CN106789926A - Multi-process automatic SQL injection batch scanning tool and method - Google Patents
Multi-process automatic SQL injection batch scanning tool and method Download PDFInfo
- Publication number
- CN106789926A CN106789926A CN201611064242.2A CN201611064242A CN106789926A CN 106789926 A CN106789926 A CN 106789926A CN 201611064242 A CN201611064242 A CN 201611064242A CN 106789926 A CN106789926 A CN 106789926A
- Authority
- CN
- China
- Prior art keywords
- scanning
- sql
- sql injection
- request
- batch
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 101
- 238000002347 injection Methods 0.000 title claims abstract description 76
- 239000007924 injection Substances 0.000 title claims abstract description 76
- 230000008569 process Effects 0.000 claims abstract description 53
- 238000009826 distribution Methods 0.000 claims abstract description 18
- 238000012360 testing method Methods 0.000 claims abstract description 11
- 238000001514 detection method Methods 0.000 claims abstract description 5
- 238000012545 processing Methods 0.000 claims abstract description 5
- 235000014510 cooky Nutrition 0.000 claims description 9
- 238000004801 process automation Methods 0.000 claims description 9
- 238000001764 infiltration Methods 0.000 claims description 8
- 230000008595 infiltration Effects 0.000 claims description 8
- 238000004321 preservation Methods 0.000 claims description 6
- 238000003860 storage Methods 0.000 claims description 5
- 230000035515 penetration Effects 0.000 claims description 4
- 230000008859 change Effects 0.000 claims description 3
- 230000004069 differentiation Effects 0.000 claims description 3
- 238000000605 extraction Methods 0.000 claims description 3
- 239000003292 glue Substances 0.000 claims description 3
- 238000002513 implantation Methods 0.000 claims description 3
- 238000005259 measurement Methods 0.000 claims description 3
- 230000004044 response Effects 0.000 claims description 3
- 238000012216 screening Methods 0.000 claims description 3
- 238000000151 deposition Methods 0.000 claims 1
- 239000000463 material Substances 0.000 abstract description 2
- 230000003204 osmotic effect Effects 0.000 abstract description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000007689 inspection Methods 0.000 description 1
- 239000007788 liquid Substances 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Abstract
The invention discloses a multi-process automatic SQL injection batch scanning tool and a method, comprising a request module, a distribution module and a summary module, wherein the request module is used for requesting the batch parameter processing of files; the distribution module is used for intelligently distributing and scanning task processes, namely automatically distributing and scanning tasks according to the process number set by a user and starting corresponding processes for osmotic scanning; the summarizing module is used for intelligently summarizing and analyzing the scanning results, namely automatically storing and detecting the scanning results and extracting the request and the detailed results with sql injection vulnerabilities, and the method is realized based on the scanning tool. Compared with the prior art, the multi-process automatic SQL injection batch scanning tool and method can automatically perform batch SQL injection automatic scanning on orders of magnitude requests of tens of thousands and above under the unattended condition, greatly improve the permeation efficiency of product safety detection, greatly save manpower and material resources for regression testing after safety problem repair, have strong practicability and wide application range, and are easy to popularize.
Description
Technical field
The present invention relates to Computer Applied Technology field, specifically a kind of practical, multi-process automation SQL notes
Enter batch scanning instrument and method.
Background technology
The scanning tools of sql injection loopholes that are directed to existing at present are joined only in single request or single url
Number is scanned, and manual analysis each http request is required for each operation of a web system, and to wherein existing
The request of parameter performs SQL injection scanning.If carrying out batch Liquid penetrant testing in face of large-scale web system, for tens thousand of
Request is taken considerable time, human cost, it is necessary to perform tens of thousands of time repeated and redundants operations.
In consideration of it, existing provide a kind of based on multi-process automation SQL injection batch scanning instrument and method, how right solve
The request of one all http of complete web or C/S systems unify asking for the scanning of the batch-automated SQL injection of high efficiency
Topic.
The content of the invention
Technical assignment of the invention is directed to above weak point, there is provided a kind of practical, multi-process automation SQL notes
Enter batch scanning instrument and method.
