Data processing: database and file management or data structures – Data integrity – Checking consistency
Reexamination Certificate
2005-03-16
2010-12-28
Vital, Pierre M (Department: 2156)
Data processing: database and file management or data structures
Data integrity
Checking consistency
C726S025000
Reexamination Certificate
active
07860842
ABSTRACT:
A vulnerability analysis tool is provided for identifying SQL injection threats. The tool is able to take advantage of the fact that the code for many database applications is located in modules stored within a database. The tool constructs a data flow graph based on all, or a specified subset, of the application code within the database. The tool identifies, within the data flow graph, the nodes that represent values used to construct SQL commands. Paths to those nodes are analyzed to determine whether any SQL injection threats exist.
REFERENCES:
patent: 5875334 (1999-02-01), Chow et al.
patent: 5987455 (1999-11-01), Cochrane et al.
patent: 7444331 (2008-10-01), Nachenberg et al.
patent: 7568229 (2009-07-01), Nachenberg et al.
patent: 7702642 (2010-04-01), Wolfman et al.
patent: 2003/0093410 (2003-05-01), Couch et al.
patent: 2005/0027981 (2005-02-01), Baum-Waidner et al.
patent: 2005/0055565 (2005-03-01), Fournet et al.
patent: 2005/0203921 (2005-09-01), Newman et al.
patent: 2006/0004863 (2006-01-01), Chan et al.
patent: 2006/0031933 (2006-02-01), Costa et al.
SQLrand: Preventing SQL Injection Attacks, ACNS 2004, LNCS 3089, pp. 292-302, Boyd et al.
A graphical data flow language for retrieval, analysis, and visualization of scientific database, Journal of visual languages and computing (1996) 7, pp. 247-265, Dogru et al.
Architectures for intrusion tolerant database system, Proceedings of the 18th annual computer security application conference (ACSAC'02), Liu.
Static Checking of dynamically generated queries in database applications, Proceedings of the 26th International Conference on Software Engineering (ICSE'04), Gould et al.
A dataflow database machine, Lubomir et al, ACM Transactionson Database Systems, vol. 14, No. 1, Mar. 1989, pp. 114-146.
SQL rand: Preventing SQL injection attacks, Boyd et al, ACNS 2004, LNCS 3089, pp. 292-302, 2004.
Huang, Y. et al., “Securing Web Application Code by Static Analysis and Runtime Protection”WWW(2004) pp. 40-52.
Wasserman, G. et al. “Sound and Precise Analysis of Web Applications for Injection Vulnerabilities” (Jun. 2007)ACM, 10 pages.
Bronnikov Dmitri
Wetherell Charles
Hickman Palermo & Truong & Becker LLP
Obisesan Augustine
Oracle International Corporation
Vital Pierre M
LandOfFree
Mechanism to detect and analyze SQL injection threats does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Mechanism to detect and analyze SQL injection threats, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Mechanism to detect and analyze SQL injection threats will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4202411