Internet security analysis system and process

Patent 6996845 Issued on February 7, 2006. Estimated Expiration Date:

November 28, 2020. Estimated Expiration Date is calculated based on simple USPTO term provisions. It does not account for terminal disclaimers, term adjustments, failure to pay maintenance fees, or other factors which might affect the term of a patent.

Abstract Claims Description Full Text

Patent References

System and method of protecting integrity of computer data and software
Patent #: 4975950
Issued on: 12/04/1990
Inventor: Lentz

System and method for protecting integrity of computer data and software
Patent #: 5121345
Issued on: 06/09/1992
Inventor: Lentz

Method and apparatus for assessing integrity of computer system software
Patent #: 5421006
Issued on: 05/30/1995
Inventor: Jablon, et al.

Automatic immune system for computers and computer networks
Patent #: 5440723
Issued on: 08/08/1995
Inventor: Arnold, et al.

Method and system for authenticating files
Patent #: 5454000
Issued on: 09/26/1995
Inventor: Dorfman

Apparatus for securing the integrity of a functioning system
Patent #: 5509076
Issued on: 04/16/1996
Inventor: Sprunk

Method and system for detecting intrusion into and misuse of a data processing system
Patent #: 5557742
Issued on: 09/17/1996
Inventor: Smaha, et al.

Facility for detecting intruders and suspect callers in a computer installation and a security system including such a facility
Patent #: 5621889
Issued on: 04/15/1997
Inventor: Lermuzeaux, et al.

Network management system for detecting and displaying a security hole
Patent #: 5684957
Issued on: 11/04/1997
Inventor: Kondo, et al.

Network vulnerability management apparatus and method
Patent #: 5699403
Issued on: 12/16/1997
Inventor: Ronnen

More ...

Inventors

Assignee

S.P.I. Dynamics Incorporated

Application

No. 09722655 filed on 11/28/2000

US Classes:

726/25, Vulnerability assessment726/22, MONITORING OR SCANNING OF SOFTWARE OR DATA INCLUDING ATTACK PREVENTION705/76Electronic credential

Examiners

Primary: Smithers, Matthew

Attorney, Agent or Firm

Stites & Harbison PLLC

Foreign Patent References

36 21 106 DE 01/01/1968
0 329 415 EP 08/01/1989
6324972 JP 11/01/1994
07262135 JP 10/01/1995
11316677 JP 11/01/1999
WO 98/42103 WO 09/01/1998
WO 99/21335 WO 04/01/1999
WO 99/35583 WO 07/01/1999
WO 99/56195 WO 11/01/1999
WO 99/56196 WO 11/01/1999
WO 99/59292 WO 11/01/1999
WO 99/68383 WO 12/01/1999

International Class

G06F 11/30

Abstract

An automated Web security analysis system and process identifies security vulnerabilities in a target Internet Web site by parsing through the target Web site to search for a predetermined list of common security vulnerabilities. The process is recursive, exploiting information gathered throughout the process to search for additional security vulnerabilities. A prioritized list of detected security vulnerabilities is then presented to a user, including preferably a list of recommendations to eliminate the detected security vulnerabilities.

