Patent · US Active

Database query injection detection and prevention

US10404744B2 · kind B2 · utility

4Cited by

3References

20Claims

0Family size

Assignee

MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

Yosef Dinerstein · Haifa, IL
Oren Yossef · Bellevue, US
Tomer Weisberg · Haifa, IL
Assaf Akrabi · Haifa, IL
Tomer Rotstein · Haifa, IL

Key dates

Filing date	Sep 20, 2016
Grant date	Sep 3, 2019
Priority date	—
Expiry date	Dec 2, 2037

Classification

Technology area (CPC G)Physics
CPC primaryG06F16/24
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Computer systems, devices, and associated methods of detecting and/or preventing injection attacks in databases are disclosed herein. In one embodiment, a method includes determining whether parsing a database statement received from an application on the application server cause a syntax error in a database. In response to determining that parsing the received database statement does not cause a syntax error, determining whether an identical syntactic pattern already exists. In response to determining that an identical syntactic pattern already exists in the database, the method includes indicating that the received database statement does not involve an injection attack.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.