CN107145786A - The safety test system and method for test is injected based on database - Google Patents
The safety test system and method for test is injected based on database Download PDFInfo
- Publication number
- CN107145786A CN107145786A CN201710323965.8A CN201710323965A CN107145786A CN 107145786 A CN107145786 A CN 107145786A CN 201710323965 A CN201710323965 A CN 201710323965A CN 107145786 A CN107145786 A CN 107145786A
- Authority
- CN
- China
- Prior art keywords
- information
- module
- database
- client
- operation system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of safety test system and method that test is injected based on database, including high in the clouds by defence operation system and several clients, the client is connected with high in the clouds by defence operation system network service, and response is included inside the client and monitors module, message identification module, information collection module, information structuring module and information sending module;There is operation system to be measured, the operation system to be measured includes request message, and the request message includes response data, traffic flow information inside the client;The high in the clouds is used to carry out database injection test by defence operation system.The present invention is beyond the clouds in database injection test, it can quickly and automatically travel through polytype and the database injection building method of coded system, the artificial judgement for carrying out filtering based on database mechanism is eliminated, the high efficiency of safety test, agility and accuracy is realized.
Description
Technical field
The present invention relates to computer software areas of information technology, more particularly to a kind of safety that test is injected based on database
Test system and method.
Background technology
With the development of network and computer software information technology, attention and pass of the network security increasingly by everybody
Note, related safety test is also more and more essential.In safety test, database injection test can all be used as one
Safety detecting method is frequently commonly used, tester can be attacked by this method analog hacker, the tested network address of checking is
No do not filtered for the parameter that user submits just is placed directly on execution in SQL statement, causes the spcial character in parameter to be broken
SQL statement original logic, and any SQL statement is performed using the leak by hacker, so as to improve the safety of tested website
Grade;But many high in the clouds operation system has deployed WAF or has deployed the code function of data check beyond the clouds, by
Many common spcial characters are filtered in WAF or high in the clouds service security code, caused based on the special of database injection
Database construction sentence can not be parsed correctly and operation system generates database statement and is submitted to back-end data beyond the clouds
Storehouse carries out legal execution, and causing database to inject test can not succeed;Current database injection test statement, otherwise it is to carry
Basic spcial character has been supplied, otherwise only simple database construction sentence, can only inject to no WAF or no data storehouse
The operation system of strobe utility is tested;These sentences are many excessively simple, and add the time of safety test, with present
Exemplified by popular database implantation tool D, Ming boy, database injection test statement is only simple single quotation marks,
The sentences such as and, or;Due to WAF presence, these usual special words can all be fallen by escape, it is impossible to make high in the clouds operation system last
The execution legal after database is submitted to of the database statement of generation;Which results in the limitation of database injection test,
Many inconvenience are brought to safety test work.Therefore need one database can be made to inject automatic decision filter type to go forward side by side
Row efficient database injection construction means, with realize safety test work in it is simpler, faster, more effectively to target
Website carries out the demand of database injection test.
The content of the invention
Part, test is injected it is an object of the invention to provide one kind based on database in view of the shortcomings of the prior art
Safety test system and method, can quickly and automatically travel through the database injection construction side of polytype and coded system
Method, eliminates the artificial judgement for carrying out filtering based on database mechanism, realizes the high efficiency of safety test, agility and accuracy.
The purpose of the present invention is achieved through the following technical solutions:
A kind of safety test system that test is injected based on database, including high in the clouds is by defence operation system and several visitors
Family end, the client is connected with high in the clouds by defence operation system network service, and response is included inside the client and monitors mould
Block, message identification module, information collection module, information structuring module and information sending module;Have inside the client and treat
Operation system is surveyed, the operation system to be measured includes request message, and the request message includes response data, traffic flow information;
The high in the clouds is used to carry out database injection test by defence operation system;
Module is monitored in the response to be used to monitor the response data of operation system front end to be measured request message, to net
Information transfer is managed on network, is judged and is captured traffic flow information;
The message identification module is used to judge that the high in the clouds response letter in the traffic flow information that module is captured is monitored in response
Breath whether there is the filtering behavior injected to database, transmit the traffic flow information if database injection filtering behavior is belonged to
To information collection module, otherwise it is failure to actuate;
Described information collection module is used to obtain the particular parameter information for injecting filtering in traffic flow information on database,
The particular parameter information includes spcial character and particular database injection construction sentence;
Described information constructing module is used to receive the particular parameter information come from information collection module transmission, analyzes and handles
Particular parameter information, then generates a new database injection sentence, and the sentence is passed into information in a particular manner
Sending module;
Described information sending module is used to carry out grammer to the database injection sentence got from information structuring module
Detection, if new database injection statement syntax is legal, directly submits high in the clouds to carry out database injection by defence operation system
Test;Otherwise information sending module transmits the sentence to information structuring module again, and outstanding message constructing module is given birth to again
Cheng Xin database injection sentence.
