Cenzic Patents the obvious: Fault Injection!

News

Web Server Security

Phishing

Database Security

Application Server Security

Library

Vulnerability Archive

Secure Development

Web Services

Pen Test

AJAX

Application Firewalls

Main -> Internet Security News

TOPIC'S

Advertising

Old News

About

Resume

Contact

FAQ

Irc

Links

Books

Demos

Papers

Downloads

Advisories

Contributions

Security Services

Submit News

Syndicated News

Hosting generously provided by

www.mv.com

Cenzic Patents the obvious: Fault Injection!

Posted 06/18/07 by Robert

I monitor google news for anything application security related and found the following announced today by Cenzic.

"the U.S. Patent and Trademark Office (PTO) has issued the company U.S. Patent No. 7,185,232, focused on fault injection technology, which is commonly used by most security assessment scanners." - Cenzic

Cenzic is not the first application security scanner for starters so there is plenty of prior art already out there. I'm not sure how they are going to enforce their patent exactly. Reading further along

"We are very pleased to receive this patent, which protects Cenzic's role as the only company that has patents on Fault Injection, a key component of all application security testing solutions. In the upcoming weeks, we'll be looking at other vendors in this space to understand the implications of this patent vis-�-vis the methodology used by these other players."

I wish cenzic luck in trying to bully errr identify the implications of other vendors. If any vendor here is reading this be sure to check out Web bandit written by Global Hell Circa 1998. I don't recall the link but it is available online somewhere. Here is an abstract of the patent.

"A method of testing a target in a network by fault injection, includes: defining a transaction baseline; modifying at least one of an order and a structure of the transaction baseline to obtain a modified transaction with malformed grammar; and transmitting the modified transaction to a target. The method may further include, receiving a feedback from the target to determine fault occurrence. An apparatus for testing a target in a network by fault injection, includes: a driver configured to generate patterns, where a pattern can generate a plurality of packets for transmission to the target, the pattern being represented by an expression with a literal string and a wild character class; and a network interface coupled to the driver and configured to transmit and receive network traffic. "

Under this patent QA tools would be in violation of this as well.
More information at the full patent text link below. All I can say is UGH. (Pokes his eye out)

Patent Full text: http://www.patentstorm.us/patents/7185232-fulltext.html
Press Release Link: http://www.marketwirecanada.com/2.0/release.do?id=743305
Link to this Story: Cenzic Patents the obvious: Fault Injection!
Link: Have a Site Suggestion, Material Request, or News? Submit it!
News RSS Feed: Web Security news RSS Feed

Discuss this article Find Related Stories