CN105072095B - 一种检测sql注入漏洞的方法及装置 - Google Patents
一种检测sql注入漏洞的方法及装置 Download PDFInfo
- Publication number
- CN105072095B CN105072095B CN201510428942.4A CN201510428942A CN105072095B CN 105072095 B CN105072095 B CN 105072095B CN 201510428942 A CN201510428942 A CN 201510428942A CN 105072095 B CN105072095 B CN 105072095B
- Authority
- CN
- China
- Prior art keywords
- attack
- delay
- sql
- vector
- matrix
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510428942.4A CN105072095B (zh) | 2015-07-20 | 2015-07-20 | 一种检测sql注入漏洞的方法及装置 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510428942.4A CN105072095B (zh) | 2015-07-20 | 2015-07-20 | 一种检测sql注入漏洞的方法及装置 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105072095A CN105072095A (zh) | 2015-11-18 |
CN105072095B true CN105072095B (zh) | 2019-03-26 |
Family
ID=54501378
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510428942.4A Active CN105072095B (zh) | 2015-07-20 | 2015-07-20 | 一种检测sql注入漏洞的方法及装置 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105072095B (zh) |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107122665B (zh) * | 2016-02-25 | 2019-08-13 | 腾讯科技(深圳)有限公司 | 漏洞检测方法以及漏洞检测装置 |
CN106407803B (zh) * | 2016-08-30 | 2019-06-14 | 北京奇虎科技有限公司 | Sql注入漏洞的检测方法及装置 |
CN106503553B (zh) * | 2016-09-29 | 2019-07-30 | 北京知道未来信息技术有限公司 | 一种无回显的远程命令执行漏洞的验证方法 |
CN106790195B (zh) * | 2016-12-30 | 2019-11-19 | 北京神州绿盟信息安全科技股份有限公司 | 一种sql注入检测方法及装置 |
CN108509792A (zh) * | 2017-02-23 | 2018-09-07 | 腾讯科技(深圳)有限公司 | 一种注入漏洞检测方法及装置 |
CN107294953B (zh) * | 2017-05-18 | 2020-04-28 | 深信服科技股份有限公司 | 攻击操作检测方法及装置 |
CN107707547A (zh) * | 2017-09-29 | 2018-02-16 | 北京神州绿盟信息安全科技股份有限公司 | 一种DDoS攻击的检测方法及设备 |
CN108616527A (zh) * | 2018-04-16 | 2018-10-02 | 贵州大学 | 一种面向sql注入漏洞挖掘方法和装置 |
CN109657472B (zh) * | 2018-10-11 | 2023-09-22 | 平安科技(深圳)有限公司 | Sql注入漏洞检测方法、装置、设备及可读存储介质 |
CN110363008B (zh) * | 2019-07-11 | 2021-08-06 | 北京长亭未来科技有限公司 | 一种sql时间盲注的漏洞检测方法、装置和存储设备 |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101312393A (zh) * | 2007-05-24 | 2008-11-26 | 北京启明星辰信息技术有限公司 | 一种sql注入漏洞检测方法及系统 |
US8225402B1 (en) * | 2008-04-09 | 2012-07-17 | Amir Averbuch | Anomaly-based detection of SQL injection attacks |
CN102831345A (zh) * | 2012-07-30 | 2012-12-19 | 西北工业大学 | Sql注入漏洞检测中的注入点提取方法 |
CN103077348A (zh) * | 2012-12-28 | 2013-05-01 | 华为技术有限公司 | 一种Web站点漏洞扫描方法和装置 |
US8631497B1 (en) * | 2007-02-01 | 2014-01-14 | Mcafee, Inc. | Systems and methods for automating blind detection of computational vulnerabilities |
CN103902912A (zh) * | 2012-12-26 | 2014-07-02 | 深圳市腾讯计算机系统有限公司 | 网页漏洞的检测方法和装置 |
-
2015
- 2015-07-20 CN CN201510428942.4A patent/CN105072095B/zh active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8631497B1 (en) * | 2007-02-01 | 2014-01-14 | Mcafee, Inc. | Systems and methods for automating blind detection of computational vulnerabilities |
CN101312393A (zh) * | 2007-05-24 | 2008-11-26 | 北京启明星辰信息技术有限公司 | 一种sql注入漏洞检测方法及系统 |
US8225402B1 (en) * | 2008-04-09 | 2012-07-17 | Amir Averbuch | Anomaly-based detection of SQL injection attacks |
CN102831345A (zh) * | 2012-07-30 | 2012-12-19 | 西北工业大学 | Sql注入漏洞检测中的注入点提取方法 |
CN103902912A (zh) * | 2012-12-26 | 2014-07-02 | 深圳市腾讯计算机系统有限公司 | 网页漏洞的检测方法和装置 |
CN103077348A (zh) * | 2012-12-28 | 2013-05-01 | 华为技术有限公司 | 一种Web站点漏洞扫描方法和装置 |
