[OWASP-LEADERS] Sanctums Patent

Dinis Cruz dinis at ddplus.net
Sun Nov 30 21:20:47 EST 2003


Is this enforceable?

Surely Sanctum where not the first ones to use this technique? 

I'm sure their used previously openly published technology in their
scanner?

Isn't this on the same category as the Amazon patent for one-click
online buy?

This just confirms the fact that Patents are the biggest treat to open
development code sharing.

Would be interesting to see if this also affects what I'm doing with
ANSA (Asp.Net Security Analyzer)

Dinis Cruz
.Net Security Consultant
DDPlus.net

-----Original Message-----
From: owasp-leaders-admin at lists.sourceforge.net
[mailto:owasp-leaders-admin at lists.sourceforge.net] On Behalf Of Mark
Curphey
Sent: Monday, December 01, 2003 2:00 AM
To: owasp-leaders at lists.sourceforge.net
Subject: [OWASP-LEADERS] Sanctums Patent

Team,

I have been hearing rumors that Sanctum are starting to issue writs for
patent infringement. Whilst I personally think its farcical that anyone
can
get such a patent that facts are its been issued and they are pursuing
people. The question for us is how is WebScarabs future affected by this
patent ? There are also a lot of questions about OASIS WAS that we need
to
deal with but that's a separate issue. What do we do ?

United States Patent No. 6,584,569 to Reshef et al. and assigned to
Sanctum
Ltd. ("The Sanctum Patent") discloses a scanner for automatically
detecting
potential application-level vulnerabilities or security flaws in a web
application. The independent claims of the Sanctum patent generally
relate
to a scanner that (1) traverses a web application in order to discover
and
actuate the links therein, (2) analyzes messages that flow or would flow
between an authorized client and a web server in order to discover
elements
of the web application's interface with external clients and attributes
of
these elements (such as links, fill-in forms, fields, fixed fields,
hidden
fields, menu options, etc.), (3) generates unauthorized client requests
in
which these elements are mutated, sends the mutated client requests to
the
web server, receives server responses to the unauthorized client
requests,
and (4) evaluates the results thereof.




-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Owasp-leaders mailing list
Owasp-leaders at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/owasp-leaders


---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.544 / Virus Database: 338 - Release Date: 11/25/2003
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.544 / Virus Database: 338 - Release Date: 11/25/2003
 





More information about the OWASP-Leaders mailing list