« Ensuring Web application security during a company merger | Main | Article: Secure file upload in PHP web applications »

Cenzic Patents the obvious: Fault Injection!

I monitor google news for anything application security related and found the following announced today by Cenzic.

"the U.S. Patent and Trademark Office (PTO) has issued the company U.S. Patent No. 7,185,232, focused on fault injection technology, which is commonly used by most security assessment scanners." - Cenzic

Cenzic is not the first application security scanner for starters so there is plenty of prior art already out there. I'm not sure how they are going to enforce their patent exactly. Reading further along

"We are very pleased to receive this patent, which protects Cenzic's role as the only company that has patents on Fault Injection, a key component of all application security testing solutions. In the upcoming weeks, we'll be looking at other vendors in this space to understand the implications of this patent vis-à-vis the methodology used by these other players."

I wish cenzic luck in trying to bully errr identify the implications of other vendors. If any vendor here is reading this be sure to check out Web bandit written by Global Hell Circa 1998. I don't recall the link but it is available online somewhere. Here is an abstract of the patent.

"A method of testing a target in a network by fault injection, includes: defining a transaction baseline; modifying at least one of an order and a structure of the transaction baseline to obtain a modified transaction with malformed grammar; and transmitting the modified transaction to a target. The method may further include, receiving a feedback from the target to determine fault occurrence. An apparatus for testing a target in a network by fault injection, includes: a driver configured to generate patterns, where a pattern can generate a plurality of packets for transmission to the target, the pattern being represented by an expression with a literal string and a wild character class; and a network interface coupled to the driver and configured to transmit and receive network traffic. "

Under this patent QA tools would be in violation of this as well.
More information at the full patent text link below. All I can say is UGH. (Pokes his eye out)

Patent Full text: http://www.patentstorm.us/patents/7185232-fulltext.html
Press Release Link: http://www.marketwirecanada.com/2.0/release.do?id=743305


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!