Patent · US Active

System, method and program product for detecting SQL queries injected into data fields of requests made to applications

US8010522B2 · kind B2 · utility

5Cited by

2References

18Claims

0Family size

Assignee

International Business Machines Corporation · US

Inventors

David Dewey · Milton, US
David Charles Means · Woodstock, US

Key dates

Filing date	Dec 7, 2007
Grant date	Aug 30, 2011
Priority date	—
Expiry date	Apr 13, 2029

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/562
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

System, method and program product for detecting a malicious SQL query in a parameter value field of a request. The parameter value field is searched for query operands, characters and/or symbols and combinations of query operands, characters and/or symbols indicative of malicious SQL injection. A respective score assigned to each of the query operands, characters and/or symbols or combinations of query operands, characters and/or symbols found in the parameter value field is added to yield a total score for at least two of the query operands, characters and/or symbols or combinations of query operands, characters and/or symbols found in the parameter value field. Responsive to the total score exceeding a threshold, the request is blocked.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.