专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08910292B1 Method and system for detection of remote file inclusion vulnerabilities 有权
标题翻译：用于检测远程文件夹入漏洞的方法和系统
公开(公告)号：US08910292B1
公开(公告)日：2014-12-09
申请号：US13533413
申请日：2012-06-26
申请人： Brett Oliphant , Ben Tyler , Gabriel Richard Pack , Brett Hardin
发明人： Brett Oliphant , Ben Tyler , Gabriel Richard Pack , Brett Hardin
IPC分类号： G06F11/36 , H04L29/06 , G06F21/57 , G06F21/55
CPC分类号： H04L63/1433 , G06F21/556 , G06F21/577 , G06F2221/033 , H04L63/168
摘要： A method for detecting remote file inclusion vulnerabilities in a web application includes altering of extracted resource references from a web application, submission of altered references as HTTP requests to the web application, inspection of corresponding HTTP responses, and diagnosis of vulnerability. A computer system or systems can implement the disclosed embodiments.
摘要翻译：用于检测web应用中的远程文件夹入漏洞的方法包括：从Web应用中改变提取的资源引用，将改变的引用作为HTTP请求提交给web应用，检查相应的HTTP响应以及对脆弱性的诊断。计算机系统或系统可以实现所公开的实施例。

2. 发明申请

US20140130172A1 SYSTEMS AND METHODS FOR AUTOMATING BLIND DETECTION OF COMPUTATIONAL VULNERABILITIES 有权
标题翻译：自动检测计算漏洞的系统和方法
公开(公告)号：US20140130172A1
公开(公告)日：2014-05-08
申请号：US14155201
申请日：2014-01-14
申请人： Brett Oliphant , Ben Tyler , Gabriel Pack , Brett Hardin
发明人： Brett Oliphant , Ben Tyler , Gabriel Pack , Brett Hardin
IPC分类号： G06F21/57
CPC分类号： H04L63/1433 , G06F21/556 , G06F21/577 , G06F2221/033 , H04L63/168
摘要： Methods for blind detection of computational vulnerabilities include the submission by a detecting system of potentially interpretable information to a target system; measurement of the timing characteristics of the output from the target system by the detecting system; and diagnosis of the vulnerabilities of the target system by the detecting system as based on the timing characteristics, optionally in conjunction with auxiliary data. Invented systems provide reference implementations of these methods.
摘要翻译：用于盲目检测计算漏洞的方法包括检测系统向目标系统提交潜在的可解释信息; 通过检测系统测量目标系统的输出的定时特性; 以及基于定时特性，可选地与辅助数据一起，由检测系统诊断目标系统的漏洞。发明的系统提供了这些方法的参考实现。

3. 发明申请

US20060259972A2 VULNERABILITY AND REMEDIATION DATABASE 审中-公开
标题翻译：易损性和补救数据库
公开(公告)号：US20060259972A2
公开(公告)日：2006-11-16
申请号：US10882788
申请日：2004-07-01
申请人： Brett Oliphant
发明人： Brett Oliphant
IPC分类号： G06F11/00
CPC分类号： H04L63/1441 , G06F21/55 , G06F21/57 , G06F21/577 , H04L63/1433 , H04L63/20
摘要： Abstract of the DisclosureA security information management system is described, wherein client-side devices preferably collect and monitor information describing the operating system, software, and patches installed on the device(s), as well as configuration thereof. A database of this information is maintained, along with data describing vulnerabilities of available software and associated remediation techniques available for it. The remediation techniques in the database include some that apply software patches, some that change the device’s policy settings, and some that change one of the device’s configuration files or registry.
摘要翻译：摘要描述了一种安全信息管理系统，其中客户端设备优选地收集和监视描述安装在设备上的操作系统，软件和补丁的信息，以及其配置。维护此信息的数据库，以及描述可用软件的漏洞和可用的相关修复技术的数据。数据库中的修复技术包括一些应用软件修补程序，一些修改设备的策略设置，以及一些更改设备的配置文件或注册表之一。

