DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 08/23/2022 has been entered.
 
Response to Amendment
The Amendment filed on 08/10/2022 has been entered. 
Claims 1, 15 and 26-29 are amended.
Claims 1-29 are pending of which claims 1, 15 and 26-29 are independent claims.

Response to Arguments
Applicant’s arguments with respect to claims 1-29 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 15 and 26-29 are rejected under 35 U.S.C. 103 as being unpatentable over Palapudi et al. (Pub. No.: US 2007/0174324, hereinafter Palapudi) in view of Zhou et al. (Pub. No.: US 2013/0276126, hereinafter Zhou).
Regarding claim 1: Palapudi discloses A method of facilitating remediation of one or more vulnerabilities detected in a web application, the method comprising:
for each vulnerability of the one or more detected vulnerabilities, navigating to a respective web page that contains the vulnerability based on the received information, the respective web page having been determined to contain the vulnerability prior to receiving the information; (Palapudi - [0077]: When a client device, such as client device 490, sends a request to the Website 430 for a particular Web page 432, the request handler 410 receives the request and passes the request to the obsolete reference correction agent 420. The obsolete reference correction agent 420 retrieves the requested Web page 432 via the file system 480 and information for the requested Web page 432 from a corresponding entry in the indexed data structure 452. [0080]: by way of the index data structure 452 and the Website reference monitor 460, references to invalid or obsolete Web page content may be identified); and
snapping directly to the vulnerability within the respective web page based on the received information (Palapudi - [0080]: automatically corrected so as to avoid having a user access a obsolete reference or the wrong Web page content. In addition, these mechanisms may reduce the network traffic by marking the obsolete or invalid references, or removing the obsolete or invalid references, such that they are not rendered by a Web browser of a client device 490 or otherwise rendered such that they are not selectable by a user).
However Palapudi doesn’t explicitly teach, but Zhou discloses:
receiving information associated with the one or more detected vulnerabilities based on at least one remote vulnerability scan of a web application implemented within one or more web pages of a web site by one or more scanning agents (Zhou - [0020]: The website scanning apparatus 100 comprises a link processing component 140, which receives from the link-to-be-processed memory 110 a link to be processed for processing. In particular, the link processing component 140 judges whether the web page content corresponding to the link to be processed has been changed. If the web page content has been changed, the web page that has been changed is sent to a vulnerability detecting component 160 for performing a vulnerability detection. [0025]: The vulnerability detecting component may utilize any security vulnerability detecting technology in the art to perform a vulnerability detection on the web page, thereby obtaining the result of vulnerability detection);
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Palapudi with Zhou so that the webpage is scanned for detecting a vulnerability. The modification would have allowed the system to increase web page security. 
Regarding claim 15: this claim describes a method of counterpart of the method of claim 1. The steps in the method are symmetric with the steps in claim 1. Therefore, claim 15 is rejected with the same rational as in the rejection of claim 1. 
Regarding claim 26: Claims are directed to apparatus/device claims and do not teach or further define over the limitations recited in claim 1. Therefore, claim 26 is also rejected the same rational as in the rejection of claim 1. Furthermore, Palapudi in Fig. 4 discloses a memory and at least one processor.
Regarding claim 27: Claims are directed to apparatus/device claims and do not teach or further define over the limitations recited in claim 15. Therefore, claim 27 is also rejected the same rational as in the rejection of claim 15. Furthermore, Palapudi in Fig. 4 discloses a memory and at least one processor.
Regarding claim 28: this claim defines a computer readable medium claim that corresponds to system claim 1 and does not define beyond limitations of claim 1. Therefore, claim 28 is rejected with the same rational as in the rejection of claim 1. Furthermore, Palapudi in Fig. 4 discloses computer readable storage medium where the storage medium executes instructions from a processor.
Regarding claim 29: this claim defines a computer readable medium claim that corresponds to system claim 1 and does not define beyond limitations of claim 15. Therefore, claim 29 is rejected with the same rational as in the rejection of claim 15. Furthermore, Palapudi in Fig. 4 discloses computer readable storage medium where the storage medium executes instructions from a processor.

