Claim Rejections - 35 USC § 102

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-9, 11-16, 18, and 19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Sima [ US Patent Application No 2005/0132232 ].

2.	As per claim 1, Sima discloses the invention as claimed including a system configured for conducting security penetration testing [ i.e. tests web application for various known vulnerabilities ] [ paragraph 0024 ], the system comprising:
	one or more hardware processors configured by machine-readable instructions to:
	record, via a security extension of a web browser [ i.e. user interaction recorder (UIR) may be implemented on the same client as browser plug-in ] [ paragraph 0028 ], a user interface workflow [ i.e. recording browser/web server communications ] [ Figure 8; and paragraphs 0025, and 0034 ];
	generate, via the security extension, a test script that represents the user interface workflow [ i.e. UIR for recording browser/web server communications, and even sequence for communications ] [ Figure 8; and paragraphs 0034-0046 ];
	execute the test script in an application using a proxy port [ 302, Figure 3 ], wherein executing the test script recreates the user interface workflow [ i.e. user interaction playback module automatically repeat user interactions ] [ 206, Figure 2; Figure 11; and paragraphs 0053-0073 ];
	simulate a cyber-attack against the user interface workflow recreated by executing the test script in the application [ i.e. the web application assessment system simulates/performs browser interactions corresponding to vulnerabilities in the web application] [ paragraphs 0024, and 0026 ];
	identify a security vulnerability based on the cyber-attack [ i.e. identify security issues ]; and generate a security report that identifies the security vulnerability [ i.e. correlate the results and present them in an easy to understand format via reporting interface ] [ paragraphs 0003, 0005, and 0029 ].
	
3.	As per claim 2, Sima discloses wherein the one or more hardware processors are further configured by machine-readable instructions to schedule execution of the test script in the
Application [ i.e. operator select which type of assessment to run ] [ paragraphs 0026, and 0029 ].

4.	As per claim 3, Sima discloses wherein the one or more hardware processors are further configured by machine-readable instructions to automatically populate a database with the security report [ i.e. data store ] [ 508, Figure 5; and paragraph 0029 ].

5,	As per claim 4, Sima discloses wherein the one or more hardware processors are further configured by machine-readable instructions to load the security extension in the web browser [ i.e.browser plug-in ] [ paragraph 0028 ].

6.	As per claim 5, Sima discloses wherein the one or more hardware processors are further configured by machine-readable instructions to enable the security extension that is loaded in the web browser using one or more parameters [ Figure 7; and paragraphs 0032, and 0033 ].

7.	As per claim 6, Sima discloses wherein executing the test script in the application using the proxy port further comprises generating a plurality of threads in the application, wherein each of the plurality of threads corresponds to a copy of the test script [ i.e. assessment agent to perform assessment ] [ 112, Figure 4; and paragraphs 0025, and 0029 ].

8.	As per claim 7, Sima discloses wherein executing the test script in the application using the proxy port further comprises asynchronously executing the plurality of threads in the application [ i.e. execute agent ] [ paragraphs 0025, and 0029 ].

9.	As per claim 8, Sima discloses wherein simulating the cyber-attack against the user interface workflow recreated by executing the test script within the application comprises intercepting traffic generated from the test script based on execution of the test script [ paragraph 0029 ].

10.	As per claim 9, Sima discloses wherein simulating the cyber-attack against the user interface workflow recreated by executing the test script within the application comprises crawling the test script to locate one or more URLs [ Figure 12; and paragraph 00074 ].

11.	As per claim 11, Sima discloses wherein simulating the cyber-attack against the user interface workflow recreated by executing the test script within the application comprises
scanning one or more URLs in the test script [ paragraph 0074 ].

12.	As per claim 12, it is rejected for similar reasons as stated above in claim 1.

13.	As per claims 13-16, they are rejected for similar reasons as stated above in claims 6-9.

14.	As per claim 18, it is rejected for similar reasons as stated above in claim 11.

15.	As per claim 19, it is rejected for similar reasons as stated above in claim 1.

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

16.	Claims 10, 17, and 20 are rejected under 35 U.S.C. 103(a) as being unpatentable over Sima [ US Patent Application No 2005/0132232 ], in view of Robinson [ US Patent Application No 2021/0334395 ].

17.	As per claim 10, Sima does not specifically disclose spidering one or more URLs in the test script.  Robinson discloses spidering one or more URLs in the test script [ paragraph 0096 ].  It would have been obvious to a person skill in the art before the effective filing date of the claimed invention to combine the teaching of Sima and Robinson because the teaching of Robinson would enable to provide an improved system and method to identify the need for implementing and testing security protections in computer software [ Robinson, paragraph 0018 ].

18.	As per claim 17, it is rejected for similar reasons as stated above in claim 10.

19.	As per claim 20, it is rejected for similar reasons as stated above in claim 9-11.

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to DUSTIN NGUYEN whose telephone number is (571)272-3971. The examiner can normally be reached Monday-Friday 9-6 PST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Brian Gillis can be reached on 571-2727952. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DUSTIN NGUYEN/Primary Examiner, Art Unit 2446