Techniques for identifying network attack paths

What is claimed is: 1. A method for identifying exploitable security vulnerabilities in a computing environment, the computing environment comprising a plurality of network resources and network connections therebetween, the method comprising: using at least one computer hardware processor to perform: obtaining metadata indicating a set of network resources in the plurality of network resources and network connections among network resources in the set of network resources; generating, using the metadata, a first relational representation of the set of network resources, the first relational representation comprising at least one network connection table indicating network resources in the set of network resources and network connections among the network resources in the set of network resources; generating, using the first relational representation, a second relational representation of a plurality of network paths, the second relational representation comprising at least one network path table indicating the plurality of network paths between network resources in the set of network resources, at least one of the plurality of network paths comprising one or more of the set of network resources between a pair of the set of the network resources; and identifying, from among the plurality of network paths and using the second relational representation and information indicating one or more of the plurality of network resources that have at least one respective security vulnerability, one or more network attack paths that may be used to exploit one or more security vulnerabilities of network resources in the set of network resources. 2. The method of claim 1 , wherein generating the first relational representation of the set of network resources using the metadata comprises generating the at least one network connection table using the metadata. 3. The method of claim 2 , wherein the metadata contains information indicating values of attributes of individual network resources in the set of network resources, information indicating values of attributes of the network connections among the network resources in the set of network resources, and information indicating values of attributes of the plurality of network paths, and wherein generating the at least one network connection table using the metadata comprises: generating at least one network resource table using the information indicating the values of attributes of the individual network resources in the set of network resources; and generating the at least one network connection table using the information indicating the values of attributes of the network connections among the network resources in the set of network resources; wherein generating the second relational representation comprises generating the at least one network path table using the information indicating the values of attributes of the plurality of network paths; and the method further comprising storing the at least one network resource table, the at least one network connection table, and the at least one network path table in at least one datastore. 4. The method of claim 1 , further comprising storing at least one of the first relational representation or the second relational representation in at least one datastore. 5. The method of claim 1 , further comprising: after identifying the one or more network attack paths, generating at least one network attack path table storing information specifying the one or more network attack paths; and storing the at least one network attack path table in at least one datastore. 6. The method of claim 1 , further comprising: generating a risk score for each of the one or more network attack paths, the risk score representing a degree to which a network attack path may be used to exploit the one or more security vulnerabilities of the network resources in the set of network resources; storing the risk score for each of the one or more network attack paths in at least one table; and outputting a ranking of the one or more network attack paths based on their respective risk scores. 7. The method of claim 1 , wherein generating the plurality of network paths comprises applying a graph traversal technique to data stored in the first relational representation. 8. The method of claim 7 , wherein applying the graph traversal technique comprises performing a breadth first search, a depth first search, or a combination of breadth first search and depth first search. 9. The method of claim 1 , wherein a first network path of the plurality of network paths comprises a first network resource in the set of network resources, the one or more security vulnerabilities comprise a first security vulnerability, the method further comprising: determining that at least one portion of the first relational representation corresponding to the first network resource conforms to a network attack path definition defining the first security vulnerability; and identifying the first network resource to have the first security vulnerability based on the at least one portion of the first relational representation conforming to the network attack path definition. 10. The method of claim 1 , further comprising: determining that a network resource in the plurality of network resources is a vulnerable network resource based on the network resource having at least one security vulnerability; determining that one or more network resources in the set of network resources have a respective network connection to the vulnerable network resource; and identifying the one or more network resources as exploitable network resources based on the one or more network resources having the respective network connection to the vulnerable network resource. 11. A network attack path identification system comprising: at least one non-transitory computer readable storage medium storing instructions; and at least one computer hardware processor to execute the instructions to perform a method for identifying exploitable security vulnerabilities in a computing environment, the computing environment comprising a plurality of network resources and network connections therebetween, the method comprising: obtaining metadata indicating a set of network resources in the plurality of network resources and network connections among network resources in the set of network resources; generating, using the metadata, a first relational representation of the set of network resources, the first relational representation comprising at least one network connection table indicating network resources in the set of network resources and network connections among the network resources in the set of network resources; generating, using the first relational representation, a second relational representation of a plurality of network paths, the second relational representation comprising at least one network path table indicating the plurality of network paths between network resources in the set of network resources, at least one of the plurality of network paths comprising one or more of the set of network resources between a pair of the set of the network resources; and identifying, from among the plurality of network paths and using the second relational representation and information indicating one or more of the plurality of network resources that have at least one respective security vulnerability, one or more network attack paths that may be used to exploit one or more security vulnerabilities of network resources in the set of network resources. 12. The network attack path identification system of claim 11 , wherein the metadata contains information indicating valu