Fuzzing system and method for exhaustive security fuzzing within an SQL server
First Claim
Patent Images
1. A computer implemented system comprising the following computer executable components:
- a processor; and
a memory component communicatively coupled to the processor, the memory component having stored therein computer-executable instructions that when executed by the processor cause the processor to implement;
a fuzzing system that receives a structured query language (SQL) statement, wherein the SQL statement includes actual grammar associated with the SQL statement and explicit user specified parameters associated with penetration testing of an SQL server; and
a parsing component as part of the SQL server that separates the explicit user specified parameters from the actual grammar associated with the SQL statement, wherein the parsing component mitigates parsing errors by replacing the explicit user specified parameters with fuzz values generated within the SQL server that maintain conformance to syntactically correct SQL statements.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods that incorporate fuzzing capabilities within an SQL server to facilitate penetration testing. A fuzzing component associated with the SQL server provides an entry point for accessing the fuzzing system to update explicit user specified parameters associated with SQL, wherein the server'"'"'s in depth knowledge regarding semantics of the language code (e.g., manner of parsing) can be employed to determine vulnerabilities thereof.
-
Citations
19 Claims
-
1. A computer implemented system comprising the following computer executable components:
-
a processor; and a memory component communicatively coupled to the processor, the memory component having stored therein computer-executable instructions that when executed by the processor cause the processor to implement; a fuzzing system that receives a structured query language (SQL) statement, wherein the SQL statement includes actual grammar associated with the SQL statement and explicit user specified parameters associated with penetration testing of an SQL server; and a parsing component as part of the SQL server that separates the explicit user specified parameters from the actual grammar associated with the SQL statement, wherein the parsing component mitigates parsing errors by replacing the explicit user specified parameters with fuzz values generated within the SQL server that maintain conformance to syntactically correct SQL statements. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer implemented method comprising the following computer executable acts:
employing a processor to execute computer executable instructions stored on a computer readable storage medium to implement the following acts; receiving a structured query language (SQL) statement, wherein the SQL statement includes actual grammar associated with the SQL statement and explicit user specified parameters; separating the explicit user specified parameters from the actual grammar associated with the SQL statement; and mitigating parsing errors by replacing the explicit user specified parameters with fuzz values created within an SQL server, wherein the fuzz values created within the SQL server maintain conformance to syntactically correct SQL statements. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
-
19. A computer-readable storage medium comprising:
computer-readable instructions, the computer-readable instructions including instructions for causing at least one processor to perform the following acts; receiving a structured query language (SQL) statement, wherein the SQL statement includes actual grammar associated with the SQL statement and explicit user specified parameters; separating the explicit user specified parameters from the actual grammar associated with the SQL statement; and mitigating parsing errors by replacing the explicit user specified parameters with fuzz values created within an SQL server, wherein the fuzz values created within the SQL server maintain conformance to syntactically correct SQL statement.
Specification