A kind of multi-process automates SQL injection batch scanning instrument, including request module, distribution module and summarizing module,
Wherein,
Request module is used for demand file batch parameter processing;
Distribution module is used for task process intelligently distribution scanning, i.e., set into number of passes automatic distributing scan task and open according to user
Opening corresponding process carries out infiltration scanning;
Summarizing module is used for scanning result intelligence Macro or mass analysis, that is, automatically save and detect scanning result, and extraction has sql injections
The request of leak and detailed results.
The request module specifies the root path address of whole demand file preservation by user, to whole under path
File is analyzed screening, selects the demand file that can be scanned, then active session information, the data according to user configuring
Storehouse server and enter number of passes, perform batch text treatment to request automatically and responded with ensureing that request can normally obtain server.
The distribution module is used to open the process for specifying number, and realizes that multi-process mass simultaneous carry out sql injection scannings,
The whole parameters of distribution module identification in scanning process, and all parameters are sent with test statement, analysis responds to judge that sql is noted
Enter.
After whole is scanned, there is sql injection loopholes in Intelligent Measurement whole scanning results, retrieval to the summarizing module
Request and by leak request scanning result be aggregated into assigned catalogue, be user-friendly for result statistics and specifically check.
A kind of multi-process automates SQL injection batch scanning method, and its implementation process is:
All requests in web system are obtained first;
The demand file is extracted by above-mentioned scanning tools, and demand file is pre-processed;
Process task is distributed, SQL injection is judged, i.e., opens the process for specifying number simultaneously, realize that multi-process mass simultaneous enter
Row sql injections are scanned, and whole parameters are recognized in scanning process, and all parameters are sent with test statement, and analysis responds to judge
Sql injects;
After the end of scan, whole scanning results are carried out with quick-searching, lookup has the scanning result of sql injections, and unified remittance
Always pressed from both sides to glue file, convenient use person checks operation result.
The process of all requests is in acquisition web system:By packet capturing Software tool, use what is manually or automatically clicked on
Mode, all requests in web system is all captured, and save as several txt files.
Obtain demand file and the process that is pre-processed is:Path where the demand file of user's input is received first
Catalogue, by all asking the text that preserves in web system under the directory path, then scanning tools automatically scanning path
Directory file structure is simultaneously recorded, and whole suffix are the demand file of txt under extracting this path, and finally whole demand files are carried out
Pretreatment:Cookie value batches canonical is replaced, it is ensured that cookie information is effective in current web system in demand file after replacement
Cookie values, it is ensured that the penetration attack request sent in infiltration scanning process can be by program normal response.
It is by the process that process task is distributed:First result files are automatically created under current path to be swept for storage
Result is retouched, to carrying out overlapping operation if it there is result files, is created with user in result files
Identical folder structure under input path, to realize the differentiation of file scan result of the same name under different directories;Then receiving makes
The process of user's input opens number x, is intelligently distributed by program, creates x autoexec, already present autoexec
Then delete, the scan command that sql injections are performed to each demand file is written in x autoexec successively, now open
X process is opened, is that each process distributes an errorlevel, perform sql implantation tool scan commands, started to all files
Multi-process batch sql injection scannings are carried out simultaneously.
Multi-process batch scanning terminates rear operation result and preserves the process of detection:
After sql injection batch scannings are finished, according to request catalogue storage hierarchical relationship, the sql notes of each request are automatically saved
Enter scanning result file, destination file name asks to correspond with place path and source;
Whole result results are analyzed automatically after preservation, automatic identification has the scanning result file of sql injections, and will
This document is aggregated under assigned catalogue automatically;
After the completion of scanning tools operation, the request scanning result for being all in sql injection loopholes is recorded under assigned catalogue path.
The scanning result of record include exist decanting point parameter, send injection sentence, by infiltration obtain be tested
Server OS, middleware information.
