Abstract: Methods, systems, and devices for data processing in a computing system are described. The computing system may receive a notification of an update to network security objects hosted in diverse substrates within the computing system. The computing system may retrieve a network security policy for a service instance impacted by the update. The computing system may update the network security policy for the service instance according to a network security configuration of the hosting substrate. The computing system may translate the updated network security policy into access control lists (ACLs) for network entities managing communications between service instances within the computing system. The computing system may store the ACLs in respective data repositories that are accessible to the network entities. The computing system may transmit a notification that the ACLs are available for deployment, thereby causing the network entities to retrieve the ACLs from the respective data repositories.

Abstract: Database systems and methods are provided for securing an instance of a web application from vulnerabilities in third party libraries using a web application firewall. One method involves receiving, at a web application firewall between an application server and a client, vulnerability information associated with the web application, generating, at the web application firewall, executable code for securing the instance of the web application based at least in part on the vulnerability information, providing, by the web application firewall, the executable code to the client over a network, and thereafter detecting a vulnerable library associated with the instance of the web application, wherein the client executes the executable code to secure the instance of the web application in response to detecting the vulnerable library.

Abstract: Techniques are provided for thwarting attackers in a computing system which uses network management interfaces (NMIs). Before submitting NMI form data, a user computing device queries a server using a user id to obtain a signature which defines a shuffling map and random data such as a random key. The NMI form data is divided into portions and the random data is appended to each portion to provide respective data units, or buckets of data. The data units are then shuffled according to the shuffling map before being transmitted to a server, with the signature or an identifier of the signature included in a header. At the server, the data units are unshuffled to recover the data units, and the random data is removed to recover the form data portions. The instructions of the form data can then be executed.

Abstract: Methods, systems, and devices for data processing in a computing system are described. The computing system may receive a notification of an update to network security objects hosted in diverse substrates within the computing system. The computing system may retrieve a network security policy for a service instance impacted by the update. The computing system may update the network security policy for the service instance according to a network security configuration of the hosting substrate. The computing system may translate the updated network security policy into access control lists (ACLs) for network entities managing communications between service instances within the computing system. The computing system may store the ACLs in respective data repositories that are accessible to the network entities. The computing system may transmit a notification that the ACLs are available for deployment, thereby causing the network entities to retrieve the ACLs from the respective data repositories.

Abstract: A computer-implemented method is disclosed. The method includes receiving a request from a client device for a field value information in a view of a web client application that includes a web browser application. The method further includes generating a real value of the field value information that includes field value characters arranged in an original order, generating elements of the web browser application that includes several random characters and the field value characters, and assigning and positioning unique identity numbers within the elements. The method also includes arranging the elements in a random order different than the original order of the field value characters to form a protected text string, providing the protected text string and a protected rendering rule for rendering to the web browser application. The protected rendering rule causes the web client application to display the field value information for the intended user.

Abstract: First and second dashboards that provide a visual representation of respective intelligence information for a firewall may be generated. An indicator of correspondence between a first data element of the respective intelligence information for the first dashboard and a second data element of the respective intelligence information for the second dashboard may be displayed as an overlay of the first and second dashboards. Additionally, a guidance indicator that indicates an order to access respective values of the first dashboard, the second dashboard, and a third dashboard may be displayed based on an identifier of the first data element mapped to an identifier of the second data element and an identifier of the second data element mapped to an identifier of a third data element for the third dashboard. A summary window that provides a summary of intelligence dashboards of a user interface may be displayed.

Abstract: Devices, systems and methods are provided for remotely managing configuration of a networking device. One method of managing configuration of a networking device involves obtaining resources associated with one or more graphical user interface (GUI) displays of a web application for configuring the networking device, receiving a request to access the web application, and in response to the request, determining a representative value for the resources as a function of a current state of the resources, obtaining a reference value for the resources that reflects a validated state of the resources, and instantiating the web application using the resources when the representative value matches the reference value.

Abstract: Techniques are provided for thwarting attackers in a computing system which uses network management interfaces (NMIs). Before submitting NMI form data, a user computing device queries a server using a user id to obtain a signature which defines a shuffling map and random data such as a random key. The NMI form data is divided into portions and the random data is appended to each portion to provide respective data units, or buckets of data. The data units are then shuffled according to the shuffling map before being transmitted to a server, with the signature or an identifier of the signature included in a header. At the server, the data units are unshuffled to recover the data units, and the random data is removed to recover the form data portions. The instructions of the form data can then be executed.

