Invention Grant
US08010522B2 System, method and program product for detecting SQL queries injected into data fields of requests made to applications
有权
用于检测注入到应用程序的请求的数据字段中的SQL查询的系统,方法和程序产品
- Patent Title: System, method and program product for detecting SQL queries injected into data fields of requests made to applications
- Patent Title (中): 用于检测注入到应用程序的请求的数据字段中的SQL查询的系统,方法和程序产品
-
Application No.: US11952322Application Date: 2007-12-07
-
Publication No.: US08010522B2Publication Date: 2011-08-30
- Inventor: David Bryan Dewey , David Charles Means
- Applicant: David Bryan Dewey , David Charles Means
- Applicant Address: US NY Armonk
- Assignee: International Business Machines Corporation
- Current Assignee: International Business Machines Corporation
- Current Assignee Address: US NY Armonk
- Agent Arthur J. Samodovitz
- Main IPC: G06F7/00
- IPC: G06F7/00
Abstract:
System, method and program product for detecting a malicious SQL query in a parameter value field of a request. The parameter value field is searched for query operands, characters and/or symbols and combinations of query operands, characters and/or symbols indicative of malicious SQL injection. A respective score assigned to each of the query operands, characters and/or symbols or combinations of query operands, characters and/or symbols found in the parameter value field is added to yield a total score for at least two of the query operands, characters and/or symbols or combinations of query operands, characters and/or symbols found in the parameter value field. Responsive to the total score exceeding a threshold, the request is blocked.
Public/Granted literature
Information query