4. 发明申请

US20060230441A2 REAL-TIME VULNERABILITY MONITORING 审中-公开
标题翻译：实时漏洞监控
公开(公告)号：US20060230441A2
公开(公告)日：2006-10-12
申请号：US10882852
申请日：2004-07-01
申请人： Brett Oliphant
发明人： Brett Oliphant
IPC分类号： G06F15/16
CPC分类号： H04L63/1433 , G06F21/50 , H04L63/0263 , H04L63/1416 , H04L63/20
摘要： Abstract of the DisclosureA security information management system is described, wherein client-side devices preferably collect and monitor information describing the operating system, software, and patches installed on the device(s), as well as configuration thereof. A database of this information is maintained, along with data describing vulnerabilities of available software and associated remediation techniques available for it. The system exposes an API to support security-related decisions by other applications. For example, an intrusion detection system (IDS) accesses the database to determine whether an actual threat exists and should be (or has been) blocked.
摘要翻译：摘要描述了一种安全信息管理系统，其中客户端设备优选地收集和监视描述安装在设备上的操作系统，软件和补丁的信息，以及其配置。维护此信息的数据库，以及描述可用软件的漏洞和可用的相关修复技术的数据。该系统公开了一个API，以支持其他应用程序与安全性相关的决策。例如，入侵检测系统（IDS）访问数据库以确定是否存在实际的威胁，并应该（或已被）阻止。

5. 发明申请

US20050005159A1 Vulnerability and remediation database 审中-公开
标题翻译：漏洞和修复数据库
公开(公告)号：US20050005159A1
公开(公告)日：2005-01-06
申请号：US10882788
申请日：2004-07-01
申请人： Brett Oliphant
发明人： Brett Oliphant
IPC分类号： H04L9/00 , H04L9/32
CPC分类号： H04L63/1441 , G06F21/55 , G06F21/57 , G06F21/577 , H04L63/1433 , H04L63/20
摘要： A security information management system is described, wherein client-side devices preferably collect and monitor information describing the operating system, software, and patches installed on the device(s), as well as configuration thereof. A database of this information is maintained, along with data describing vulnerabilities of available software and associated remediation techniques available for it. The remediation techniques in the database include some that apply software patches, some that change the device's policy settings, and some that change one of the device's configuration files or registry.
摘要翻译：描述了安全信息管理系统，其中客户端设备优选地收集和监视描述安装在设备上的操作系统，软件和补丁的信息，以及其配置。维护此信息的数据库，以及描述可用软件的漏洞和可用的相关修复技术的数据。数据库中的修复技术包括一些应用软件修补程序，一些修改设备的策略设置，以及一些更改设备的配置文件或注册表之一。

6. 发明申请

US20070118756A2 POLICY-PROTECTION PROXY 审中-公开
标题翻译：政策保护代理
公开(公告)号：US20070118756A2
公开(公告)日：2007-05-24
申请号：US10882853
申请日：2004-07-01
申请人： Brett Oliphant
发明人： Brett Oliphant
IPC分类号： H04K1/00
CPC分类号： G06F8/60 , H04L63/0281 , H04L63/104
摘要： A database maintains security status information on each device in a network, based on whether the device's operating system, software, and patches are installed and configured to meet a baseline level of security. A network gateway proxy blocks connection attempts from devices for which the database indicates a substandard security status, but allows connections from other devices to pass normally. The database is preferably updated on a substantially real-time basis by client-side software run by each device in the network.
摘要翻译：数据库根据设备的操作系统，软件和修补程序是否安装并配置为满足基准安全级别，来维护网络中每个设备上的安全状态信息。网络网关代理阻止来自数据库指示不合标准安全状态的设备的连接尝试，但允许来自其他设备的连接正常通过。数据库优选地通过由网络中的每个设备运行的客户端软件基本上实时地更新。

7. 发明申请

US20060259946A2 AUTOMATED STAGED PATCH AND POLICY MANAGEMENT 审中-公开
标题翻译：自动化分销和政策管理
公开(公告)号：US20060259946A2
公开(公告)日：2006-11-16
申请号：US10884329
申请日：2004-07-01
申请人： Brett Oliphant
发明人： Brett Oliphant
IPC分类号： H04L9/00
CPC分类号： G06F21/55 , G06F8/60 , G06F21/577
摘要： Abstract of the DisclosureA security information management system is described, wherein client-side devices preferably collect and monitor information describing the operating system, software, and patches installed on the device(s), as well as configuration thereof. A database of this information is maintained, along with data describing vulnerabilities of available software and associated remediation techniques available for it. The system exposes an API to support security-related decisions by other applications. For example, an intrusion detection system (IDS) accesses the database to determine whether an actual threat exists and should be (or has been) blocked.
摘要翻译：摘要描述了一种安全信息管理系统，其中客户端设备优选地收集和监视描述安装在设备上的操作系统，软件和补丁的信息及其配置。维护此信息的数据库，以及描述可用软件的漏洞和可用的相关修复技术的数据。该系统公开了一个API，以支持其他应用程序与安全性相关的决策。例如，入侵检测系统（IDS）访问数据库以确定是否存在实际的威胁，并应该（或已被）阻止。

