Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Web Application Penetration Testing Methodology Patent
From: Richard Rager <kb8rln () penguinmaster com>
Date: Fri, 16 Jan 2004 12:09:09 -0700 (MST)

As many of you know, Sanctum, Inc. has a been granted a patent (United
States Patent No. 6,584,569) describing a process for automatically detecting
potential application-level vulnerabilities or security flaws in a web

  Ok this look like you are just looking at the Introduction or the 
overview of the patent.  What we need are the Claim(s) only.

  I believe in what Linus Torvalds said (paraphasing) "Do not read patents
at all just write code.  If you break a claim in a patent it most likely
commmon knowledge or a new way of doing it."

  Last time I check it is 125 US dollars per claim to file against any 

  Ok to kill a patent you need:

    1.) Prior Art

    2.) Prove that any one in that field would normally do it that why.


    Example it could be argued that if this is the manual way that I did 
it.  A computer that does it faster can not be patented.  Now if I wrote a 
IA that did it with out setting off an IDS then that might be a claim 
that can be well founded.

  WARNING:  I am not a layer and I do not like them.  I have study this 
subject at length because of a program that I wrote that is was said it 
infringe on another patent.  I did find prior art and was able to backup 
my claims that I use common knowledge that was not in their claims.


Richard Rager


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]