecting, after the learning phase, that the mobile-computing device is outside the first range of physical locations during a first instance of the recurring time period. The method may also include implementing the device-monitoring policy after detecting that the mobile-computing device is outside the first range of physical locations during the first instance of the recurring time period.

Abstract: A method processing one or more files using a security application. The method includes a method processing one or more files using a security application. The method includes connecting the client to a proxy server, which is coupled to one or more NAS servers. The method includes requesting for a file from a client to the proxy server and authenticating a requesting user of the client. The method also includes authorizing the requesting user for the file requested; requesting for the file from the one or more NAS servers after authenticating and authorizing; and requesting for the file from the one or more storage elements. The file is transferred from the one or more storage elements through the NAS server to the proxy server. The method determines header information on the file at the proxy server and identifies a policy based upon the header information at the proxy server. The method also includes processing (e.g.

Abstract: A method processing one or more files using a security application. The method includes a method processing one or more files using a security application. The method includes connecting the client to a proxy server, which is coupled to one or more NAS servers. The method includes requesting for a file from a client to the proxy server and authenticating a requesting user of the client. The method also includes authorizing the requesting user for the file requested; requesting for the file from the one or more NAS servers after authenticating and authorizing; and requesting for the file from the one or more storage elements. The file is transferred from the one or more storage elements through the NAS server to the proxy server. The method determines header information on the file at the proxy server and identifies a policy based upon the header information at the proxy server. The method also includes processing (e.g.

Abstract: A method for reconfiguring network security devices coupled to a network directory services server, the network directory services server providing network directory services to the network security devices, includes the steps of storing configuration data for a first network security device at a pre-determined directory location, copying the configuration data from the predetermined directory location to a directory used by the first network security device using the network directory services in response to a first reconfigure request, and updating configuration of the first network security device according to the configuration data in the directory used by the first network security device.

Abstract: A method for configuring a plurality of network security devices, includes the steps of providing a network directory services server providing network directory services to a plurality of network servers, each of the plurality of network servers coupled to one of the plurality of network security devices, implementing a security policy for the plurality of network security devices on the network directory services server, and using the network directory services to provide configuration information for the plurality of network security devices, in response to the security policy.