[OWASP-LEADERS] Sanctums Patent

Dinis Cruz dinis at ddplus.net
Sun Nov 30 21:20:47 EST 2003

Is this enforceable?

Surely Sanctum where not the first ones to use this technique? 

I'm sure their used previously openly published technology in their

Isn't this on the same category as the Amazon patent for one-click
online buy?

This just confirms the fact that Patents are the biggest treat to open
development code sharing.

Would be interesting to see if this also affects what I'm doing with
ANSA (Asp.Net Security Analyzer)

Dinis Cruz
.Net Security Consultant

-----Original Message-----
From: owasp-leaders-admin at lists.sourceforge.net
[mailto:owasp-leaders-admin at lists.sourceforge.net] On Behalf Of Mark
Sent: Monday, December 01, 2003 2:00 AM
To: owasp-leaders at lists.sourceforge.net
Subject: [OWASP-LEADERS] Sanctums Patent


I have been hearing rumors that Sanctum are starting to issue writs for
patent infringement. Whilst I personally think its farcical that anyone
get such a patent that facts are its been issued and they are pursuing
people. The question for us is how is WebScarabs future affected by this
patent ? There are also a lot of questions about OASIS WAS that we need
deal with but that's a separate issue. What do we do ?

United States Patent No. 6,584,569 to Reshef et al. and assigned to
Ltd. ("The Sanctum Patent") discloses a scanner for automatically
potential application-level vulnerabilities or security flaws in a web
application. The independent claims of the Sanctum patent generally
to a scanner that (1) traverses a web application in order to discover
actuate the links therein, (2) analyzes messages that flow or would flow
between an authorized client and a web server in order to discover
of the web application's interface with external clients and attributes
these elements (such as links, fill-in forms, fields, fixed fields,
fields, menu options, etc.), (3) generates unauthorized client requests
which these elements are mutated, sends the mutated client requests to
web server, receives server responses to the unauthorized client
and (4) evaluates the results thereof.

This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
Owasp-leaders mailing list
Owasp-leaders at lists.sourceforge.net

Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.544 / Virus Database: 338 - Release Date: 11/25/2003

Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.544 / Virus Database: 338 - Release Date: 11/25/2003

More information about the OWASP-Leaders mailing list