Also Published As
Publication number | Publication date |
---|---|
CN105072095A (zh) | 2015-11-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105072095B (zh) | 一种检测sql注入漏洞的方法及装置 | |
JP4901179B2 (ja) | 時限式実行可能エージェントを使用したソフトウェア保全性保護のための方法および装置 | |
US11258818B2 (en) | Method and system for generating stateful attacks | |
CN110121876A (zh) | 用于通过使用行为分析检测恶意设备的系统和方法 | |
JP6557774B2 (ja) | プロセストレースを用いたグラフベースの侵入検知 | |
CN110505241A (zh) | 一种网络攻击面检测方法及系统 | |
Hobson et al. | On the challenges of effective movement | |
US20110154487A1 (en) | Software behavior modeling device, software behavior modeling method, software behavior verification device, and software behavior verification method | |
Schneider et al. | Online model-based behavioral fuzzing | |
Almeida et al. | Benchmarking the resilience of self-adaptive software systems: perspectives and challenges | |
CN108234441B (zh) | 确定伪造访问请求的方法、装置、电子设备和存储介质 | |
Beraud et al. | Cyber defense network maneuver commander | |
Freitas et al. | D2M: Dynamic defense and modeling of adversarial movement in networks | |
US20190294803A1 (en) | Evaluation device, security product evaluation method, and computer readable medium | |
Anderson et al. | Parameterizing moving target defenses | |
CN108616527A (zh) | 一种面向sql注入漏洞挖掘方法和装置 | |
CN109302433A (zh) | 远程命令执行漏洞的检测方法、装置、设备及存储介质 | |
CN109960940B (zh) | 一种基于日志的嵌入式设备控制流证明方法及系统 | |
Samir et al. | A Self-Configuration Controller To Detect, Identify, and Recover Misconfiguration at IoT Edge Devices and Containerized Cluster System. | |
Sukhwani et al. | A survey of anomaly detection techniques and hidden markov model | |
Zhao et al. | Applying chaos theory for runtime hardware Trojan detection | |
Kadron et al. | Feedback-driven side-channel analysis for networked applications | |
Niu et al. | A framework for joint attack detection and control under false data injection | |
US11909754B2 (en) | Security assessment system | |
Wang et al. | A model-based behavioral fuzzing approach for network service |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20200317 Address after: 100089 Beijing city Haidian District Road No. 4 North wa Yitai three storey building Co-patentee after: NSFOCUS TECHNOLOGIES Inc. Patentee after: NSFOCUS INFORMATION TECHNOLOGY Co.,Ltd. Co-patentee after: Shenzhou Lvmeng Chengdu Technology Co.,Ltd. Address before: 100089 Beijing city Haidian District Road No. 4 North wa Yitai three storey building Co-patentee before: NSFOCUS TECHNOLOGIES Inc. Patentee before: NSFOCUS INFORMATION TECHNOLOGY Co.,Ltd. |
|
TR01 | Transfer of patent right | ||
CP01 | Change in the name or title of a patent holder |
Address after: 100089 Beijing city Haidian District Road No. 4 North wa Yitai three storey building Patentee after: NSFOCUS Technologies Group Co.,Ltd. Patentee after: NSFOCUS TECHNOLOGIES Inc. Patentee after: Shenzhou Lvmeng Chengdu Technology Co.,Ltd. Address before: 100089 Beijing city Haidian District Road No. 4 North wa Yitai three storey building Patentee before: NSFOCUS INFORMATION TECHNOLOGY Co.,Ltd. Patentee before: NSFOCUS TECHNOLOGIES Inc. Patentee before: Shenzhou Lvmeng Chengdu Technology Co.,Ltd. |
|
CP01 | Change in the name or title of a patent holder |