Mechanism to detect and analyze SQL injection threats
First Claim
Patent Images
1. A method for detecting vulnerable sites within a database application, the method comprising:
- constructing, within a memory of a computer system, a data flow graph that reflects data flow between the value-holders that are referred to in at least a portion of the code of the database application;
automatically identifying, in the data flow graph, a set of command-formation nodes that correspond to value-holders whose values are used to form database commands that the database application may submit to a database server when the database application is executed; and
generating output, based on the data flow graph and the identified set of command-formation nodes, for use in detecting vulnerable sites within the application.
1 Assignment
0 Petitions
Accused Products
Abstract
A vulnerability analysis tool is provided for identifying SQL injection threats. The tool is able to take advantage of the fact that the code for many database applications is located in modules stored within a database. The tool constructs a data flow graph based on all, or a specified subset, of the application code within the database. The tool identifies, within the data flow graph, the nodes that represent values used to construct SQL commands. Paths to those nodes are analyzed to determine whether any SQL injection threats exist.
62 Citations
46 Claims
-
1. A method for detecting vulnerable sites within a database application, the method comprising:
-
constructing, within a memory of a computer system, a data flow graph that reflects data flow between the value-holders that are referred to in at least a portion of the code of the database application;
automatically identifying, in the data flow graph, a set of command-formation nodes that correspond to value-holders whose values are used to form database commands that the database application may submit to a database server when the database application is executed; and
generating output, based on the data flow graph and the identified set of command-formation nodes, for use in detecting vulnerable sites within the application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
-
-
22. An analysis tool for performing an analysis based on code of one or more applications, the analysis tool being configured to:
-
read, from a database, dependency model metadata;
based on the dependency model metadata, select for the analysis one or more code modules contained within the database;
read the one or more code modules from the database; and
perform the analysis based on code contained in the one or more code modules. - View Dependent Claims (23, 45, 46)
-
Specification