Monday, June 21, 2004

Web Application Penetration Testing Methodology Patent

As many of you know, Sanctum, Inc. has a been granted a patent (United States Patent No. 6,584,569) describing a process for automatically detecting potential application-level vulnerabilities or security flaws in a web application. What you may not know is that this patent is a "method" patent which means that it describes the way something works rather than a "product" patent which describes an actual product. A method patent is the broadest form of a patent which covers not just products but also the process or way people work.

The Sanctum patent is very broad and virtually everyone who is involved with web application security is in violation of this patent.