SAP SE
Robust and transparent persistence of taint information to enable detection and mitigation of injection attacks

Abstract:

Methods, systems, and computer-readable storage media for receiving, by a database connector having a taint extension, a SQL request from an application, sending, by the taint extension, the SQL request to a SQL parser, receiving, by the taint extension, a structural representation of the SQL request from the SQL parser, adding, by the taint extension, taint information corresponding to data within the SQL request to provide an enhanced SQL statement, and transmitting, by the database connector, the enhanced SQL statement to a database for storing the taint information with the data.