Claims 2-7, 10-13 and 24 are rejected under 35 U.S.C. 103 as being unpatentable over Palapudi et al. (Pub. No.: US 2007/0174324, hereinafter Palapudi) in view of Zhou et al. (Pub. No.: US 2013/0276126, hereinafter Zhou) and Hunt et al. (Pub. No.: US 2017/0308513, hereinafter Hunt).
Regarding claim 2: Palapudi as modified doesn’t explicitly teach but Hunt discloses wherein for each vulnerability of the one or more detected vulnerabilities, the method further comprises:
visually highlighting the vulnerability directly within the respective web page (Hunt - [0115]: one or more rows or attributes in a row may be presented in a manner (e.g., using audio, graphics, or video) so as to highlight vulnerabilities or issues related to web frameworks and/or web components).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Palapudi and Zhou with Hunt so that the vulnerability related to web component is highlighted. The modification would have allowed the system to visually identify vulnerability component. 
Regarding claim 3: Palapudi as modified doesn’t explicitly teach but Hunt discloses further comprising:
selecting a vulnerability of the one or more detected vulnerabilities as a selected vulnerability (Hunt - [0114]: Graphical interface 400 may include an interactive element 402 that is interactive to select to view components identified in a document); and
providing an inline feedback on the selected vulnerability (Hunt - [0113]: An interactive element may receive input to enable interaction with the graphical interface. In some embodiments, the graphical interfaces disclosed herein can be displayed with or in response to interaction with a graphical interface of an application or a website).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Palapudi and Zhou with Hunt so that an interactive GUI can display feedback/description on selected components. 
Regarding claim 4: Palapudi as modified discloses wherein the inline feedback comprises a description, a severity, a solution, a plugin output, or any combination thereof of the selected vulnerability (Hunt - [0118]: Graphical interface 704 may be displayed in response to or based on interaction with graphical interface 706 included in graphical interface 700. Graphical interface 706 may be interactive to request to display attributes about a web site, including web components identified on the web site). 
The reason to combine is the same as claim 3.
Regarding claim 5: Palapudi as modified discloses wherein information of the inline feedback on the selected vulnerability is queried from a query service by providing an element selector of the selected vulnerability to the query service (Hunt - [0114]: Graphical interface 400 may include an interactive element 402 that is interactive to select to view components identified in a document. The components may be identified by network analysis system 120 for processing the document multiple times. Graphical interface 400 may include a graphical interface 404 that is interactive to view information about each component identified in a document).
The reason to combine is the same as claim 3.
Regarding claim 6: Palapudi as modified discloses wherein the element selector of the selected vulnerability provided to the query service comprises a CSS selector, an XPath selector, a Node number selector, a Name selector, an Id selector, and a LinkText selector, or any combination thereof (Hunt - [0039]: Examples of web components may include, without limitation, JavaScript, cascading style sheets (CSSs), or images). 
The reason to combine is the same as claim 3.
Regarding claim 7: Palapudi as modified discloses wherein providing the inline feedback on the selected vulnerability comprises:
providing the inline feedback on the selected vulnerability within a vulnerability box, the inline feedback displayed in the vulnerability box comprising a vulnerability ID, a vulnerability name, a vulnerability description, or any combination thereof (Hunt - [0118]: Graphical interface 704 may be displayed in response to or based on interaction with graphical interface 706 included in graphical interface 700. Fig. 7).
The reason to combine is the same as claim 3.
Regarding claim 10: Palapudi as modified discloses wherein selecting the vulnerability comprises:
determining whether a vulnerabilities button has been activated; and providing one or more vulnerability links in a vulnerability page box, the one or more vulnerability links being linked to the one or more detected vulnerabilities (Hunt - [0118]: Graphical interface 706 may be interactive to request to display attributes about a web site, including web components identified on the web site. Interaction with graphical interface 706 may cause graphical interface 704 to be included in graphical interface 700. Graphical interface 704 may provide information about a website, including information obtained from one or more third party sources. See also [0113] for button element).
The reason to combine is the same as claim 3.
Regarding claim 11: Palapudi as modified discloses wherein the vulnerabilities button is provided within a top portion of a browser interface, the top portion being unscrollable (Hunt - See Fig. 7 for list of elements on top left portion).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Palapudi and Zhou with Hunt so that list of elements/buttons is displayed on the top portion without scrolling bar. 
Regarding claim 12: Palapudi as modified discloses wherein selecting the vulnerability further comprises:
selecting a vulnerability as the selected vulnerability when a corresponding vulnerability link is activated; and navigating to a web page that contains the selected vulnerability and snapping directly to the selected vulnerability when the corresponding vulnerability link is activated such that the selected vulnerability is in view (Palapudi - [0080]: by way of the index data structure 452 and the Website reference monitor 460, references to invalid or obsolete Web page content may be identified and automatically corrected so as to avoid having a user access a obsolete reference or the wrong Web page content).
Regarding claim 13: Palapudi as modified discloses wherein providing the inline feedback on the selected vulnerability comprises:
providing the inline feedback on the selected vulnerability in a vulnerability box upon snapping to the selected vulnerability within the web page (Hunt - [0113]: An interactive element may receive input to enable interaction with the graphical interface. In some embodiments, the graphical interfaces disclosed herein can be displayed with or in response to interaction with a graphical interface of an application or a website).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Palapudi and Zhou with Hunt so that a feedback on vulnerability is displayed to prevent execution for security. 
 Regarding claim 24: Palapudi as modified discloses wherein information provided to the target device comprises one or more vulnerability links linked to the one or more detected vulnerabilities (Hunt - [0118]: Graphical interface 706 may be interactive to request to display attributes about a web site, including web components identified on the web site. Interaction with graphical interface 706 may cause graphical interface 704 to be included in graphical interface 700. Graphical interface 704 may provide information about a website, including information obtained from one or more third party sources. See also [0113] for button element).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Palapudi and Zhou with Hunt so that an interactive GUI can display feedback/description on selected components. 

