公开(公告)号：US20240289259A1

公开(公告)日：2024-08-29

申请号：US18657412

申请日：2024-05-07

Applicant: salesforce.com, inc.

Inventor： Kaushal BANSAL ,  Prabtiat SINGH ,  Selim CIRACI

IPC: G06F11/36 ,  H04L9/40

CPC classification number: G06F11/368 ,  G06F11/3664 ,  G06F11/3692 ,  H04L63/20

Abstract: In an example, an apparatus may include a validation module configured to identify a security policy update from a security as code repository, wherein the identified security policy update is a candidate for deployment to a production environment having a plurality of attributes defined by an infrastructure as code repository; identify, from the plurality of attributes and using the infrastructure as code repository, individual attributes that correspond to the identified security policy update, wherein the identified individual attributes are identical to a subset of the plurality of attributes; generate a test environment based on the identified individual attributes; following deployment of the identified security policy update to the test environment, check for security exceptions or availability exceptions using the test environment; and output validation results based on a result of the checking.

公开(公告)号：US20230247006A1

公开(公告)日：2023-08-03

申请号：US17588054

申请日：2022-01-28

Applicant: salesforce.com, inc.

Inventor： Chaitanya PEMMARAJU ,  Joshua MEIER ,  Selim CIRACI

IPC: H04L9/40

CPC classification number: H04L63/029 ,  H04L63/0245 ,  H04L63/166 ,  H04L63/20

Abstract: A network protocol and architecture for extending trust between cloud domains of a same entity comprises adding, by egress logic executing on a first server, authentication information to a packet leaving a first cloud domain of the entity to indicate a source of the packet. The egress logic allows the packet to traverse to a target cloud domain of the entity. Ingress logic executing on a second server at the target cloud domain intercepts the packet and performs validation of the authentication information. Responsive to the authentication information passing validation, the ingress logic determines that the first cloud domain is trusted and allows the packet to proceed to a destination. Responsive to the authentication information failing validation, the ingress logic rejects the packet.

公开(公告)号：US20230244594A1

公开(公告)日：2023-08-03

申请号：US17587896

申请日：2022-01-28

Applicant: salesforce.com, inc.

Inventor： Kaushal BANSAL ,  Prabhat SINGH ,  Selim CIRACI

IPC: G06F11/36

CPC classification number: G06F11/368 ,  G06F11/3692 ,  G06F11/3664 ,  H04L63/20

Abstract: In an example, an apparatus may include a validation module configured to identify a security policy update from a security as code repository, wherein the identified security policy update is a candidate for deployment to a production environment having a plurality of attributes defined by an infrastructure as code repository; identify, from the plurality of attributes and using the infrastructure as code repository, individual attributes that correspond to the identified security policy update, wherein the identified individual attributes are identical to a subset of the plurality of attributes; generate a test environment based on the identified individual attributes; following deployment of the identified security policy update to the test environment, check for security exceptions or availability exceptions using the test environment; and output validation results based on a result of the checking. Other embodiments may be disclosed and/or claimed.