WEB FIREWALL AND METHOD FOR AUTOMATICALLY CHECKING WEB SERVER FOR VULNERABILITIES

US 20090100522A1
Filed: 03/28/2008
Published: 04/16/2009
Est. Priority Date: 10/16/2007
Status: Active Grant

First Claim

Patent Images

1. A web firewall for automatically checking for vulnerabilities, comprising:

an administrating server scheduling part for ordering the examination of an administrating web server according to a predetermined examination schedule;

a vulnerability search database calling part for calling a vulnerability search database previously stored according to the order of the administrating server scheduling part;

a vulnerability searching part for searching for potential vulnerabilities of the administrating web server corresponding to data included in the called vulnerability search database;

a vulnerability information deducing part for optimizing the results searched in the vulnerability searching part to deduce vulnerability information;

a vulnerability checking part for checking the vulnerabilities of the administrating web server based on the results deduced from the vulnerability information deducing part; and

a detailed vulnerability information reporting part for reporting detailed information on the checked vulnerabilities.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is a web firewall for automatically checking for vulnerabilities, including: an administrating server scheduling part for ordering the examination of an administrating web server according to a predetermined examination schedule; a vulnerability search database calling part for calling a vulnerability search database previously stored according to the order of the administrating server scheduling part; a vulnerability searching part for searching for potential vulnerabilities of the administrating web server corresponding to data included in the called vulnerability search database; a vulnerability information deducing part for optimizing the results searched in the vulnerability searching part to deduce vulnerability information; a vulnerability checking part for checking the vulnerabilities of the administrating web server based on the results deduced from the vulnerability information deducing part; and a detailed vulnerability information reporting part for reporting detailed information on the checked vulnerabilities.

Citations

14 Claims

1. A web firewall for automatically checking for vulnerabilities, comprising:
- an administrating server scheduling part for ordering the examination of an administrating web server according to a predetermined examination schedule;
  
  a vulnerability search database calling part for calling a vulnerability search database previously stored according to the order of the administrating server scheduling part;
  
  a vulnerability searching part for searching for potential vulnerabilities of the administrating web server corresponding to data included in the called vulnerability search database;
  
  a vulnerability information deducing part for optimizing the results searched in the vulnerability searching part to deduce vulnerability information;
  
  a vulnerability checking part for checking the vulnerabilities of the administrating web server based on the results deduced from the vulnerability information deducing part; and
  
  a detailed vulnerability information reporting part for reporting detailed information on the checked vulnerabilities.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The web firewall according to claim 1, wherein the administrating server scheduling part receives a vulnerability examination scheduling order from an external administrating server.
  - 3. The web firewall according to claim 1, further comprising:
    - a vulnerability search database for storing data on vulnerabilities of the administrating web server.
  - 4. The web firewall according to claim 3, wherein the vulnerability search database is regularly updated by an external administrator or via the Internet.
  - 5. The web firewall according to claim 1, wherein the vulnerability searching part searches for potential vulnerabilities of the administrating web server using at least one external search engine.
  - 6. The web firewall according to claim 5, wherein the vulnerability information deducing part collects information deduced from the at least one search engine and optimizes the results.
  - 7. The web firewall according to claim 1, wherein the detailed vulnerability information reporting part is transmitted to an external administrating server.
  - 8. The web firewall according to claim 1, wherein the vulnerability checking part searches for potential vulnerabilities which can allow abnormal access to the administrating web server, interrupt normal service of the administrating web server, or leak, modulate or delete data of the administrating web server.
  - 9. The web firewall according to claim 1, wherein the data included in the vulnerability search database comprises a list of vulnerabilities that can be searched by an external search engine.

10. A method of automatically checking for vulnerabilities using a web firewall for automatically checking for vulnerabilities, comprising the steps of:
- setting a time schedule for checking administrating web server vulnerabilities corresponding to a predetermined examination schedule;
  
  confirming a time corresponding to the set schedule and measuring available system resources when the set time has arrived;
  
  calling a vulnerability search database when the system resources exceed a predetermined standard value;
  
  searching for potential vulnerabilities of the administrating web server corresponding to data extracted from the called vulnerability search database;
  
  optimizing the results of the potential vulnerability search;
  
  checking the vulnerabilities of the administrating web server corresponding to the optimized results; and
  
  making a detailed report on the results of the vulnerability check of the administrating web server.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The method according to claim 10, wherein the vulnerability examination schedule is determined corresponding to a vulnerability examination schedule received from an external administrating server.
  - 12. The method according to claim 10, wherein the potential vulnerabilities of the administrating web server are searched using at least one search engine.
  - 13. The method according to claim 10, wherein the step of searching for potential vulnerabilities of the administrating web server is performed by searching for potential vulnerabilities that can allow abnormal access to the administrating web server, interrupt normal service of the administrating web server, or leak, modulate or delete data of the administrating web server.
  - 14. The method according to claim 10, wherein the data included in the vulnerability search database comprises a list of vulnerabilities that can be searched by an external search engine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PDXen Biosystems Co.
Original Assignee
PDXen Biosystems Co., Sltech Corp.
Inventors
PARK, Jung Gil, KIM, Min Sik

Granted Patent

US 8,353,043 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

H04L 63/1433 Vulnerability analysis

WEB FIREWALL AND METHOD FOR AUTOMATICALLY CHECKING WEB SERVER FOR VULNERABILITIES

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

WEB FIREWALL AND METHOD FOR AUTOMATICALLY CHECKING WEB SERVER FOR VULNERABILITIES

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links