Abstract: A web application receives a user input with a SQL injection attack string that references a function. The application generates a corresponding statement based on the user input string, which the application sends to a database server. Upon receiving the statement, the database server executes the statement that invokes the referenced function. When invoked, the referenced function stores a value. The presence of the stored value indicates that the database server invoked the function. Storing the value indicative of the function invocation identifies a vulnerability of the web application to SQL injection attacks, since the function reference is introduced solely through user input and function invocation is not intended by the application. This provides proof of SQL injection vulnerability of the application.

Abstract: A web application receives a user input with a SQL injection attack string that references a function. The application generates a corresponding statement based on the user input string, which the application sends to a database server. Upon receiving the statement, the database server executes the statement that invokes the referenced function. When invoked, the referenced function stores a value. The presence of the stored value indicates that the database server invoked the function. Storing the value indicative of the function invocation identifies a vulnerability of the web application to SQL injection attacks, since the function reference is introduced solely through user input and function invocation is not intended by the application. This provides proof of SQL injection vulnerability of the application.

Abstract: A computer derives, from a current measurement of an attribute of a system, an instantaneous severity score based on a probability model that is determined from prior measurements. The computer then displays, for several successive moments in time, either the instantaneous severity score or an aggregated severity score obtained from a set of instantaneous severity scores (e.g. by averaging). Each set of scores to be aggregated may be identified by, e.g., a fixed-width time window located at a fixed offset from a moment in time at which the aggregated score is to be displayed. Aggregation suppresses or dampens momentary abnormalities, which would otherwise get displayed. In some embodiments, graphs for multiple categories of metrics are displayed on a single screen, aligned in time, to enable a human operator to form a visual correlation therebetween, e.g. to identify causes of atypical performance in the system.

Abstract: A computer is programmed to fit exponential models to upper percentile subsets of observed measurements for performance metrics collected as attributes of a computer system. The subsets are defined from sets chosen to reduce model bias due to expected variations in system performance, e.g. those resulting from temporal usage patterns induced by end users and/or workload scheduling. Measurement levels corresponding to high cumulative probability, indicative of likely performance anomalies, are extrapolated from the fitted models generated from measurements of lower cumulative probability. These levels are used to establish and to automatically set warning and alert thresholds which signal to (human) administrators when performance anomalies are observed.