In order to which safety test system of the present invention is better achieved, the client is in the form of SDK SDK
Install or be integrated in target to be measured;The target to be measured includes website, server, terminal device or application software.
A kind of safety detecting method that test is injected based on database, including safety test system, the safety test system
System includes high in the clouds by defence operation system and several clients, and the client is with high in the clouds by defence operation system network service
Include inside connection, the client response monitor module, message identification module, information collection module, information structuring module and
Information sending module;Its method is as follows:
There is operation system to be measured, the operation system to be measured includes request message, described to ask inside A, the client
Message is asked to include response data, traffic flow information;The client is connected with high in the clouds by defence operation system, the client
Quantity is at least one;
B, the client are with installation in the form of SDK SDK or are integrated in target to be measured, client
Response monitors module and carries out data flow monitoring to the network state of target to be measured, and information transfer on the network of target to be measured is entered
Row management, judges and captures traffic flow information, and it is soft that the target to be measured at least includes website, server, terminal device and application
Part;The message identification module of the client judges whether the message request in the traffic flow information of crawl belongs to database injection
The behavior of filtering, be, then it is no into step C, then it is failure to actuate;
C, the information collection module of the client obtain the specific ginseng for injecting filtering in traffic flow information on database
Information is counted, and particular parameter information will be got and is sent to information structuring module;It is special that the particular parameter information at least includes
Character and particular database injection construction sentence;
D, the information structuring module of the client receive the particular parameter information come from information collection module transmission, analysis
And particular parameter information is handled, a new database injection sentence is then generated in a particular manner, and the database is noted
Enter sentence and pass to information sending module;
E, the information sending module of the client are carried out to the database injection sentence got from information structuring module
The detection of grammer, if new database injection statement syntax is legal, directly submits high in the clouds to carry out data by defence operation system
Storehouse injection test;Otherwise step D is entered.
In safety detecting method, first, client and high in the clouds are set up between defence operation system and connected;Secondly,
Response monitors module to carrying out data flow monitoring by the network state of Defensive Target, judges and captures traffic flow information, and will
It is sent to message identification module;Message identification module judges that the high in the clouds response message in the traffic flow information of crawl whether there is
The filtering behavior injected to database, information is passed to if database injection filtering behavior is belonged to by the traffic flow information
Module;Information obtains the particular parameter information for injecting filtering in traffic flow information on database, and is sent to information structure
Modeling block;Information structuring module using from information collection module transmission come particular parameter information, analyze and handle special parameter
Information, then generates a new database injection sentence (such as new coded format), and the sentence is passed in a particular manner
Pass information sending module;Finally, information sending module carries out grammer to the database statement got from information structuring module
Detection, if new database statement grammer is legal, directly submit high in the clouds carry out database injection test, otherwise information send
Module transmits the sentence to information structuring module again, and outstanding message constructing module regenerates new sentence.
The present invention compared with the prior art, with advantages below and beneficial effect:
The monitoring of database injection response is carried out to being tested target using the present invention, and for response message to new data
The automatic construction of test statement is injected in storehouse, beyond the clouds in database injection test, can quickly and automatically travel through polytype
And the database injection building method of coded system, the artificial judgement for carrying out filtering based on database mechanism is eliminated, safety is realized
The high efficiency of test, agility and accuracy.
Brief description of the drawings
Fig. 1 is theory structure block diagram of the invention.
Embodiment
The present invention is described in further detail with reference to embodiment:
Embodiment
As shown in figure 1, a kind of safety test system that test is injected based on database, including high in the clouds is by defence operation system
With several clients, the client is connected with high in the clouds by defence operation system network service, is included inside the client
Module, message identification module, information collection module, information structuring module and information sending module are monitored in response;The client
Inside has operation system to be measured, and the operation system to be measured includes request message, and the request message includes response data, number
According to stream information;The high in the clouds is used to carry out database injection test by defence operation system;The client is with software development work
Tool bag SDK form is installed or is integrated in target to be measured, and the target to be measured includes website, server, terminal device or answered
Use software.
