Patent · US Active

Mechanism to detect and analyze SQL injection threats

US7860842B2 · kind B2 · utility

18Cited by

5References

36Claims

0Family size

Assignee

Oracle International Corporation · US

Inventors

Dmitri Bronnikov · Foster City, US
Charles Wetherell · Palo Alto, US

Key dates

Filing date	Mar 16, 2005
Grant date	Dec 28, 2010
Priority date	—
Expiry date	Apr 3, 2028

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/577
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A vulnerability analysis tool is provided for identifying SQL injection threats. The tool is able to take advantage of the fact that the code for many database applications is located in modules stored within a database. The tool constructs a data flow graph based on all, or a specified subset, of the application code within the database. The tool identifies, within the data flow graph, the nodes that represent values used to construct SQL commands. Paths to those nodes are analyzed to determine whether any SQL injection threats exist.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.