System for tracking and analyzing the integrity of an application

US 7,805,419 B2
Filed: 07/10/2006
Issued: 09/28/2010
Est. Priority Date: 07/11/2005
Status: Active Grant

First Claim

Patent Images

1. A method for detecting modifications in an application executing on a computer system comprising:

connecting to the application on the computer system;

inventorying the application in order to discover a baseline inventory of existing items in the application, wherein the baseline inventory of existing items in the application includes a set of stored procedures, the set of stored procedures including user-defined stored procedures and system stored procedures, the step of inventorying comprising the step of running commands or requests in order to enumerate the items in the application;

storing the baseline inventory to persistent storage;

collecting a second inventory list of items in the application by running commands or requests in order to enumerate a second set of items in the application;

comparing the second inventory list of items with the baseline inventory of the application to determine a set of differences between them by enumerating each item in the second inventory with items in the baseline inventory, determining if any item exists in the baseline inventory but not in the second inventory, determining if any item exists in the second inventory but not in the baseline inventory, determining if any item in both the baseline inventory and the second inventory has been changed;

reporting out the set of differences between the baseline inventory and the second inventory to enable a determination of whether unauthorized activity has occurred at the application level;

determining from the set of differences between the baseline inventory and the second inventory an instance of unauthorized activity; and

authorizing or rejecting the instance of unauthorized activity.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention is a method for tracking and analyzing an application for modifications and changes. The method is used to ensure the integrity of the application remains intact. The application is inventoried upon setup. The application is then subsequently re-inventoried on a regular basis. Each new inventory is examined against the original inventory to determine if any changes have taken place. When a change is detected, the change is highlighted to be approved or examined to determine the specifics of the change in order that corrective action can be taken if deemed necessary.

25 Citations

View as Search Results

16 Claims

1. A method for detecting modifications in an application executing on a computer system comprising:
- connecting to the application on the computer system;
  
  inventorying the application in order to discover a baseline inventory of existing items in the application, wherein the baseline inventory of existing items in the application includes a set of stored procedures, the set of stored procedures including user-defined stored procedures and system stored procedures, the step of inventorying comprising the step of running commands or requests in order to enumerate the items in the application;
  
  storing the baseline inventory to persistent storage;
  
  collecting a second inventory list of items in the application by running commands or requests in order to enumerate a second set of items in the application;
  
  comparing the second inventory list of items with the baseline inventory of the application to determine a set of differences between them by enumerating each item in the second inventory with items in the baseline inventory, determining if any item exists in the baseline inventory but not in the second inventory, determining if any item exists in the second inventory but not in the baseline inventory, determining if any item in both the baseline inventory and the second inventory has been changed;
  
  reporting out the set of differences between the baseline inventory and the second inventory to enable a determination of whether unauthorized activity has occurred at the application level;
  
  determining from the set of differences between the baseline inventory and the second inventory an instance of unauthorized activity; and
  
  authorizing or rejecting the instance of unauthorized activity.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method according to claim 1, further comprising the steps of:
    - updating the baseline inventory with an item from the second inventory;
      
      removing the item from the baseline inventory if it no longer exists in the second inventory;
      
      adding the item to the baseline inventory if it is not in the baseline inventory and it exists in the second inventory.
  - 3. The method according to claim 1, further comprising the step of recording the set of differences in persistent storage.
  - 4. The method according to claim 1, wherein the item is a set of objects including tables, views, stored procedures and triggers.
  - 5. The method according to claim 1, wherein the item is a group of settings including configuration options, permission settings and system parameters.
  - 6. The method according to claim 1, wherein the item is a set of values including a string value, a numeric data value stored in a table and a binary data value stored in the table.

