Patent · US Active

Database query injection detection and prevention

US11057424B2 · kind B2 · utility

0Cited by

3References

20Claims

0Family size

Assignee

MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

Yosef Dinerstein · Haifa, IL
Oren Yossef · Bellevue, US
Tomer Weisberg · Haifa, IL
Assaf Akrabi · Haifa, IL
Tomer Rotstein · Haifa, IL

Key dates

Filing date	Jul 19, 2019
Grant date	Jul 6, 2021
Priority date	—
Expiry date	Sep 9, 2039

Classification

Technology area (CPC G)Physics
CPC primaryG06F16/24
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Computer systems, devices, and associated methods of detecting and/or preventing injection attacks in databases are disclosed herein. In one embodiment, a method includes determining whether parsing a database statement received from an application on the application server cause a syntax error in a database. In response to determining that parsing the received database statement does not cause a syntax error, determining whether an identical syntactic pattern already exists. In response to determining that an identical syntactic pattern already exists in the database, the method includes indicating that the received database statement does not involve an injection attack.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.