8. 发明申请

US20050022003A1 Client capture of vulnerability data 审中-公开
标题翻译：客户端捕获漏洞数据
公开(公告)号：US20050022003A1
公开(公告)日：2005-01-27
申请号：US10883376
申请日：2004-07-01
申请人： Brett Oliphant
发明人： Brett Oliphant
IPC分类号： G06F9/445 , H04L9/00
CPC分类号： G06F21/56 , G06F8/60 , G06F21/577 , H04L63/1408 , H04L63/1433
摘要： A security information management system is described, wherein client-side devices preferably collect and monitor information describing the operating system, software, and patches installed on the device(s), as well as configuration thereof. A database of this information is maintained, along with data describing vulnerabilities of available software and associated remediation techniques available for it. The system exposes an API to support security-related decisions by other applications. For example, an intrusion detection system (IDS) accesses the database to determine whether an actual threat exists and should be (or has been) blocked.
摘要翻译：描述了安全信息管理系统，其中客户端设备优选地收集和监视描述安装在设备上的操作系统，软件和补丁的信息，以及其配置。维护此信息的数据库，以及描述可用软件的漏洞和可用的相关修复技术的数据。该系统公开了一个API，以支持其他应用程序与安全性相关的决策。例如，入侵检测系统（IDS）访问数据库以确定是否存在实际的威胁，并应该（或已被）阻止。

9. 发明申请

US20050005171A1 Real-time vulnerability monitoring 审中-公开
标题翻译：实时漏洞监控
公开(公告)号：US20050005171A1
公开(公告)日：2005-01-06
申请号：US10882852
申请日：2004-07-01
申请人： Brett Oliphant
发明人： Brett Oliphant
IPC分类号： H04L9/00
CPC分类号： H04L63/1433 , G06F21/50 , H04L63/0263 , H04L63/1416 , H04L63/20
摘要： A security information management system is described, wherein client-side devices preferably collect and monitor information describing the operating system, software, and patches installed on the device(s), as well as configuration thereof. A database of this information is maintained, along with data describing vulnerabilities of available software and associated remediation techniques available for it. The system exposes an API to support security-related decisions by other applications. For example, an intrusion detection system (IDS) accesses the database to determine whether an actual threat exists and should be (or has been) blocked.
摘要翻译：描述了安全信息管理系统，其中客户端设备优选地收集和监视描述安装在设备上的操作系统，软件和补丁的信息，以及其配置。维护此信息的数据库，以及描述可用软件的漏洞和可用的相关修复技术的数据。该系统公开了一个API，以支持其他应用程序与安全性相关的决策。例如，入侵检测系统（IDS）访问数据库以确定是否存在实际的威胁，并应该（或已被）阻止。

10. 发明申请

US20070112941A2 CLIENT CAPTURE OF VULNERABILITY DATA 审中-公开
标题翻译：客户识别易受害性数据
公开(公告)号：US20070112941A2
公开(公告)日：2007-05-17
申请号：US10883376
申请日：2004-07-01
申请人： Brett Oliphant
发明人： Brett Oliphant
IPC分类号： G06F15/177 , H04L9/00
CPC分类号： G06F21/56 , G06F8/60 , G06F21/577 , H04L63/1408 , H04L63/1433
摘要： A security information management system is described, wherein client-side devices preferably collect and monitor information describing the operating system, software, and patches installed on the device(s), as well as configuration thereof. A database of this information is maintained, along with data describing vulnerabilities of available software and associated remediation techniques available for it. The system exposes an API to support security-related decisions by other applications. For example, an intrusion detection system (IDS) accesses the database to determine whether an actual threat exists and should be (or has been) blocked.
摘要翻译：描述了安全信息管理系统，其中客户端设备优选地收集和监视描述安装在设备上的操作系统，软件和补丁的信息，以及其配置。维护此信息的数据库，以及描述可用软件的漏洞和可用的相关修复技术的数据。该系统公开了一个API，以支持其他应用程序与安全性相关的决策。例如，入侵检测系统（IDS）访问数据库以确定是否存在实际的威胁，并应该（或已被）阻止。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式