The field of the disclosure relates generally to validating input data in a computing system and, more specifically, to methods and systems for use in selectively validating input data based on the presence of a pattern in the input data.
At least some known computing systems allow a client system to submit input data associated with a request, generate a query based on the input data, and execute the query in a database to provide a response to the client system. However, in such systems, a malicious user may execute an attack by submitting input data that “injects” executable code into the system, such as by including special characters and/or strings that manipulate the function of the system in the input data.
To prevent a code injection attack, at least some known computing systems validate input data and/or a query prior to executing such query in a database. However, by performing such validation each time input data is received, known validation methods may significantly increase computing resource (e.g., processor) utilization and/or introduce latency into the computing system. Computing resource utilization may be reduced by implementing relatively simple validation rules, but such simplification may produce unacceptable rates of false negative results (e.g., a failure to detect invalid input data) and/or false positive results (e.g., an erroneous identification of valid input data as invalid).
In addition, modifying a software application to prevent code injection attacks generally requires modification of the source code of the software application. In some scenarios, such as when using a proprietary software application or a legacy software application for which source code is no longer available, such modification may be infeasible or impossible.