Information security – Monitoring or scanning of software or data including attack... – Vulnerability assessment
Reexamination Certificate
2007-06-26
2007-06-26
Arani, Taghi T. (Department: 2131)
Information security
Monitoring or scanning of software or data including attack...
Vulnerability assessment
C709S241000, C709S203000, C709S219000, C709S225000, C714S037000, C714S038110, C714S039000, C714S047300
Reexamination Certificate
active
10393497
ABSTRACT:
A method for detecting security vulnerabilities in a web application includes analyzing the client requests and server responses resulting therefrom in order to discover pre-defined elements of the application's interface with external clients and the attributes of these elements. The client requests are then mutated based on a pre-defined set of mutation rules to thereby generate exploits unique to the application. The web application is attacked using the exploits and the results of the attack are evaluated for anomalous application activity.
REFERENCES:
patent: 4734853 (1988-03-01), Nakano
patent: 5073933 (1991-12-01), Rosenthal
patent: 5166977 (1992-11-01), Ross
patent: 5191611 (1993-03-01), Lang
patent: 5220604 (1993-06-01), Gasser et al.
patent: 5224163 (1993-06-01), Gasser et al.
patent: 5237693 (1993-08-01), Kiyohara et al.
patent: 5257369 (1993-10-01), Skeen et al.
patent: 5315657 (1994-05-01), Abadi et al.
patent: 5347578 (1994-09-01), Duxbury
patent: 5392390 (1995-02-01), Crozier
patent: 5485409 (1996-01-01), Gupta et al.
patent: 5557798 (1996-09-01), Skeen et al.
patent: 5559800 (1996-09-01), Mousseau et al.
patent: 5566236 (1996-10-01), MeLampy et al.
patent: 5566326 (1996-10-01), Hirsch et al.
patent: 5611048 (1997-03-01), Jacobs et al.
patent: 5623601 (1997-04-01), Vu
patent: 5629981 (1997-05-01), Nerlikar
patent: 5657390 (1997-08-01), Elgamal et al.
patent: 5659547 (1997-08-01), Scarr et al.
patent: 5673322 (1997-09-01), Pepe et al.
patent: 5699518 (1997-12-01), Held et al.
patent: 5701451 (1997-12-01), Rogers et al.
patent: 5715453 (1998-02-01), Stewart
patent: 5724355 (1998-03-01), Bruno et al.
patent: 5774695 (1998-06-01), Autrey et al.
patent: 5778189 (1998-07-01), Kimura et al.
patent: 5793966 (1998-08-01), Amstein et al.
patent: 5805823 (1998-09-01), Seitz
patent: 5812763 (1998-09-01), Teng
patent: 5828893 (1998-10-01), Wied et al.
patent: 5850388 (1998-12-01), Anderson et al.
patent: 5870544 (1999-02-01), Curtis
patent: 5870559 (1999-02-01), Leshem et al.
patent: 5881232 (1999-03-01), Cheng et al.
patent: 5892900 (1999-04-01), Ginter et al.
patent: 5892903 (1999-04-01), Klaus
patent: 5908469 (1999-06-01), Botz et al.
patent: 5910987 (1999-06-01), Ginter et al.
patent: 5915019 (1999-06-01), Ginter et al.
patent: 5917912 (1999-06-01), Ginter et al.
patent: 5933498 (1999-08-01), Schneck et al.
patent: 5941947 (1999-08-01), Brown et al.
patent: 5944794 (1999-08-01), Okamoto et al.
patent: 5949876 (1999-09-01), Ginter et al.
patent: 5982891 (1999-11-01), Ginter et al.
patent: 5983270 (1999-11-01), Abraham et al.
patent: 6006225 (1999-12-01), Bowman et al.
patent: 6088804 (2000-07-01), Hill et al.
patent: 6219803 (2001-04-01), Casella et al.
patent: 6249886 (2001-06-01), Kalkunte
patent: 6298445 (2001-10-01), Shostack et al.
patent: 6301668 (2001-10-01), Gleichauf et al.
patent: 6311278 (2001-10-01), Raanan et al.
patent: 6408391 (2002-06-01), Huff et al.
patent: 6415321 (2002-07-01), Gleichauf et al.
patent: 6584569 (2003-06-01), Reshef et al.
patent: 6957348 (2005-10-01), Flowers et al.
patent: 6996845 (2006-02-01), Hurst et al.
patent: 2002/0026591 (2002-02-01), Hartley et al.
patent: 2002/0053033 (2002-05-01), Cooper et al.
patent: 0 959 586 (1999-11-01), None
patent: 0 959 586 (2002-01-01), None
patent: WO 99/46882 (1999-09-01), None
patent: WO 00/16206 (2000-03-01), None
patent: WO 01/02963 (2001-01-01), None
patent: WO 01/31415 (2001-05-01), None
Pierre Bieber, “Formal Techniques for an ITSEC-E4 Secure Gateway,”IEEE, pp. 236-245, (1996).
Karen L. Peterson, “IDA—Intrusion Detection Alert,”IEEE, pp. 306-311,(1992).
W. Song, et al., “Design and Implemantation of a Security Management System,”IEEE, pp. 261-264, (1995).
Jia-Ling Lin, et al., “Abstraction-Based Misuse Detection: High-Level Specification and Adaptable Strategies,”IEEE, (1998).
Ravi S. Sandhu, et al., “Role-Based Access Control: A Multi-Dimensional View,”IEEE, pp. 54-62, (1994).
Boris Kogan, et al., “An Audit Model for Object-Oriented Databases,”IEEE, pp. 90-99, (1991).
J. Freeman, et al., “Developing Secure Systems: Issues and Solutions,”IEEE, pp. 183-190, (1988).
Thomas H. Ptacek, et al, “Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection,”Secure Network Inc., pp. 1-63 (Jan. 1998).
Laurent Joncheay, “A Simple Active Attack Against TCP,”Merit Network Inc., (Apr. 24, 1995).
Steve Cheung, et al, “Protecting Routing Infrastructure From Denial of Service Using Cooperative Intrusion Detection,”University of California, New Security Paradigms Workshop Cumbria UK, (Sep. 23-26, 1997).
Diegom Zamboni, “SAINT: a Security Analysis Integration Tool,”System Admin, Networking&Security Conference, Washington, D.C. (May 12-18, 1996).
PCT/IL02/00202, Aug. 31, 2001, PCT-International Patent Application Search Report.
El-Hanany Yuval
Raanan Gil
Reshef Eran
Tsarfati Tom
Arani Taghi T.
Thelen Reid Brown Raysman & Steiner
Watchfire Corporation
LandOfFree
System for determining web application vulnerabilities does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System for determining web application vulnerabilities, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System for determining web application vulnerabilities will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3886354