Information security – Monitoring or scanning of software or data including attack... – Vulnerability assessment
Reexamination Certificate
2006-02-07
2006-02-07
Smithers, Matthew (Department: 2137)
Information security
Monitoring or scanning of software or data including attack...
Vulnerability assessment
C726S022000
Reexamination Certificate
active
06996845
ABSTRACT:
An automated Web security analysis system and process identifies security vulnerabilities in a target Internet Web site by parsing through the target Web site to search for a predetermined list of common security vulnerabilities. The process is recursive, exploiting information gathered throughout the process to search for additional security vulnerabilities. A prioritized list of detected security vulnerabilities is then presented to a user, including preferably a list of recommendations to eliminate the detected security vulnerabilities.
REFERENCES:
patent: 4975950 (1990-12-01), Lentz
patent: 5121345 (1992-06-01), Lentz
patent: 5421006 (1995-05-01), Jablon et al.
patent: 5440723 (1995-08-01), Arnold et al.
patent: 5454000 (1995-09-01), Dorfman
patent: 5509076 (1996-04-01), Sprunk
patent: 5557742 (1996-09-01), Smaha et al.
patent: 5621889 (1997-04-01), Lermuzeaux et al.
patent: 5684957 (1997-11-01), Kondo et al.
patent: 5699403 (1997-12-01), Ronnen
patent: 5795942 (1998-08-01), Esbensen
patent: 5805801 (1998-09-01), Holloway et al.
patent: 5842002 (1998-11-01), Schnurer et al.
patent: 5870559 (1999-02-01), Leshem et al.
patent: 5892903 (1999-04-01), Klaus
patent: 5919258 (1999-07-01), Kayashima et al.
patent: 5931946 (1999-08-01), Terada et al.
patent: 5958008 (1999-09-01), Pogrebisky et al.
patent: 5961644 (1999-10-01), Kurtzberg et al.
patent: 5974549 (1999-10-01), Golan
patent: 5982890 (1999-11-01), Akatsu
patent: 5983348 (1999-11-01), Ji
patent: 5991881 (1999-11-01), Conklin et al.
patent: 6044398 (2000-03-01), Marullo et al.
patent: 6138157 (2000-10-01), Welter et al.
patent: 6145003 (2000-11-01), Sanu et al.
patent: 6185689 (2001-02-01), Todd et al.
patent: 6185701 (2001-02-01), Marullo et al.
patent: 6584569 (2003-06-01), Reshef et al.
patent: 6631408 (2003-10-01), Welter et al.
patent: 2002/0023059 (2002-02-01), Bari et al.
patent: 36 21 106 (1968-01-01), None
patent: 0 329 415 (1989-08-01), None
patent: 6324972 (1994-11-01), None
patent: 07262135 (1995-10-01), None
patent: 11316677 (1999-11-01), None
patent: WO 98/42103 (1998-09-01), None
patent: WO 99/21335 (1999-04-01), None
patent: WO 99/35583 (1999-07-01), None
patent: WO 99/56195 (1999-11-01), None
patent: WO 99/56196 (1999-11-01), None
patent: WO 99/59292 (1999-11-01), None
patent: WO 99/68383 (1999-12-01), None
Garfinkel, Simson et al., “Secure CGI/API Programming,” www.w3journal.com, Excerpted from Web Security & Commerce, 1997, pp. 1-16, O'Reilly & Associates.
Puppy, Rain Forest, “A lock at whisker's anti-IDS tactics: Just how bad can we ruin a good thing?,” www.wiretrip.net, pp. 1-8.
“The ELZA ” and “The ELZA Project Manifesto,” www.stoev.org, pp. 1-4.
Stewart, John N., “Tools for Web Security,” webserver.cpg.com, Jan. 1998, pp. 1-4.
Mudge, “BoS: test-cgi problem,” www.tao.ca, Apr. 22, 1996, pp. 1-2.
Puppy, Rain Forest, “Linux Weekly News,” old.lwn.net, Oct. 20, 1999, pp. 1-2.
Farmer, Dan et al., “Improving the Security of Your Site by Breaking into it,” www.fish.com, 1993, pp. 1-18.
Halperin, John et al., “Safe CGI Programming,” www.improving.org, Sep. 3, 1995, pp. 1-6.
“CWSApps Listing (with download) for Incontext WebAnalyzer,” cws.internet.com, Aug. 22, 1996, pp. 1-2.
