Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
Applicant's submission filed on 8/17/2021 has been entered.  Claims 1, 3-8, 10-14 and 16-18 are pending.
 Response to Arguments
Applicant's arguments filed 8/17/2021 have been fully considered but they are not persuasive.
On pages 8-10 of the Remarks, the Applicants argue that Maor does not discloses “a request message requesting that a final attack string be provided.” 
In response, the Examiner respectfully disagrees and submits that Maor discloses a method and a system for detecting one or more security vulnerabilities of a tested application, such as SQL injection and XSS, by monitoring profiling and/or debugging data that is generated at runtime as a reactions to tampered messages.  Maor discloses a runtime testing system including a testing unit 105, which corresponds to the claimed “dynamic analyzer”, and a network interface 106 that includes any type of HTTP client/server generating HTTP requests (FIG. 1-2, ¶ [0065]).  Maor discloses when performing client/server testing, a tester utilizes such a client to emulate the client requests, modifies them with attack vectors and the runtime analyzer analyzes the code execution in the tested web application (FIG. 2, ¶ [0066]). In other words, Maor discloses that the testing unit requests the HTTP client generating a testing client request or instructing the HTTP client providing an attack vector in a client request to   
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 8/17/2021 is being considered by the examiner.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1, 3-8, 10-14 and 16-18 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Maor et al. (US 2012/0260344 hereinafter Maor).
Regarding Claim 1, Maor discloses an operation method of a dynamic analyzer for analyzing an execution state of a web application, the operation method comprising: 
transmitting, to the server, a request message requesting that the final attack string be provided, wherein a response message is received in response to the request 
receiving, from the server, the response message including a final attack string having a parameter that indicates a specific operation to be executed through the web application (FIG. 1-3, ¶ [0006], [0058], [0066]-[0068], [0084]-[0085]; i.e. receiving a modified message to test a web application responding to certain attack such as SQL injection); 
analyzing an execution state of the web application based on the final attack string (FIG. 1-3, ¶ [0070]-[0071], [0080], [0096]-[0097]; i.e. analyzing the responses from the tested application including the code behavior or output behavior); and 
determining whether the final attack string is filtered out by the web application on the basis of a result of the analysis on the execution state of the web application (FIG. 1-3, ¶ [0080], [0085], [0095]-[0097]; i.e. determining whether the testing forms of attack are not blocked and/or filtered by the execution of the web application),
wherein the final attack string is generated to avoid a filtering logic that is designed to filter out a raw attack string including a predetermined parameter (FIG. 1-3, ¶ [0080], [0085], [0095]-[0097]).
Regarding Claim 3, Maor discloses the operation method of claim 1, wherein the determining of whether the final attack string is filtered out by the web application includes determining that the final attack string is not filtered out by the web application when the specific operation indicated by the final attack string is executed through the web application (¶ [0095]-[0097]).

