Abstract: Systems and methods for analyzing SQL queries for constraint violations for injection attacks. Tokenizing a SQL query generates a token stream. A parse tree is constructed by iterating over lexical nodes of the token stream. The parse tree is compared to a SQL schema and access configuration for a database in order to analyze the SQL query for constraint violations. Evaluation flaws are also detected. A step-wise, bottom-up approach is employed to walk through the parse tree to detect types and to ascertain from those types whether the condition for SQL execution is static or dynamic. SQL request security engine logic refers to predetermined protective action data and takes the particular type of action specified by the predetermined protective action data. Security is further enhanced by limiting service of requests to requests of one or more specific, accepted data types. Each request is parsed into individual data elements, each an associated key-value pair.

Abstract: Methods and apparatuses for detecting an evaluation flaw in a SQL query, the SQL query configured to access data in a database table are disclosed. The method includes creating a parse tree from the SQL query and evaluating the parse tree to ascertain whether a condition of the SQL query results in a type or value that is independent of contents of the database table. For type evaluation, if, responsive to the evaluating, the condition is found, designating the SQL query at risk for having the tautology in the SQL query. For value evaluation, if, responsive to the evaluating, the condition is found, determining whether the condition is always true or whether the condition is always false; and if, responsive to the determining, the condition is found to be always true or always false, designating the SQL query at risk for having the evaluation flaw in the SQL query.

Abstract: Methods and apparatuses for detecting an evaluation flaw in a SQL query, the SQL query configured to access data in a database table are disclosed. The method includes creating a parse tree from the SQL query and evaluating the parse tree to ascertain whether a condition of the SQL query results in a type or value that is independent of contents of the database table. For type evaluation, if, responsive to the evaluating, the condition is found, designating the SQL query at risk for having the tautology in the SQL query. For value evaluation, if, responsive to the evaluating, the condition is found, determining whether the condition is always true or whether the condition is always false; and if, responsive to the determining, the condition is found to be always true or always false, designating the SQL query at risk for having the evaluation flaw in the SQL query.

Abstract: The present invention relates to systems and methods for statistical caching. Inputs are captured via an appropriate network protocol. The input includes statistical data and a corresponding cache key. The values for each cache key within a cache are compacted using the input. The compacting involves determining if the corresponding cache key is already set within the cache, and if the cache key is present, aggregating the statistical data with the value stored within the cache to generate an updated value. The updated cache may be periodically synchronized with a final data store. Additionally, each operation performed by the statistical cache may be recorded in a transaction log for fault tolerance.

Abstract: The present invention relates to systems and methods for analyzing SQL queries for constraint violations, which may indicate injection attacks. The systems and methods tokenize a SQL query to generate a token stream. Next, lexical nodes are generated by iterating over the token stream. Then, a parse tree can be constructed by iterating over the lexical nodes. The parse tree may be compared to a SQL schema and access configuration for a database in order to analyze the SQL query for constraint violations, including determining the number of queries in the parse tree, identifying invalid fields and table access, identifying invalid field type comparisons and pattern matches, and identifying early statement termination.

Abstract: The present invention relates to systems and methods for the tokenization of user-generated content in order to prevent attacks on the user-generated content. The systems and methods initially pre-process the user-generated content string utilizing a secondary input of target language. Pre-processing may also include initialization of finite state machines, token markers and string buffers (text, HTML tag name, HTML attribute name, HTML attribute value, CSS selector, CSS property name, and CSS property value). The user-generated content string is scanned by rune, and the system sends each rune to a specific buffer based upon signaling by individual finite state machine states. Buffers are then converted to token stream nodes to be inserted into the token stream. The tokens represent a string of characters and are symbolically categorized according to activated finite state machine states.

Abstract: The present invention relates to systems and methods for parsing of a token stream for user generated content in order to prevent attacks on the user generated content. The systems and methods include a database which stores one or more whitelists, and a parser. The parser removes tokens from the token stream by comparing the tokens against the whitelist. Next, the parser validates CSS property values, encodes data within attribute values and text nodes, reconciles closing HTML tags, and coerces media tags into safe variants. The tokens removed may be any of HTML tags, HTML attributes, HTML protocols, CSS selectors and CSS properties.