Chi, Ed H. et al., Visualizing the Evolution of Web Ecologies, citeseer,nj.nec.com, 1998, pp. 1-9.
Pond, Weld, “L0pht Security Advisory,” www.atstake.com, Dec. 12, 1996, pp. 1-2.
Daniels, Tim, “NetCarta's WebMapper: O! What a Tangled Web We Unweave,” www.winnetmag.com, Sep. 1996, pp. 1-6.
Strom, David, “Webmapper v 2.0 beta,” www.strom.com, Infoworld, 1997, pp. 1-2, Infoworld Publishing Co.
“Urgent Security Announcement,” www.perl.com, Dec. 1995, p. 1.
Prymmer, Peter, “Nipert cgi-bin danger,” w4.Ins.comell.edu, Dec. 21, 1996, pp. 1-13.
Knorr, Konstantin et al., “Security of Electronic Business Applications: Structure and Quantification, (2000),” citeseer.nj.nec.com, pp. 1-13.
Weeks, Judson D. et al., “CCI-Based Web Security: A Design Using PGP,” Fourth International World Wide Web Conference Proceedings, The World Wide Web Journal (www.w3journal.com), Winter 1996, vol. I, Issue 1, pp. 1-24, O'Reilly & Associates.
Hammond, Nicolas, “How to Remotely Audit a Secure Web Server,” Presentation to SANS, www.njh.com, Oct. 7, 1999, pp. 1-29.
Yang, Ji-Tzay et al., “A Tool Set to Support Web Application Testing,” Proc. of the 1998 International Computer Symposium (ICS), Oct. 1998, pp. 1-8, Department of Computer Science and Information Engineering, National Chiao-Tung University, Taiwan, ROC.
McGraw, Gary et al., “Untangling the Woven Web: Testing Web-based Software,” www.rstcorp.com, Apr. 1, 1996, pp. 1-8, Reliable Software Technologies Corporation.
Bannan, Karen J., “The InternetUser Guide to 50 Essential Downloads,” PC Magazine, Jun. 1, 1997, pp. 1-18, vol. 16, No. IU.
“Internet Security Software Intro'd Aug. 20, 1996,” Newsbytes, pp. 1-3, Information Access Company.
“Web server software looks for trouble. Will begin shipping Web Security Scanner, software that lets users check for 100 weak areas,” Network Wold, Aug. 19, 1996, p. 1, Information Access Company.
“Buyer's Guide: Web Server Comucopia,” Communications Week, Jun. 2, 1997, p. 1-3, CMP Publications Inc.
“Internet Security Systems: Internet Security now shipping network security solutions for Windows NT,” M2 Presswire, Nov. 27, 1996, pp. 1-3, M2 Communications.
“SAFEsuite is evaluated the protection of the network,” babelfish.altavista.com, Cetn, Feb. 1997, pp. 66-69.
Stoev, Philip, “ELZA.txt,” phiphi.hypemart.net, pp. 1-22.
Stoev, Philip, “ELZA 2.txt,” phiphi.hypemart.net, pp. 1-2.
“Improving Your Network Security Using SATAN,” www.cs.umbc.edu, Oct. 25, 1995, pp. 1-3.
Garfinkel, Simson L., “SATAN Uncovers High Risk of Web Attack: Software Program's Study Details Wide Problems with Security,” www.simson.net, Dec. 19, 1996, pp. 1-3.
“Testing Methodology,” www.trouble.org, Dec. 1996, pp. 1-3.
“The SATAN Configuration File,” www.procupine.org, Dec. 1996, pp. 1-5.
“SATAN Configuration Management,” www.porcupine.org, Dec. 1996, pp. 1-3.
“SATAN Rulesets,” www.porcupine.org, Dec. 1996, pp. 1-4.
“SATAN Database Format,” www.porcupine.org, Dec. 1996, pp. 1-3.
“SiteSweeper 1.0,” LexisNexis, www.nexis.com, Feb. 24, 1997, pp. 1-2, CMP Media Inc.
“Internet Probe Droid,” lib.ru/security/ipd.txt, Sep. 29, 1997, pp. 1-15.
Barrall Darrin Ray
Hurst Dennis Wayne
Sima Caleb Ikaki
S.P.I. Dynamics Incorporated
Smithers Matthew
Stites & Harbison PLLC
LandOfFree
Internet security analysis system and process does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Internet security analysis system and process, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Internet security analysis system and process will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3667413