Regarding Claim 5, Maor discloses the operation method of claim 1, wherein the final attack string further includes a uniform resource locator (URL) address (¶ [0130]).
Regarding Claim 6, Maor discloses the operation method of claim 1, wherein the specific operation to be executed through the web application includes at least one of a distributed denial of service (DDoS) attack operation, a cross site scripting phishing (XSS) attack operation, an advanced persistent threat (APT) attack operation, a password cracking attack operation, a keylogging attack operation, a spoofing attack operation, and a rootkit attack operation (¶ [0006]).
Regarding Claim 7, Maor discloses an operation method of a server that generates a final attack string, the operation method comprising: 
receiving, from a static analyzer, a first response message including a policy to avoid a filtering logic that is designed to filter out a raw attack string including a predetermined parameter (FIG. 1-3, ¶ [0006], [0058], [0066]-[0068], [0084]-[0085], [0096]; i.e. receiving testing rules to test a web application responding to certain attack such as SQL injection); 
generating the final attack string including a modified parameter that indicates a specific operation to be executed through the web application such that the final attack string avoids the filtering logic (FIG. 1-3, ¶ [0006], [0058], [0066]-[0068], [0084]-[0085], 
receiving, from a dynamic analyzer, a second request message requesting that the final attack string be provided, wherein the second response message is transmitted in response to the second request message (¶ [0084]-[0087]); and 
transmitting a second response message including the final attack string to the dynamic analyzer (FIG. 1-3, ¶ [0080], [0085]-[0087], [0095]-[0097]; i.e. transmitting the modified message to the tested application to test to determine whether the testing forms of attack are not blocked and/or filtered by the execution of the web application).
Regarding Claim 8, Maor discloses the operation method of claim 7, further comprising transmitting, to the static analyzer, a first request message requesting that a policy to avoid the filtering logic be provided, wherein the first response message is received in response to the first request message (¶ [0084]-[0087]).
Regarding Claim 10, Maor discloses the operation method of claim 7, wherein the first response message further includes a uniform resource locator (URL) address and a raw parameter that indicates a specific operation to be executed through the web application (¶ [0130]).
Regarding Claim 11, Maor discloses the operation method of claim 7, wherein the final attack string further includes a uniform resource locator (URL) address (¶ [0130]).
Regarding Claim 12, Maor discloses the operation method of claim 7, wherein the specific operation to be executed through the web application includes at least one of a distributed denial of service (DDoS) attack operation, a cross site scripting phishing 
Regarding Claim 13, Maor discloses a server for generating a final attack string, the server comprising: 
a processor (FIG. 1-3); and 
a database (FIG. 1-3) in which at least one command to be executed through the processor is stored, wherein the at least one command is executable to: 
receive a first response message including a policy to avoid a filtering logic that is designed to filter out a raw attack string including a predetermined parameter from a static analyzer (FIG. 1-3, ¶ [0006], [0058], [0066]-[0068], [0084]-[0085], [0096]; i.e. receiving testing rules to test a web application responding to certain attack such as SQL injection); 
generate the final attack string including a modified parameter that indicates a specific operation to be executed through a web application such that the final attack string avoids the filtering logic (FIG. 1-3, ¶ [0006], [0058], [0066]-[0068], [0084]-[0085], [0096]; i.e. modifying message to test a web application responding to certain attack such as SQL injection); 
receive, from the dynamic analyzer, a second request message requesting that the final attack string be provided, wherein the second response message is transmitted in response to the second request message (¶ [0084]-[0087]); and 
transmit the second response message including the final attack string to the dynamic analyzer (FIG. 1-3, ¶ [0080], [0085]-[0087], [0095]-[0097]; i.e. transmitting the 
Regarding Claim 14, Maor discloses the server of claim 13, wherein the at least one command is further executable to transmit, to the static analyzer, a first request message requesting that the policy to avoid the filtering logic be provided, wherein the first response message is received in response to the first request message (¶ [0084]-[0087]).
Regarding Claim 16, Maor discloses the server of claim 13, wherein the first response message further includes a uniform resource locator (URL) address and a raw parameter that indicates a specific operation to be executed through the web application (¶ [0130]).
Regarding Claim 17, Maor discloses the server of claim 13, wherein the final attack string further includes a uniform resource locator (URL) address (¶ [0130]).
Regarding Claim 18, Maor discloses the server of claim 13, wherein the specific operation to be executed through the web application includes at least one of a distributed denial of service (DDoS) attack operation, a cross site scripting phishing (XSS) attack operation, an advanced persistent threat (APT) attack operation, a password cracking attack operation, a keylogging attack operation, a spoofing attack operation, and a rootkit attack operation (¶ [0006]).
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  


Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHI D NGUY whose telephone number is (571)270-7311.  The examiner can normally be reached on Monday-Friday 9-5 PT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph P Hirl can be reached on (571)272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-270-8311.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  






/C.D.N/Examiner, Art Unit 2435

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435