Patent · US Revoked

Mechanism to detect and analyze SQL injection threats

US7752177B2 · kind B2 · utility

0Cited by

2References

37Claims

0Family size

Assignee

Oracle International Corporation · US

Inventors

Dmitri Bronnikov · Foster City, US
Charles Wetherell · Palo Alto, US

Key dates

Filing date	Mar 16, 2005
Grant date	Jul 6, 2010
Priority date	—
Expiry date	Mar 2, 2028

Classification

Technology area (CPC —)General

Abstract

A vulnerability analysis tool is provided for identifying SQL injection threats. The tool is able to take advantage of the fact that the code for many database applications is located in modules stored within a database. The tool constructs a data flow graph based on all, or a specified subset, of the application code within the database. The tool identifies, within the data flow graph, the nodes that represent values used to construct SQL commands. Paths to those nodes are analyzed to determine whether any SQL injection threats exist.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.