RE: Web Application Penetration Testing Methodology Patent

["Richard M. Smith" <rms () computerbytesman com>]

Here's the actual patent:

   http://tinyurl.com/2zndg 

The patent was filed in March 2001.  The claims section is the revalent part
of the patent to read to see if anyone was doing the samething before
Sanctum.  

Richard 

-----Original Message-----
From: Matthew Wagenknecht [mailto:Matthew.Wagenknecht () quantum com] 
Sent: Friday, January 16, 2004 11:10 AM
To: 'Levenglick, Jeff'; webtester () hushmail com; webappsec () securityfocus com;
pen-test () securityfocus com
Subject: RE: Web Application Penetration Testing Methodology Patent

Wow, Jeff.. Where did that come from? 

I think that this request is quite legitimate. It has much more to do with
pen-test and web application security than legal issues.. Truth is Sanctum's
patent request is an attampt to own common sense. The methodology detailed
in the patent request is not the result of an internal think tank at Sanctum
that came up with a new thought process for web app penetration testing. The
details basically describe the equivilent of walking up to every house on a
street and rattling the dorr knobs. If the dorr doesn't open easily, try
every key-like object in their possesion to jimmy the lock. 

It's like me trying to patent how I pay bills and not allowing anyone else
to do it that way.. It's just silly..