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Palapudi et al. (Pub. No.: US 2007/0174324, hereinafter Palapudi) in view of Zhou et al. (Pub. No.: US 2013/0276126, hereinafter Zhou), Hunt et al. (Pub. No.: US 2017/0308513, hereinafter Hunt) and Gold et al. (Pub. No.: US 2006/0242694, hereinafter Gold).
Regarding claim 8: Palapudi as modified doesn’t explicitly teach but Gold discloses wherein providing the inline feedback on the selected vulnerability further comprises:
determining whether a remedy guidance button has been activated; and providing a remedy description corresponding to the selected vulnerability when it is determined that the remedy guidance button has been activated (Gold - [0177]: Clicking the Mitigate button 306 in user interface 300 directs a user to a mitigation plan user interface 310 (FIG. 15L) that includes details about a mitigation plan for that event).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Palapudi and Zhou with Hunt and Gold so that the details about a mitigation plan is displayed upon the mitigation button is clicked. The modification would have allowed the system to see more detail of mitigation plan. 

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Palapudi et al. (Pub. No.: US 2007/0174324, hereinafter Palapudi) in view of Zhou et al. (Pub. No.: US 2013/0276126, hereinafter Zhou) and Hunt et al. (Pub. No.: US 2017/0308513, hereinafter Hunt) and Johns (Pub. No.: US 2018/0349602).
Regarding claim 9: Palapudi as modified doesn’t explicitly teach but Johns discloses wherein providing the inline feedback on the selected vulnerability comprises:
determining whether a replay button has been activated; and replaying an attack on the selected vulnerability when it is determined that the replay button has been activated (Johns - [0070]: the initial list of CSRF candidates is filtered. As described below, this filtering may involve replaying a suspect request with authentication credentials removed, in order to discern if a same changed-state result occurs).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Palapudi and Zhou with Hunt and Johns so that the selected vulnerability is replayed. The modification would have allowed the system to recheck vulnerability after mitigation. 

Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Palapudi et al. (Pub. No.: US 2007/0174324, hereinafter Palapudi) in view of Zhou et al. (Pub. No.: US 2013/0276126, hereinafter Zhou) and Hunt et al. (Pub. No.: US 2017/0308513, hereinafter Hunt) and Costea et al. (Pub. No.: US 2006/0161988, hereinafter Costea).
Regarding claim 14: Palapudi as modified doesn’t explicitly teach but Costea discloses wherein providing the inline feedback on the selected vulnerability further comprises:
determining whether a scan launch button has been activated; and launching a scan so as to cause the one or more scanning agents to rescan the web page for vulnerabilities when it is determined that the scan launch button has been activated (Costea - [0029]: As illustrated in FIG. 2, the user interface 122 also contains a rescan button 214, …to satisfy the rescan command, the present invention (1) restores the quarantine file in accordance with the method described below with reference to FIG. 4, and (2) causes the antivirus engine 118 to scan the restored file for malware. [0024]: the user interface 122 allows a user to click buttons and generate commands).
 It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Palapudi and Zhou with Hunt and Costea so that the webpage is rescanned for detecting a vulnerability. The modification would have allowed the system to increase web page security. 

Claims 16 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Palapudi et al. (Pub. No.: US 2007/0174324, hereinafter Palapudi) in view of Zhou et al. (Pub. No.: US 2013/0276126, hereinafter Zhou) and Gold et al. (Pub. No.: US 2006/0242694, hereinafter Gold).
Regarding claim 16: Palapudi as modified doesn’t explicitly teach but Gold discloses wherein the information provided to the target device further comprises inline feedback associated with remediation of a respective vulnerability while snapped to the respective vulnerability (Gold - [0176]: When a mitigation plan is available for an event, a link 299 will appear on the event summary user interface 290, which will jump to the actions user interface 300 (FIG. 15K) where the “Mitigate” button 306 will be active).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Palapudi and Zhou with Gold so that a feedback for available mitigation plan is enabled. The modification would have allowed the system to learn more details for mitigation plan. 
Regarding claim 22: Palapudi as modified discloses wherein for at least one of the one or more detected vulnerabilities, the inline feedback comprises a remedy description to remedy the at least one detected vulnerability (Gold - [0177]: Clicking the Mitigate button 306 in user interface 300 directs a user to a mitigation plan user interface 310 (FIG. 15L) that includes details about a mitigation plan for that event).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Palapudi and Zhou with Gold so that the details about a mitigation plan is displayed upon the mitigation button is clicked. The modification would have allowed the system to see more detail of mitigation plan. 