Other References

Garfinkel, Simson et al., “Secure CGI/API Programming,” www.w3journal.com, Excerpted from Web Security & Commerce, 1997, pp. 1-16, O'Reilly & Associates.
Puppy, Rain Forest, “A lock at whisker's anti-IDS tactics: Just how bad can we ruin a good thing?,” www.wiretrip.net, pp. 1-8.
“The ELZA ” and “The ELZA Project Manifesto,” www.stoev.org, pp. 1-4.
Stewart, John N., “Tools for Web Security,” webserver.cpg.com, Jan. 1998, pp. 1-4.
Mudge, “BoS: test-cgi problem,” www.tao.ca, Apr. 22, 1996, pp. 1-2.
Puppy, Rain Forest, “Linux Weekly News,” old.lwn.net, Oct. 20, 1999, pp. 1-2.
Farmer, Dan et al., “Improving the Security of Your Site by Breaking into it,” www.fish.com, 1993, pp. 1-18.
Halperin, John et al., “Safe CGI Programming,” www.improving.org, Sep. 3, 1995, pp. 1-6.
“CWSApps Listing (with download) for Incontext WebAnalyzer,” cws.internet.com, Aug. 22, 1996, pp. 1-2.
Chi, Ed H. et al., Visualizing the Evolution of Web Ecologies, citeseer,nj.nec.com, 1998, pp. 1-9.
Pond, Weld, “L0pht Security Advisory,” www.atstake.com, Dec. 12, 1996, pp. 1-2.
Daniels, Tim, “NetCarta's WebMapper: O! What a Tangled Web We Unweave,” www.winnetmag.com, Sep. 1996, pp. 1-6.
Strom, David, “Webmapper v 2.0 beta,” www.strom.com, Infoworld, 1997, pp. 1-2, Infoworld Publishing Co.
“Urgent Security Announcement,” www.perl.com, Dec. 1995, p. 1.
Prymmer, Peter, “Nipert cgi-bin danger,” w4.Ins.comell.edu, Dec. 21, 1996, pp. 1-13.
Knorr, Konstantin et al., “Security of Electronic Business Applications: Structure and Quantification, (2000),” citeseer.nj.nec.com, pp. 1-13.
Weeks, Judson D. et al., “CCI-Based Web Security: A Design Using PGP,” Fourth International World Wide Web Conference Proceedings, The World Wide Web Journal (www.w3journal.com), Winter 1996, vol. I, Issue 1, pp. 1-24, O'Reilly & Associates.
Hammond, Nicolas, “How to Remotely Audit a Secure Web Server,” Presentation to SANS, www.njh.com, Oct. 7, 1999, pp. 1-29.
Yang, Ji-Tzay et al., “A Tool Set to Support Web Application Testing,” Proc. of the 1998 International Computer Symposium (ICS), Oct. 1998, pp. 1-8, Department of Computer Science and Information Engineering, National Chiao-Tung University, Taiwan, ROC.
McGraw, Gary et al., “Untangling the Woven Web: Testing Web-based Software,” www.rstcorp.com, Apr. 1, 1996, pp. 1-8, Reliable Software Technologies Corporation.
Bannan, Karen J., “The InternetUser Guide to 50 Essential Downloads,” PC Magazine, Jun. 1, 1997, pp. 1-18, vol. 16, No. IU.
“Internet Security Software Intro'd Aug. 20, 1996,” Newsbytes, pp. 1-3, Information Access Company.
“Web server software looks for trouble. Will begin shipping Web Security Scanner, software that lets users check for 100 weak areas,” Network Wold, Aug. 19, 1996, p. 1, Information Access Company.
“Buyer's Guide: Web Server Comucopia,” Communications Week, Jun. 2, 1997, p. 1-3, CMP Publications Inc.
“Internet Security Systems: Internet Security now shipping network security solutions for Windows NT,” M2 Presswire, Nov. 27, 1996, pp. 1-3, M2 Communications.
“SAFEsuite is evaluated the protection of the network,” babelfish.altavista.com, Cetn, Feb. 1997, pp. 66-69.
Stoev, Philip, “ELZA.txt,” phiphi.hypemart.net, pp. 1-22.
Stoev, Philip, “ELZA 2.txt,” phiphi.hypemart.net, pp. 1-2.
“Improving Your Network Security Using SATAN,” www.cs.umbc.edu, Oct. 25, 1995, pp. 1-3.
Garfinkel, Simson L., “SATAN Uncovers High Risk of Web Attack: Software Program's Study Details Wide Problems with Security,” www.simson.net, Dec. 19, 1996, pp. 1-3.
“Testing Methodology,” www.trouble.org, Dec. 1996, pp. 1-3.
“The SATAN Configuration File,” www.procupine.org, Dec. 1996, pp. 1-5.
“SATAN Configuration Management,” www.porcupine.org, Dec. 1996, pp. 1-3.
“SATAN Rulesets,” www.porcupine.org, Dec. 1996, pp. 1-4.
“SATAN Database Format,” www.porcupine.org, Dec. 1996, pp. 1-3.
“SiteSweeper 1.0,” LexisNexis, www.nexis.com, Feb. 24, 1997, pp. 1-2, CMP Media Inc.
“Internet Probe Droid,” lib.ru/security/ipd.txt, Sep. 29, 1997, pp. 1-15.