[OWASP-LEADERS] Sanctums Patent

Gabriel Lawrence gabe at landq.org
Mon Dec 1 14:04:04 EST 2003

What was the issue date of the patent? It would seem that finding prior art
for many if not all the claims wouldn't be that hard.


-----Original Message-----
From: owasp-leaders-admin at lists.sourceforge.net
[mailto:owasp-leaders-admin at lists.sourceforge.net] On Behalf Of Mark Curphey
Sent: Sunday, November 30, 2003 6:00 PM
To: owasp-leaders at lists.sourceforge.net
Subject: [OWASP-LEADERS] Sanctums Patent


I have been hearing rumors that Sanctum are starting to issue writs for
patent infringement. Whilst I personally think its farcical that anyone can
get such a patent that facts are its been issued and they are pursuing
people. The question for us is how is WebScarabs future affected by this
patent ? There are also a lot of questions about OASIS WAS that we need to
deal with but that's a separate issue. What do we do ?

United States Patent No. 6,584,569 to Reshef et al. and assigned to Sanctum
Ltd. ("The Sanctum Patent") discloses a scanner for automatically detecting
potential application-level vulnerabilities or security flaws in a web
application. The independent claims of the Sanctum patent generally relate
to a scanner that (1) traverses a web application in order to discover and
actuate the links therein, (2) analyzes messages that flow or would flow
between an authorized client and a web server in order to discover elements
of the web application's interface with external clients and attributes of
these elements (such as links, fill-in forms, fields, fixed fields, hidden
fields, menu options, etc.), (3) generates unauthorized client requests in
which these elements are mutated, sends the mutated client requests to the
web server, receives server responses to the unauthorized client requests,
and (4) evaluates the results thereof.

This SF.net email is sponsored by: SF.net Giveback Program. Does
SourceForge.net help you be more productive?  Does it help you create better
code?  SHARE THE LOVE, and help us help YOU!  Click Here:
Owasp-leaders mailing list
Owasp-leaders at lists.sourceforge.net

More information about the OWASP-Leaders mailing list