Claims 17-21 are rejected under 35 U.S.C. 103 as being unpatentable over Palapudi et al. (Pub. No.: US 2007/0174324, hereinafter Palapudi) in view of Zhou et al. (Pub. No.: US 2013/0276126, hereinafter Zhou) and Gold et al. (Pub. No.: US 2006/0242694, hereinafter Gold) and Hunt et al. (Pub. No.: US 2017/0308513, hereinafter Hunt).
Regarding claim 17: Palapudi as modified doesn’t explicitly teach but Hunt discloses wherein for at least one of the one or more detected vulnerabilities, the inline feedback comprises a description, a severity, a solution, a plugin output, or any combination thereof of the respective vulnerability (Hunt - [0118]: Graphical interface 704 may be displayed in response to or based on interaction with graphical interface 706 included in graphical interface 700. Graphical interface 706 may be interactive to request to display attributes about a web site, including web components identified on the web site).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Palapudi and Zhou with Gold and Hunt so that an interactive GUI can display a description on selected components. 
Regarding claim 18: Palapudi as modified doesn’t explicitly teach but Hunt discloses wherein the inline feedback is provided to the target device upon receiving a query from the target device (Hunt - [0114]: The components may be identified by network analysis system 120 for processing the document multiple times. Graphical interface 400 may include a graphical interface 404 that is interactive to view information about each component identified in a document).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Palapudi and Zhou with Gold and Hunt so an interactive GUI can display a feedback on selected components. 
Regarding claim 19: Palapudi as modified discloses wherein the information provided to the target device comprises an element selector for the one or more detected vulnerabilities (Hunt - [0114]: Graphical interface 400 may include an interactive element 402 that is interactive to select to view components identified in a document. The components may be identified by network analysis system 120 for processing the document multiple times. Graphical interface 400 may include a graphical interface 404 that is interactive to view information about each component identified in a document), and
wherein the inline feedback associated with a selected vulnerability upon receiving the query that includes the element selector of the selected vulnerability, the selected vulnerability being one of the one or more detected vulnerabilities (Hunt - [0118]: Graphical interface 704 may be displayed in response to or based on interaction with graphical interface 706 included in graphical interface 700. Fig. 7).
The reason to combine is the same as claim 18.
Regarding claim 20: Palapudi as modified discloses wherein the element selector of the selected vulnerability comprises a CSS selector, an XPath selector, a Node number selector, a Name selector, an Id selector, and a LinkText selector, or any combination thereof (Hunt - [0039]: Examples of web components may include, without limitation, JavaScript, cascading style sheets (CSSs), or images).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Palapudi and Zhou with Gold and Hunt so that an CSS can be one of the web components for selection. 
Regarding claim 21: Palapudi as modified doesn’t explicitly teach but Hunt discloses wherein for at least one of the one or more detected vulnerabilities, the inline feedback comprises a vulnerability ID, a vulnerability name, a vulnerability description, or any combination thereof of the at least one detected vulnerability (Hunt - Fig. 7).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Palapudi and Zhou with Gold and Hunt so that an interactive GUI can display a description on selected components. 

Claim 23 is rejected under 35 U.S.C. 103 as being unpatentable over Palapudi et al. (Pub. No.: US 2007/0174324, hereinafter Palapudi) in view of Zhou et al. (Pub. No.: US 2013/0276126, hereinafter Zhou) and Gold et al. (Pub. No.: US 2006/0242694, hereinafter Gold) and Johns (Pub. No.: US 2018/0349602).
Regarding claim 23: Palapudi as modified doesn’t explicitly teach but Johns discloses wherein for at least one of the one or more detected vulnerabilities, the inline feedback comprises a replay script enabling the target device to replay an attack corresponding to the at least one detected vulnerability (Johns - [0070]: the initial list of CSRF candidates is filtered. As described below, this filtering may involve replaying a suspect request with authentication credentials removed, in order to discern if a same changed-state result occurs).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Palapudi and Zhou with Gold and Johns so that the selected vulnerability is replayed. The modification would have allowed the system to recheck vulnerability after mitigation. 

Claim 25 is rejected under 35 U.S.C. 103 as being unpatentable over Palapudi et al. (Pub. No.: US 2007/0174324, hereinafter Palapudi) in view of Zhou et al. (Pub. No.: US 2013/0276126, hereinafter Zhou) and Costea et al. (Pub. No.: US 2006/0161988, hereinafter Costea).
Regarding claim 25: Palapudi as modified doesn’t explicitly teach but Costea discloses wherein information provided to the target device comprises a scan script, when executed, that causes the one or more scanning agents to rescan the web page for vulnerabilities (Costea - [0029]: As illustrated in FIG. 2, the user interface 122 also contains a rescan button 214, …to satisfy the rescan command, the present invention (1) restores the quarantine file in accordance with the method described below with reference to FIG. 4, and (2) causes the antivirus engine 118 to scan the restored file for malware. [0024]: the user interface 122 allows a user to click buttons and generate commands).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Palapudi and Zhou with Costea so that the webpage isre- scanned for detecting a vulnerability. The modification would have allowed the system to increase web page security. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Paturi et al. (Pub. No.: US 2020/0351298) - Complex Application Attack Quantification, Testing, Detection and Prevention 
Ainslie et al. (Patent No.: US 9,906,553) - Personalized privacy warnings 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MENG LI whose telephone number is (571)272-8729.  The examiner can normally be reached on M-F 8:30-5:30.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Kristine Kincaid can be reached on (571) 272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8729.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MENG LI/
Primary Examiner, Art Unit 2437