Techniques are provided for evaluating the security of data access statements. Specifically, in one embodiment of the claimed subject matter there is provided a technique for evaluating the security of data access statements, comprising: evaluating the criticality of multiple SQL statements contained in multiple sessions accessing a database; generating a critical item set from the multiple sessions, each element in the critical item set indicating one or more SQL statements contained in a session; extracting at least one association rule from the critical item set, each of the at least association rule indicating a sequence of SQL statements contained in a session; and calculating the criticality of each of the at least one association rule.