7. A method for detecting unauthorized modifications in a database application executing on a computer system comprising:
- connecting to a database;
  
  inventorying the database in order to discover a baseline inventory of existing items in the database, wherein the baseline inventory of existing items in the application includes a set of stored procedures, the set of stored procedures including user-defined stored procedures and system stored procedures, the step of inventorying comprising the step of running commands or requests in order to enumerate the items in the database;
  
  storing the baseline inventory to persistent storage;
  
  collecting a second inventory list of items in the database by running commands or requests in order to enumerate a second set of items in the database;
  
  comparing the second inventory list of items with the baseline inventory of the database to determine a set of differences between them by enumerating each item in the second inventory with items in the baseline inventory, determining if an item exists in the baseline inventory but not in the second inventory, determining if an item exists in the second inventory but not in the baseline inventory, determining if an item in both the baseline inventory and the second inventory has been changed;
  
  reporting out the set of differences between the baseline inventory and the second inventory to enable a determination of whether unauthorized activity has occurred at the application level;
  
  determining from the set of differences between the baseline inventory and the second inventory an instance of unauthorized activity; and
  
  authorizing or rejecting the instance of unauthorized activity.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method according to claim 7, further comprising the steps of:
    - updating the baseline inventory with an item from the second inventory;
      
      removing the item from the baseline inventory if it no longer exists in the second inventory;
      
      adding the item to the baseline inventory if it is not in the baseline inventory and it exists in the second inventory.
  - 9. The method according to claim 7, further comprising the step of recording the set of differences in persistent storage.
  - 10. The method according to claim 7, wherein the command is a SQL statement.
  - 11. The method according to claim 7, wherein collecting the list of items includes examining a data dictionary for the database.
  - 12. The method according to claim 7, wherein collecting the list of items includes calling functions within the database to enumerate a list of configuration settings or options.

13. A method for detecting unauthorized modifications in a web application executing on a server comprising:
- connecting to the web application on the server;
  
  inventorying the web application in order to discover a baseline inventory of existing items in the web application, wherein the baseline inventory of existing items in the application includes a set of stored procedures, the set of stored procedures including user-defined stored procedures and system stored procedures, the step of inventorying comprising the steps of crawling the web application and running commands in order to enumerate the items in the web application;
  
  storing the baseline inventory to persistent storage;
  
  collecting a second inventory list of items in the web application by crawling the web application and running commands in order to enumerate a second set of items in the web application;
  
  comparing the second inventory list of items with the baseline inventory of the web application to determine a set of differences between them by enumerating each item in the second inventory with items in the baseline inventory, determining if an item exists in the baseline inventory but not in the second inventory, determining if an item exist in the second inventory but not in the baseline inventory, determining if an item in both the baseline inventory and the second inventory has been changed;
  
  reporting out the set of differences between the baseline inventory and the second inventory to enable a determination of whether unauthorized activity has occurred;
  
  determining from the set of differences between the baseline inventory and the second inventory an instance of unauthorized activity; and
  
  authorizing or rejecting the instance of unauthorized activity.
- View Dependent Claims (14, 15, 16)
- - 14. The method according to claim 13, further comprising the steps of:
    - updating the baseline inventory with an item from the second inventory;
      
      removing the item from the baseline inventory if it no longer exists in the second inventory;
      
      adding the item to the baseline inventory if it is not in the baseline inventory and it exists in the second inventory.
  - 15. The method according to claim 13, wherein the step of crawling the web application includes the step of actuating a web interface.
  - 16. The method according to claim 13, further comprising the step of recording the set of differences in persistent storage.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trustwave Holdings Incorporated (Singapore Telecommunications Limited)
Original Assignee
Application Security Incorporated (Singapore Telecommunications Limited)
Inventors
Newman, Aaron Charles
Primary Examiner(s)
Trujillo; James
Assistant Examiner(s)
Casanova; Jorge A

Application Number

US11/483,505
Publication Number

US 20070022480A1
Time in Patent Office

1,541 Days
Field of Search

707/203, 707/999.203, 707/695, 726 22- 26
US Class Current

707/695
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

G06F 21/64 Protecting data integrity, ...

System for tracking and analyzing the integrity of an application

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

System for tracking and analyzing the integrity of an application

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links