| CPC G06F 21/51 (2013.01) [G06F 2221/033 (2013.01)] | 20 Claims |
|
1. A computing system comprising:
one or more processors; and
one or more computer-readable media having thereon computer-executable instructions that are structured such that, when executed by the one or more processors, the computing system would be configured process an incoming query targeted to a data store, the query processing component recognizing syntax that is valid for use in executing queries against the data store, the computing system being configured to process the incoming query by being configured to perform the following upon detecting receipt of the incoming query:
1) determining whether the received incoming query is structured in a first valid syntax in accordance with a query language, and,
when the received incoming query is structured in the first valid syntax in accordance with a query language,
2) determining whether the received incoming query has at least a portion that is structured in the first valid syntax in accordance with the query language but is not structured in a second valid syntax that can be recognized by the data store, the second valid syntax being different than the first valid syntax; and
in response to determining, when both the syntax of the incoming query is valid for the query language and the at least a portion of the incoming query comprises syntax that is structured in the first valid syntax in accordance with the query language but is not structured in the second valid syntax that can be recognized by the data store, then generating an alert data structure that represents an alert that the received incoming query is suspected to be a code injection attack on the data store.
|