Module is monitored in the response to be used to monitor the response data of operation system front end to be measured request message, to net
Information transfer is managed on network, is judged and is captured traffic flow information;
The message identification module is used to judge that the high in the clouds response letter in the traffic flow information that module is captured is monitored in response
Breath whether there is the filtering behavior injected to database, transmit the traffic flow information if database injection filtering behavior is belonged to
To information collection module, otherwise it is failure to actuate;
Described information collection module is used to obtain the particular parameter information for injecting filtering in traffic flow information on database,
The particular parameter information includes spcial character and particular database injection construction sentence;
Described information constructing module is used to receive the particular parameter information come from information collection module transmission, analyzes and handles
Particular parameter information, then generates a new database injection sentence, and the sentence is passed into information in a particular manner
Sending module;
Described information sending module is used to carry out grammer to the database injection sentence got from information structuring module
Detection, if new database injection statement syntax is legal, directly submits high in the clouds to carry out database injection by defence operation system
Test;Otherwise information sending module transmits the sentence to information structuring module again, and outstanding message constructing module is given birth to again
Cheng Xin database injection sentence.
The present invention carries out crawl analysis by the response traffic to target to be measured, and when discovery, it is that database injects filtering
During behavior, then to the particular parameter information in data flow, for example:Spcial character and database injection construction sentence information, are carried out
Collection.And reconfigured according to spcial character and database the injection construction sentence information collected (such as by and, Dan Yin
Number etc. be substituted for other coded formats), after reconfiguring sentence and being submitted to high in the clouds, high in the clouds operation system can be due to lacking pair
The strobe utility answered and cause database injection attacks so that database injection is successfully tested;With this, to realize that database injects
The automatic decision of strobe utility and bypass, improve the security of website and the validity of safety test.
A kind of safety detecting method that test is injected based on database, including safety test system, the safety test system
System includes high in the clouds by defence operation system and several clients, and the client is with high in the clouds by defence operation system network service
Include inside connection, the client response monitor module, message identification module, information collection module, information structuring module and
Information sending module;Its method is as follows:
There is operation system to be measured, the operation system to be measured includes request message, described to ask inside A, the client
Message is asked to include response data, traffic flow information;The client is connected with high in the clouds by defence operation system, the client
Quantity is at least one;In order to ensure that database injection filtering rule can be carried out to measured target to multiple users or terminal simultaneously
Automatic decision and bypass, in the present embodiment, client can be multiple or one, particular number according to user or
Depending on terminal.Client to be to install or be integrated in target to be measured in the form of SDK in the present embodiment, but in actual applications can be with
Otherwise installed or integrated, here is omitted.The measured target is at least set including website, server, terminal
Standby and application software.
B, the client are with installation in the form of SDK SDK or are integrated in target to be measured, client
Response monitors module and carries out data flow monitoring to the network state of target to be measured, and information transfer on the network of target to be measured is entered
Row management, judges and captures traffic flow information, and it is soft that the target to be measured at least includes website, server, terminal device and application
Part;The message identification module of the client judges whether the message request in the traffic flow information of crawl belongs to database injection
The behavior of filtering, be, then it is no into step C, then it is failure to actuate;
C, the information collection module of the client obtain the specific ginseng for injecting filtering in traffic flow information on database
Information is counted, and particular parameter information will be got and is sent to information structuring module;It is special that the particular parameter information at least includes
Character and particular database injection construction sentence;
D, the information structuring module of the client receive the particular parameter information come from information collection module transmission, analysis
And particular parameter information is handled, a new database injection sentence is then generated in a particular manner, and the database is noted
Enter sentence and pass to information sending module;
E, the information sending module of the client are carried out to the database injection sentence got from information structuring module
The detection of grammer, if new database injection statement syntax is legal, directly submits high in the clouds to carry out data by defence operation system
Storehouse injection test;Otherwise step D is entered.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all essences in the present invention
Any modifications, equivalent substitutions and improvements made within refreshing and principle etc., should be included in the scope of the protection.
