Abstract: Reference architecture pattern role data representing reference architecture pattern roles to be associated with entities taking part in the development, and/or deployment, and/or operation of an application is generated. Reference architecture pattern tier data representing reference architecture pattern tiers used to create, and/or deploy, and/or operate an application using the reference architecture pattern is generated. For each reference architecture pattern role at least one access and/or operational permission is associated with each reference architecture pattern tier. An entity is assigned one of the reference architecture pattern roles and for each reference architecture pattern tier, the entity is automatically provided the at least one access and/or operational permission associated with the reference architecture pattern role assigned to the entity.

Abstract: A virtual asset creation template associated with a class of virtual assets is identified and analyzed to identify and remedy vulnerabilities in the virtual asset creation template. If no vulnerability is identified in the virtual asset creation template, or once each vulnerability identified in the virtual asset creation template is remedied, each virtual asset of the virtual asset class generated using the virtual asset creation template is assigned an initial status of verified virtual asset. Instructions are generated for monitoring and detecting one or more trigger events in assets as well as instructions for implementing at least one responsive action associated with each of the one or more trigger events. Assets monitor and detect one or more trigger events and associated responsive actions are then performed upon the trigger event being detected.

Abstract: A method and system for automating threat model generation and pattern identification for an application includes identifying components of an application, and receiving security information that identifies whether security measures were implemented within the application to secure the application against security threats. The method further receives an identification of external events, and receiving first patterns from one or more first virtual assets. A database is populated with the first patterns and the external events and then second patterns are received and compared to the first patterns. The method and system include distributing the identification of the one of the external events to the one or more second virtual assets, if the second patterns are similar to the first patterns, according to one embodiment.

Abstract: An application is implemented in the production environment in which the application will be used. Fabricated user data associated with the application implemented in the production environment is then generated and provided to the application as implemented in the production environment. The fabricated user data is then processed by the application in the production environment to transform the fabricated user data into fabricated user results data. In one embodiment, the fabricated user results data is then analyzed to evaluate the production environment and/or operation of the application in the production environment.

Abstract: One or more relevant scanners used to identify asset vulnerabilities are identified, obtained, and logically arranged for deployment on an asset in accordance with a vulnerability management policy and a scanner deployment policy such that the relevant scanners are deployed at, or before, a determined ideal time to minimize the resources necessary to correct the vulnerabilities, if found. The relevant scanners are then automatically deployed in accordance with the scanner deployment policy and, if a vulnerability is identified, one or more associated remedies or remedy procedures are applied to the asset. At least one of the one or more relevant scanners are then re-deployed on the asset to determine if the identified vulnerability has been corrected and, if the vulnerability is not corrected at, or before, a defined time, protective measures are automatically taken.

Abstract: An application is implemented in the production environment in which the application will be used. Two or more backend systems are used to implement different versions of the application using the production environment in which the application will actually be used and accessed. Actual user data is received. A first portion of the actual user data is routed and processed in the production environment using a first version of the application and a first backend system of the two or more backend systems. A second portion of the actual user data is also routed and processed in the production environment but using a second version of the application and a second backend system of the two or more backend systems. The results data is then analyzed to evaluate the various versions of the application in the production environment.

Abstract: A method and system for automating threat model generation and pattern identification for an application includes identifying components of an application, and receiving security information that identifies whether security measures were implemented within the application to secure the application against security threats. The method further receives an identification of external events, and receiving first patterns from one or more first virtual assets. A database is populated with the first patterns and the external events and then second patterns are received and compared to the first patterns. The method and system include distributing the identification of the one of the external events to the one or more second virtual assets, if the second patterns are similar to the first patterns, according to one embodiment.

Abstract: Reference architecture pattern role data representing reference architecture pattern roles to be associated with entities taking part in the development, and/or deployment, and/or operation of an application is generated. Reference architecture pattern tier data representing reference architecture pattern tiers used to create, and/or deploy, and/or operate an application using the reference architecture pattern is generated. For each reference architecture pattern role at least one access and/or operational permission is associated with each reference architecture pattern tier. An entity is assigned one of the reference architecture pattern roles and for each reference architecture pattern tier, the entity is automatically provided the at least one access and/or operational permission associated with the reference architecture pattern role assigned to the entity.

Abstract: Asset security compliance data ensuring defined asset security policies are applied to the creation and/or operation of assets to be used to implement an application and application deployment security compliance data for ensuring compliance with one or more application deployment security policies associated with the deployment of assets used to implement the application is generated. The asset security compliance data is then used to ensure each asset used to implement the application is created and used in compliance with asset security policies and the application deployment security compliance data is used to ensure that each asset used to implement the application is deployed in compliance with the application deployment security policies.

Abstract: A virtual asset creation template associated with a class of virtual assets is identified and analyzed to identify and remedy vulnerabilities in the virtual asset creation template. If no vulnerability is identified in the virtual asset creation template, or once each vulnerability identified in the virtual asset creation template is remedied, each virtual asset of the virtual asset class generated using the virtual asset creation template is assigned an initial status of verified virtual asset. Instructions are generated for monitoring and detecting one or more trigger events in assets as well as instructions for implementing at least one responsive action associated with each of the one or more trigger events. Assets monitor and detect one or more trigger events and associated responsive actions are then performed upon the trigger event being detected.

