I monitor google news for anything application security related and found the following announced today by Cenzic.
"the U.S. Patent and Trademark Office (PTO) has issued the company U.S. Patent No. 7,185,232, focused on fault injection technology, which is commonly used by most security assessment scanners." – Cenzic
Cenzic is not the first application security scanner for starters so
there is plenty of prior art already out there. I’m not sure
how they are going to enforce their patent exactly. Reading further
along
"We are very pleased to receive this patent, which protects Cenzic’s role as the only company that has patents on Fault
Injection, a key component of all application security testing solutions. In the upcoming weeks, we’ll be looking at other
vendors in this space to understand the implications of this patent vis-à-vis the methodology used by these other
players."
I wish cenzic luck in trying to bully errr identify the implications of
other vendors. If any vendor here is reading this be sure to check out
Web bandit written by Global Hell Circa 1998. I don’t recall the link
but it is available online somewhere. Here is
an abstract of the patent.
"A method of testing a target in a network by fault injection,
includes: defining a transaction baseline; modifying at least one of an
order and a structure of the transaction baseline to obtain a modified
transaction with malformed grammar; and transmitting the modified
transaction to a target. The method may further include, receiving a
feedback from the target to determine fault occurrence. An apparatus
for testing a target in a network by fault injection, includes: a
driver configured to generate patterns, where a pattern can generate a
plurality of packets for transmission to the target, the pattern being
represented by an expression with a literal string and a wild character
class; and a network interface coupled to the driver and configured to
transmit and receive network traffic. "
Under this patent QA tools would be in violation of this as well.
More information at the full patent text link below. All I can say is UGH. (Pokes his eye out)
Patent Full text: http://www.patentstorm.us/patents/7185232-fulltext.html
Press Release Link: http://www.marketwirecanada.com/2.0/release.do?id=743305
