System for tracking and analyzing the integrity of an application
First Claim
Patent Images
1. A method for detecting modifications in an application executing on a computer system comprising:
- connecting to the application on the computer system;
inventorying the application in order to discover a baseline inventory of existing items in the application, wherein the baseline inventory of existing items in the application includes a set of stored procedures, the set of stored procedures including user-defined stored procedures and system stored procedures, the step of inventorying comprising the step of running commands or requests in order to enumerate the items in the application;
storing the baseline inventory to persistent storage;
collecting a second inventory list of items in the application by running commands or requests in order to enumerate a second set of items in the application;
comparing the second inventory list of items with the baseline inventory of the application to determine a set of differences between them by enumerating each item in the second inventory with items in the baseline inventory, determining if any item exists in the baseline inventory but not in the second inventory, determining if any item exists in the second inventory but not in the baseline inventory, determining if any item in both the baseline inventory and the second inventory has been changed;
reporting out the set of differences between the baseline inventory and the second inventory to enable a determination of whether unauthorized activity has occurred at the application level;
determining from the set of differences between the baseline inventory and the second inventory an instance of unauthorized activity; and
authorizing or rejecting the instance of unauthorized activity.
4 Assignments
0 Petitions
Accused Products
Abstract
The invention is a method for tracking and analyzing an application for modifications and changes. The method is used to ensure the integrity of the application remains intact. The application is inventoried upon setup. The application is then subsequently re-inventoried on a regular basis. Each new inventory is examined against the original inventory to determine if any changes have taken place. When a change is detected, the change is highlighted to be approved or examined to determine the specifics of the change in order that corrective action can be taken if deemed necessary.
25 Citations
16 Claims
-
1. A method for detecting modifications in an application executing on a computer system comprising:
-
connecting to the application on the computer system; inventorying the application in order to discover a baseline inventory of existing items in the application, wherein the baseline inventory of existing items in the application includes a set of stored procedures, the set of stored procedures including user-defined stored procedures and system stored procedures, the step of inventorying comprising the step of running commands or requests in order to enumerate the items in the application; storing the baseline inventory to persistent storage; collecting a second inventory list of items in the application by running commands or requests in order to enumerate a second set of items in the application; comparing the second inventory list of items with the baseline inventory of the application to determine a set of differences between them by enumerating each item in the second inventory with items in the baseline inventory, determining if any item exists in the baseline inventory but not in the second inventory, determining if any item exists in the second inventory but not in the baseline inventory, determining if any item in both the baseline inventory and the second inventory has been changed; reporting out the set of differences between the baseline inventory and the second inventory to enable a determination of whether unauthorized activity has occurred at the application level; determining from the set of differences between the baseline inventory and the second inventory an instance of unauthorized activity; and authorizing or rejecting the instance of unauthorized activity. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for detecting unauthorized modifications in a database application executing on a computer system comprising:
-
connecting to a database; inventorying the database in order to discover a baseline inventory of existing items in the database, wherein the baseline inventory of existing items in the application includes a set of stored procedures, the set of stored procedures including user-defined stored procedures and system stored procedures, the step of inventorying comprising the step of running commands or requests in order to enumerate the items in the database; storing the baseline inventory to persistent storage; collecting a second inventory list of items in the database by running commands or requests in order to enumerate a second set of items in the database; comparing the second inventory list of items with the baseline inventory of the database to determine a set of differences between them by enumerating each item in the second inventory with items in the baseline inventory, determining if an item exists in the baseline inventory but not in the second inventory, determining if an item exists in the second inventory but not in the baseline inventory, determining if an item in both the baseline inventory and the second inventory has been changed; reporting out the set of differences between the baseline inventory and the second inventory to enable a determination of whether unauthorized activity has occurred at the application level; determining from the set of differences between the baseline inventory and the second inventory an instance of unauthorized activity; and authorizing or rejecting the instance of unauthorized activity. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method for detecting unauthorized modifications in a web application executing on a server comprising:
-
connecting to the web application on the server; inventorying the web application in order to discover a baseline inventory of existing items in the web application, wherein the baseline inventory of existing items in the application includes a set of stored procedures, the set of stored procedures including user-defined stored procedures and system stored procedures, the step of inventorying comprising the steps of crawling the web application and running commands in order to enumerate the items in the web application; storing the baseline inventory to persistent storage; collecting a second inventory list of items in the web application by crawling the web application and running commands in order to enumerate a second set of items in the web application; comparing the second inventory list of items with the baseline inventory of the web application to determine a set of differences between them by enumerating each item in the second inventory with items in the baseline inventory, determining if an item exists in the baseline inventory but not in the second inventory, determining if an item exist in the second inventory but not in the baseline inventory, determining if an item in both the baseline inventory and the second inventory has been changed; reporting out the set of differences between the baseline inventory and the second inventory to enable a determination of whether unauthorized activity has occurred; determining from the set of differences between the baseline inventory and the second inventory an instance of unauthorized activity; and authorizing or rejecting the instance of unauthorized activity. - View Dependent Claims (14, 15, 16)
-
Specification