Abstract: A second opened instance of a user interface may be identified based on an indication of a first instance of the user interface. An instance indication element indicating the second opened instance of the user interface may be displayed based on the identified second opened instance of the user interface. An instance indication window may be displayed based on an interaction with the instance indication element. Data fields of the instance indication window may describe the first and second opened instances of the user interface. The instance indication window may include a scrollable element to reveal, according to their opening sequence, additional data fields for additional opened instances of the user interface. Data fields of the instance indication window may be updated/modified to include new descriptions for any opened instance of the user interface. Moreover, the instance indication window includes interactive elements for closing opened instances of the user interface.

Abstract: Methods, apparatuses, and computer-program products are disclosed. A method may include activating, in a processing entity, a connection agent and a manifest, the manifest including a data signature and an endpoint type that are associated with the processing entity. The method may include generating, based on the data signature, the endpoint type, or both, one or more load balanced dynamic endpoints configured for access, by the connection agent and via one or more application programming interfaces, to a repository including access configurations for the processing entity. The method may include retrieving, via the one or more load balanced dynamic endpoints and from the repository, one or more first access configurations of the plurality of access configurations and the one or more first access configurations may be associated with the processing entity.

Abstract: Database systems and methods are provided for securing an instance of a web application from vulnerabilities in third party libraries using a web application firewall. One method involves receiving, at a web application firewall between an application server and a client, vulnerability information associated with the web application, generating, at the web application firewall, executable code for securing the instance of the web application based at least in part on the vulnerability information, providing, by the web application firewall, the executable code to the client over a network, and thereafter detecting a vulnerable library associated with the instance of the web application, wherein the client executes the executable code to secure the instance of the web application in response to detecting the vulnerable library.

Abstract: System and method for network address based blocking for multiple substrates. The method includes receiving a block request to block one or more network addresses. The method also includes storing the one or more network addresses in a block list at a database repository. The block list includes a data structure with advanced schema. The advanced schema is configurable to allow for downstream processing of the block list across multiple substrates. The block list is used to block incoming traffic from or outgoing traffic to the one or more network addresses at accounts across the multiple substrates.

Abstract: Methods and systems for data processing and troubleshooting at a query management service are described. The query management service may receive, via a proxy between the query management service and a communication service, an indication of a query from a user of the communication service. The query management service may determine an intent of the query based on using a third-party natural language processing (NLP) model and customized logic to analyze the query. The query management service may obtain query results based on executing, within a distributed computing environment that includes the query management service and a set of multi-substrate network security services, a sequence of actions, that correspond to the intent of the query. The query management service may transmit an indication of the query results to the communication service, where the query results are rendered according to feedback information received from the user.

Abstract: Methods, systems, and devices for data processing in a computing system are described. The computing system may receive a notification of an update to network security objects hosted in diverse substrates within the computing system. The computing system may retrieve a network security policy for a service instance impacted by the update. The computing system may update the network security policy for the service instance according to a network security configuration of the hosting substrate. The computing system may translate the updated network security policy into access control lists (ACLs) for network entities managing communications between service instances within the computing system. The computing system may store the ACLs in respective data repositories that are accessible to the network entities. The computing system may transmit a notification that the ACLs are available for deployment, thereby causing the network entities to retrieve the ACLs from the respective data repositories.

Abstract: A header and a timestamp element for the header may be generated based on a request to process data for a page of a user interface. A tooltip with descriptive information for the timestamp element may be generated and displayed based on proximity of an interactive element to the timestamp element, and a page representation window may be displayed based on an interaction with the timestamp element. The page representation window includes a representation of the data field and its content that is indicative of how the data field and its content existed at a time of the request to process data. Moreover, an indicator of correspondence between the timestamp element and the page representation window may be displayed. Based on interaction with a settings indicator element, a header settings window for modifying settings for the header may be displayed with view options (e.g., all, custom, etc.) for data submissions.

Abstract: A method for protecting against sensitive data disclosure includes receiving a user request to launch a web application in a web browser; loading code for the web application in the web browser; requesting session initialization from a web server; and receiving a dynamically and randomly generated URL map specific to a session from the web server, wherein the URL map identifies a plurality of randomly generated URL positions and for each URL position a randomly generated number of characters to skip. The method further includes modifying sensitive information associated with a URL in accordance with the URL map; transmitting the URL with the modified sensitive information to the web server; and receiving a requested data object from the web server, wherein the web server decoded the URL with the modified sensitive information to recover the sensitive information and used the decoded URL to access the data object.