Claims (4)
1. a kind of safety test system that test is injected based on database, it is characterised in that:Including high in the clouds by defence operation system
With several clients, the client is connected with high in the clouds by defence operation system network service, is included inside the client
Module, message identification module, information collection module, information structuring module and information sending module are monitored in response;The client
Inside has operation system to be measured, and the operation system to be measured includes request message, and the request message includes response data, number
According to stream information;The high in the clouds is used to carry out database injection test by defence operation system;
Module is monitored in the response to be used to monitor the response data of operation system front end to be measured request message, on network
Information transfer is managed, and is judged and is captured traffic flow information;
The message identification module is used to judge that the high in the clouds response message that response is monitored in the traffic flow information that module is captured is
It is no to there is the filtering behavior injected to database, the traffic flow information is passed into letter if database injection filtering behavior is belonged to
Collection module is ceased, is otherwise failure to actuate;
Described information collection module is used to obtain the particular parameter information for injecting filtering in traffic flow information on database, described
Particular parameter information includes spcial character and particular database injection construction sentence;
Described information constructing module is used to receive the particular parameter information come from information collection module transmission, analyzes and handles specific
Parameter information, then generates a new database injection sentence, and the sentence is passed into information transmission in a particular manner
Module;
Described information sending module is used for the detection that grammer is carried out to the database injection sentence got from information structuring module,
If new database injection statement syntax is legal, directly submits high in the clouds to carry out database injection by defence operation system and test;
Otherwise information sending module transmits the sentence to information structuring module again, and outstanding message constructing module regenerate it is new
Database injects sentence.
2. according to the safety test system that test is injected based on database described in claim 1, it is characterised in that:The client
End is to install or be integrated in target to be measured in the form of SDK SDK.
3. according to the safety test system that test is injected based on database described in claim 2, it is characterised in that:It is described to be measured
Target includes website, server, terminal device or application software.
4. a kind of safety detecting method that test is injected based on database, it is characterised in that:Including safety test system, the peace
Full test system includes high in the clouds by defence operation system and several clients, and the client is with high in the clouds by defence operation system
Network service is connected, and response is included inside the client and monitors module, message identification module, information collection module, information structure
Modeling block and information sending module;Its method is as follows:
There is operation system to be measured, the operation system to be measured includes request message, the request report inside A, the client
Text includes response data, traffic flow information;The client is connected with high in the clouds by defence operation system, the quantity of the client
At least one;
B, the client are to install or be integrated in target to be measured, the response of client in the form of SDK SDK
Monitor module and data flow monitoring is carried out to the network state of target to be measured, information transfer on the network of target to be measured is managed
Reason, judges and captures traffic flow information, and the target to be measured at least includes website, server, terminal device and application software;Institute
The message identification module for stating client judges whether the message request in the traffic flow information of crawl belongs to database injection filtering
Behavior, be, then it is no into step C, then be failure to actuate;
C, the information collection module of the client obtain the special parameter letter for injecting filtering in traffic flow information on database
Cease, and particular parameter information will be got and send to information structuring module;The particular parameter information at least includes spcial character
And particular database injection construction sentence;
D, the information structuring module of the client receive the particular parameter information come from information collection module transmission, analyze and locate
Particular parameter information is managed, a new database injection sentence is then generated in a particular manner, and the database is injected into language
Sentence passes to information sending module;
E, the information sending module of the client carry out grammer to the database injection sentence got from information structuring module
Detection, if new database injection statement syntax is legal, directly submit high in the clouds by defence operation system progress database note
