DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Allowable Subject Matter
Claims 1-20 are allowed.
The following is a statement of reasons for the indication of allowable subject matter:  
Regarding claim 1 and its dependents, the art of record either alone or in combination fails to particular disclose or suggest the claim when considered as whole and particularly the concept of claim limitation “retrieve a centralized web-server log file associated with a web application; analyze each hyper-text transfer protocol (“HTTP”) log entry comprised in the centralized web-server log file, each HTTP log entry comprising an endpoint, the endpoint being a uniform resource locator (“URL”) path correlating to a location within the web application; based on the analysis, identify each endpoint included in the web application; and generate a first web application site-map based on each identified
endpoint; a web application attack tool configured to simulate a malicious attack, the simulating comprising: logging into the web application via an accredited user ID; and crawling each endpoint within the web application enabled to be accessed via the accredited user ID to identify one or more weak points and security bugs within the web application; the web application attack tool further configured to, based on the crawling, generate a second web application site-map comprising each crawled endpoint; and a data integration tool configured to: determine one or more endpoints within the web application non- assessed by the web application attack tool by identifying one or more endpoints in the first web application site-map absent from the second web application site-map.”


As to the art of record, Leshem et al. reference discloses the concept of a website analysis tool provides a variety of features for facilitating the analysis and management of websites. However, Leshem et al. does not teach with respect to the entire or combination claim limitation stated as above.
As to the art of record, Kang reference discloses the concept of a security system monitoring communications between general systems to generate logs according to a predetermined rule and store the same in a log databases.  However, Kang does not teach with respect to the entire or combination claim limitation stated as above.
Regarding claim 14 and its dependents, the art of record either alone or in combination fails to particular disclose or suggest the claim when considered as whole and particularly the concept of claim limitation “following the filtering, for each of the production web HTTP log entries, using the associated server response code to categorize the production web HTTP log entries as either a valid production web HTTP log entry or an invalid production web HTTP log entry; extracting each valid production web HTTP log entry to generate a first site- map comprising each of the valid production web HTTP log entries; 
receiving a web attack tool log file associated with a pre-production web application, the web attack tool data file comprising pre-production web HTTP log entries, each pre-production web HTTP log entry comprising a URL path of a location within a pre- production version of the web application and an associated server response code, each URL path being a location on the web application assessed for security vulnerabilities by the web attack tool;
filtering, the web attack tool log file, the filtering comprising: identifying duplicate URL paths;
counting the duplicate URL paths; determining, based on the counting, a total count of the duplicate
URL paths; maintaining one of each duplicate URL paths; and deleting the total count minus one of each identified duplicate URL path; for each of the pre-production web HTTP log entries, using the associated
server response code to categorize the pre-production web HTTP log entries as either a
valid pre-production web HTTP log entry or an invalid pre-production web HTTP log entry; extracting each valid pre-production web HTTP log entry to generate a second site-map comprising each of the valid pre-production web HTTP log entries; identifying and storing in a first data set, one or more production web HTTP log entries from the first site-map not found in the second site-map; identifying and storing in a second data set, one or more pre-production web HTTP log entries from the second site-map not found in the first site-map; and generating a web application footprint listing all of the valid production web HTTP log entries and all of the valid pre-production web HTTP log entries.”
As to the art of record, Lee et al. reference discloses the concept of a system to detect the security test for website system application. However, Lee et al. does not teach with respect to the entire or combination claim limitation stated as above.

As to the art of record, Kang reference discloses the concept of a security system monitoring communications between general systems to generate logs according to a predetermined rule and store the same in a log databases.  However, Kang does not teach with respect to the entire or combination claim limitation stated as above.
Regarding claim 3 and its dependents, the art of record either alone or in combination fails to particular disclose or suggest the claim when considered as whole and particularly the concept of claim limitation “analyzing each hyper-text transfer protocol (“HTTP”) log entry comprised in a centralized web server log file of a web application, each HTTP log entry comprising an endpoint, the endpoint being a uniform resource locator (“URL”) path correlating to a location on the web application; based on the analysis, identify each endpoint included in the web application; and generate a first web application site-map based on each identified endpoint; 
determining one or more endpoints on the first web application site map absent from a second web application site map, the second web application site map comprising each crawled endpoint within the web application identified via a crawling of the web application by a web application attack tool for identifying security vulnerabilities.”
As to the art of record, Lee et al. reference discloses the concept of a system to detect the security test for website system application. However, Lee et al. does not teach with respect to the entire or combination claim limitation stated as above.
As to the art of record, Leshem et al. reference discloses the concept of a website analysis tool provides a variety of features for facilitating the analysis and management of websites. However, Leshem et al. does not teach with respect to the entire or combination claim limitation stated as above.
.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CAI Y CHEN whose telephone number is (571)270-5679. The examiner can normally be reached 8:30 AM -4:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Brian Pendleton can be reached on 571-272-7527. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.