Abstract: A method and system for automating threat model generation for an application includes identifying components of an application, receiving security information that identifies whether security measures were implemented within the application to secure the application against security threats, determining whether the security measures sufficiently address security risks associated with the security threats, and providing a threat model that includes a report that identifies components of the application that have been sufficiently (or insufficiently) secured from the security threats, according to one embodiment. In one embodiment, determining whether the security measures sufficiently address the security risks can include transmitting first queries, receiving responses to the first queries, and transmitting subsequent queries based at least in part on the responses to the first queries.

Abstract: One or more relevant scanners used to identify asset vulnerabilities are identified, obtained, and logically arranged for deployment on an asset in accordance with a vulnerability management policy and a scanner deployment policy such that the relevant scanners are deployed at, or before, a determined ideal time to minimize the resources necessary to correct the vulnerabilities, if found. The relevant scanners are then automatically deployed in accordance with the scanner deployment policy and, if a vulnerability is identified, one or more associated remedies or remedy procedures are applied to the asset. At least one of the one or more relevant scanners are then re-deployed on the asset to determine if the identified vulnerability has been corrected and, if the vulnerability is not corrected at, or before, a defined time, protective measures are automatically taken.

Abstract: Reference architecture pattern role data representing reference architecture pattern roles to be associated with entities taking part in the development, and/or deployment, and/or operation of an application is generated. Reference architecture pattern tier data representing reference architecture pattern tiers used to create, and/or deploy, and/or operate an application using the reference architecture pattern is generated. For each reference architecture pattern role at least one access and/or operational permission is associated with each reference architecture pattern tier. At least one entity is assigned one of the reference architecture pattern roles and for each reference architecture pattern tier, the at least one entity is automatically provided the at least one access and/or operational permission associated with the reference architecture pattern role assigned to the entity.

Abstract: Virtual resource specific discovery agents are instantiated in a first computing environment including internal resource specific data collection logic for directing and allowing the virtual resource specific discovery agents to collect data from a specific resource, or resource type, assigned to the virtual resource specific discovery agents. The virtual resource specific discovery agents then collect data from the specific resource, or resource type, assigned to the virtual resource specific discovery agents and provide the data collected from the specific resource, or resource types to a computing environment modeling system. The computing environment modeling system then transforms the data into description data for the computing environment indicating a state of the first computing environment at a given time.

Abstract: An application is implemented in the production environment in which the application will be used. Two or more backend systems are used to implement different versions of the application using the production environment in which the application will actually be used and accessed. Actual user data is received. A first portion of the actual user data is routed and processed in the production environment using a first version of the application and a first backend system of the two or more backend systems. A second portion of the actual user data is also routed and processed in the production environment but using a second version of the application and a second backend system of the two or more backend systems. The results data is then analyzed to evaluate the various versions of the application in the production environment.

Abstract: A virtual asset creation template associated with a class of virtual assets is identified and analyzed to identify any vulnerabilities in the virtual asset creation template. If one or more vulnerabilities are identified in the virtual asset creation template, an appropriate remedy for each identified vulnerability identified in the virtual asset creation template is applied. If no vulnerability is identified in the virtual asset creation template, or once each vulnerability identified in the virtual asset creation template is remedied, each virtual asset of the virtual asset class generated using the virtual asset creation template is assigned an initial status of verified virtual asset.

Abstract: An application is implemented in the production environment in which the application will be used. Two or more backend systems are used to implement different versions of the application using the production environment in which the application will actually be used and accessed. Actual user data is received. A first portion of the actual user data is routed and processed in the production environment using a first version of the application and a first backend system of the two or more backend systems. A second portion of the actual user data is also routed and processed in the production environment but using a second version of the application and a second backend system of the two or more backend systems. The results data is then analyzed to evaluate the various versions of the application in the production environment.

Abstract: One or more relevant scanners used to identify asset vulnerabilities are identified, obtained, and logically arranged for deployment on an asset in accordance with a vulnerability management policy and a scanner deployment policy such that the relevant scanners are deployed at, or before, a determined ideal time to minimize the resources necessary to correct the vulnerabilities, if found. The relevant scanners are then automatically deployed in accordance with the scanner deployment policy and, if a vulnerability is identified, one or more associated remedies or remedy procedures are applied to the asset. At least one of the one or more relevant scanners are then re-deployed on the asset to determine if the identified vulnerability has been corrected and, if the vulnerability is not corrected at, or before, a defined time, protective measures are automatically taken.

Abstract: A method and system for automating threat model generation for an application includes identifying components of an application, receiving security information that identifies whether security measures were implemented within the application to secure the application against security threats, determining whether the security measures sufficiently address security risks associated with the security threats, and providing a threat model that includes a report that identifies components of the application that have been sufficiently (or insufficiently) secured from the security threats, according to one embodiment. In one embodiment, determining whether the security measures sufficiently address the security risks can include transmitting first queries, receiving responses to the first queries, and transmitting subsequent queries based at least in part on the responses to the first queries.

Abstract: Reference architecture pattern role data representing reference architecture pattern roles to be associated with entities taking part in the development, and/or deployment, and/or operation of an application is generated. Reference architecture pattern tier data representing reference architecture pattern tiers used to create, and/or deploy, and/or operate an application using the reference architecture pattern is generated. For each reference architecture pattern role at least one access and/or operational permission is associated with each reference architecture pattern tier. At least one entity is assigned one of the reference architecture pattern roles and for each reference architecture pattern tier, the at least one entity is automatically provided the at least one access and/or operational permission associated with the reference architecture pattern role assigned to the entity.