DETECTING MALICIOUS OBFUSCATION IN A SQL STATEMENT BASED ON AN EFFECT AND/OR PROCESSED VERSION THEREOF
Techniques are described herein that are capable of detecting malicious obfuscation in a SQL statement based at least in part on an effect and/or processed version of the SQL statement. In a first example, a raw version of a SQL statement is compared to a processed version of the SQL statement. A de...
Gespeichert in:
Hauptverfasser: | , , |
---|---|
Format: | Patent |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext bestellen |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | Techniques are described herein that are capable of detecting malicious obfuscation in a SQL statement based at least in part on an effect and/or processed version of the SQL statement. In a first example, a raw version of a SQL statement is compared to a processed version of the SQL statement. A determination is made that a command in the processed version is not included in the raw version. The raw version is detected to be malicious based at least in part on the determination. In a second example, a SQL statement is bound to an event that results from execution of the SQL statement. Textual content of the SQL statement and an effect of the event are compared. The SQL statement is detected to be malicious based at least in part on the effect of the event not being indicated by the textual content. |
---|