Enter test;Otherwise step D is entered.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710323965.8A CN107145786A (en) | 2017-05-08 | 2017-05-08 | The safety test system and method for test is injected based on database |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710323965.8A CN107145786A (en) | 2017-05-08 | 2017-05-08 | The safety test system and method for test is injected based on database |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107145786A true CN107145786A (en) | 2017-09-08 |
Family
ID=59776872
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710323965.8A Pending CN107145786A (en) | 2017-05-08 | 2017-05-08 | The safety test system and method for test is injected based on database |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107145786A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108540491A (en) * | 2018-04-27 | 2018-09-14 | 四川长虹电器股份有限公司 | Semi-automatic Permeation Test System based on drive sweep and method |
| CN109190368A (en) * | 2018-08-19 | 2019-01-11 | 杭州安恒信息技术股份有限公司 | A kind of SQL injection detection device and SQL injection detection method |
| CN110147328A (en) * | 2019-05-24 | 2019-08-20 | 深圳市网心科技有限公司 | A kind of database performance measurement method, system, electronic equipment and storage medium |
| CN111624462A (en) * | 2020-04-23 | 2020-09-04 | 上海机电工程研究所 | Weapon system PCB detection method, system, medium and equipment based on big data |
| CN111934949A (en) * | 2020-07-23 | 2020-11-13 | 广东电网有限责任公司 | Safety test system based on database injection test |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102799830A (en) * | 2012-08-06 | 2012-11-28 | 厦门市美亚柏科信息股份有限公司 | Improved SQL (Structured Query Language) injection flaw detection method |
| WO2014110281A1 (en) * | 2013-01-11 | 2014-07-17 | Db Networks, Inc. | Systems and methods for detecting and mitigating threats to a structured data storage system |
-
2017
- 2017-05-08 CN CN201710323965.8A patent/CN107145786A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102799830A (en) * | 2012-08-06 | 2012-11-28 | 厦门市美亚柏科信息股份有限公司 | Improved SQL (Structured Query Language) injection flaw detection method |
| WO2014110281A1 (en) * | 2013-01-11 | 2014-07-17 | Db Networks, Inc. | Systems and methods for detecting and mitigating threats to a structured data storage system |
Non-Patent Citations (1)
| Title |
|---|
| 杨高明: "SQL注入漏洞检测系统", 《中国优秀硕士论文全文数据库》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108540491A (en) * | 2018-04-27 | 2018-09-14 | 四川长虹电器股份有限公司 | Semi-automatic Permeation Test System based on drive sweep and method |
| CN108540491B (en) * | 2018-04-27 | 2020-06-30 | 四川长虹电器股份有限公司 | Semi-automatic penetration testing system and method based on passive scanning |
| CN109190368A (en) * | 2018-08-19 | 2019-01-11 | 杭州安恒信息技术股份有限公司 | A kind of SQL injection detection device and SQL injection detection method |
| CN110147328A (en) * | 2019-05-24 | 2019-08-20 | 深圳市网心科技有限公司 | A kind of database performance measurement method, system, electronic equipment and storage medium |
| CN111624462A (en) * | 2020-04-23 | 2020-09-04 | 上海机电工程研究所 | Weapon system PCB detection method, system, medium and equipment based on big data |
| CN111934949A (en) * | 2020-07-23 | 2020-11-13 | 广东电网有限责任公司 | Safety test system based on database injection test |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107145786A (en) | The safety test system and method for test is injected based on database | |
| CN110046073B (en) | Log collection method and device, equipment and storage medium | |
| EP2244418A1 (en) | Database security monitoring method, device and system | |
| CN105391729A (en) | Web loophole automatic mining method based on fuzzy test | |
| CN101605074A (en) | The method and system of communication behavioural characteristic monitoring wooden horse Network Based | |
| CN108470003A (en) | Fuzz testing methods, devices and systems | |
| CN106228135A (en) | The warning of a kind of identity-based identification/report danger method and system | |
| CN102611713A (en) | Entropy operation-based network intrusion detection method and device | |
| CN103618652A (en) | Audit and depth analysis system and audit and depth analysis method of business data | |
| CN110008704B (en) | Intelligent electronic information storage system for industrial management | |
| CN109005162B (en) | Industrial control system security audit method and device | |
| CN103701783A (en) | Preprocessing unit, data processing system consisting of same, and processing method | |
| CN102882748A (en) | Network access detection system and network access detection method | |
| CN115021997B (en) | Network intrusion detection system based on machine learning | |
| CN107122658A (en) | Database system of defense and method with autolearn feature | |
| CN106209902A (en) | A kind of network safety system being applied to intellectual property operation platform and detection method | |
| CN110460611A (en) | Full flow attack detecting technology based on machine learning | |
| CN106453256A (en) | Password feature library system with automatic learning function and learning method thereof | |
| CN115150182A (en) | Information system network attack detection method based on flow analysis | |
| CN105379304B (en) | Data network management system, data network management device, data processing equipment and data network management method | |
| CN108763916B (en) | Service interface security assessment method and device | |
| CN110460575A (en) | One kind can be realized security audit functional network Security Situation Awareness Systems | |
| CN111666193A (en) | Method and system for monitoring and testing terminal function based on real-time log analysis | |
| CN114124759A (en) | Evaluation method and device for distributed system, electronic equipment and storage medium | |
| CN102769607B (en) | Malicious code detecting method and system based on network packet |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170908 |
|
| RJ01 | Rejection of invention patent application after publication |