Re: Web Application Penetration Testing Methodology Patent

[Richard Rager <kb8rln () penguinmaster com>]

> As many of you know, Sanctum, Inc. has a been granted a patent (United
> States Patent No. 6,584,569) describing a process for automatically detecting
> potential application-level vulnerabilities or security flaws in a web
> application. 

  Ok this look like you are just looking at the Introduction or the 
overview of the patent.  What we need are the Claim(s) only.

  I believe in what Linus Torvalds said (paraphasing) "Do not read patents
at all just write code.  If you break a claim in a patent it most likely
commmon knowledge or a new way of doing it."

  Last time I check it is 125 US dollars per claim to file against any 
patent.


  Ok to kill a patent you need:

    1.) Prior Art

    2.) Prove that any one in that field would normally do it that why.

   

    Example it could be argued that if this is the manual way that I did 
it.  A computer that does it faster can not be patented.  Now if I wrote a 
IA that did it with out setting off an IDS then that might be a claim 
that can be well founded.


  WARNING:  I am not a layer and I do not like them.  I have study this 
subject at length because of a program that I wrote that is was said it 
infringe on another patent.  I did find prior art and was able to backup 
my claims that I use common knowledge that was not in their claims.


Enjoy,

Richard Rager


---------------------------------------------------------------------------
----------------------------------------------------------------------------