Home arrow Blog arrow Month of Prior Art arrow Month Of Prior Art: Day 1

 
Home
Cenzic Invented Fault Injection?!
Month of Prior Art
Cenzic-vs-NTO
Blog
News/Blog Coverage
Patent Fighters
Advanced Search
Contact Us
FAQ
Month Of Prior Art: Day 1 PDF Print E-mail
Written by Enrique A. Sanchez Montellano   
Apr 01, 2011 at 12:00 AM

To start of the Month of Prior Art (MoPA) we will use the broad read of patent 232. I have words on that topic to be spoken later about limits on the scope, but until I have more to present about that we will stick with the broad read from the Claim Chart.

Today we will start on the basic concept itself

Cenzic 232 Patent Claim 10: A method of testing a target on a network by fault injection, the method comprising:
defining a transaction baseline;
and 
modifying an input field in the transaction baseline to obtain a modified transaction with malformed value, wherein modifying the input field comprises at least one of the following:

A few of the many Prior Art Examples

  1. The concept of fault injection goes far back into history. In the last 100 years it is the common model for testing, the act of applying something outside normal to find the limits. Applying this concept to software is a newer application, but not even that new and is something that common QA tools have been doing for a long time. Take nearly any QA tool from the 90's and it would easily apply as prior art to this point.

  2. The wording is slightly different but meaning and result is identical
    Watchfire Patent No 6,584,569, now held by IBM
    From the abstract:
    "A method for detecting security vulnerabilities in a web application includes analyzing the client requests and server responses resulting therefrom in order to discover pre-defined elements of the application's interface with external clients and the attributes of these elements. The client requests are then mutated based on a pre-defined set of mutation rules to thereby generate exploits unique to the application. The web application is attacked using the exploits and the results of the attack are evaluated for anomalous application activity."

  3. The entire topic of  the 1998 book "Software Fault Injection: Inoculating Programs Against Errors" by Jeff Voas and Gary McGraw discusses this topic indepth and is not the first publication by Jeff Voas about the topic as well. I will post more as the month goes on.

  4. Software programs like nmap were doing these kinds of activities even for HTTP Server Fingerprinting going back into 90's as well. This example from a few weeks ago is another simple example of how easy it is to .

 

User Comments

Please login or register to add comments
Last Updated ( Apr 07, 2011 at 06:14 PM )
<Previous   Next>

Mambo is Free Software released under the GNU/GPL License.