A kind of multi-process automation SQL injection batch scanning instrument and method of the invention, with advantages below:
A kind of multi-process automation SQL injection batch scanning instrument of the invention and method can be in the case of unattended certainly
The dynamic order of magnitude request to tens thousand of ranks and the above carries out batch sql injection automatic scannings, substantially increases product safety inspection
Osmotic efficiency is surveyed, the manpower and materials of regression test after safety problem is repaired is greatlyd save, compared to manually carrying out sql injections in the past
Batch detection, time and workload reduce 90%, practical, applied widely, it is easy to promote.
Brief description of the drawings
Accompanying drawing 1 realizes flow chart for of the invention.
Specific embodiment
The invention will be further described with specific embodiment below in conjunction with the accompanying drawings.
The present invention solves that the request of all http of complete web or C/S systems is carried out to unify high efficiency batch automatically
Change the scanning of SQL injection.After being effectively treated to high-volume demand file, multiple processes are automatically turned on simultaneously to demand file
Sql injections scanning and penetration testing are carried out, and clearly preserve each to ask scanning result and automatically retrieval to there is sql injections
The request of leak and scanning result file.Realize that request of the unattended automation to tens thousand of or hundreds thousand of ranks carries out batch and ooze
Test thoroughly.
A kind of multi-process automates SQL injection batch scanning instrument, including request module, distribution module and summarizing module,
Wherein,
Request module is used for demand file batch parameter processing;
Distribution module is used for task process intelligently distribution scanning, i.e., set into number of passes automatic distributing scan task and open according to user
Opening corresponding process carries out infiltration scanning;
Summarizing module is used for scanning result intelligence Macro or mass analysis, that is, automatically save and detect scanning result, and extraction has sql injections
The request of leak and detailed results.
The request module specifies the root path address of whole demand file preservation by user, to whole under path
File is analyzed screening, selects the demand file that can be scanned, then active session information, the data according to user configuring
Storehouse server and enter number of passes, perform batch text treatment to request automatically and responded with ensureing that request can normally obtain server,
While batch injection efficiency is improved, reduction is failed to report.
The distribution module is used to open the process for specifying number, and realizes that multi-process mass simultaneous carry out sql injection scannings,
The whole parameters of distribution module identification in scanning process, and all parameters are sent with test statement, analysis responds to judge that sql is noted
Enter.
After whole is scanned, there is sql injection loopholes in Intelligent Measurement whole scanning results, retrieval to the summarizing module
Request and by leak request scanning result be aggregated into assigned catalogue, be user-friendly for result statistics and specifically check.
As shown in Figure 1, a kind of multi-process automation SQL injection batch scanning method, this method can be carried out based on request
The sql injection intelligent scannings of file and url, are recorded comprising scanning process and result, but this method is realized in face of large-scale system
During the demand file of system or big number of levels, batch processing and operation can be carried out to big number requests file, by demand file
Intelligence is distributed in multiple subprocess, realizes multi-process task scheduling, accelerates request sql injection sweep speeds;Simultaneously can be right
Scanning result carries out quick-searching and treatment, realizes unattended full-automatic sql injections batch scanning.
Its implementation process is:
1)All requests in web system are obtained first;
User passes through the instruments such as packet capturing software such as fiddler first, using the mode manually or automatically clicked on, by web systems
All requests are all captured in system, and save as multiple txt files, are then turned on this scanning tools.
2)The demand file is extracted by above-mentioned scanning tools, and demand file is pre-processed;
3)Process task is distributed, SQL injection is judged, i.e., opens the process for specifying number simultaneously, realize multi-process mass simultaneous
Carry out sql injections to scan, whole parameters are recognized in scanning process, and all parameters are sent with test statement, analysis responds to sentence
Disconnected sql injections;
4)After the end of scan, whole scanning results are carried out with quick-searching, lookup has the scanning result of sql injections, and unified
Glue file folder is aggregated into, convenient use person checks operation result.
Obtain demand file and the process that is pre-processed is:Path where the demand file of user's input is received first
Catalogue, by all asking the text that preserves in web system under the directory path, then scanning tools automatically scanning path
Directory file structure is simultaneously recorded, and whole suffix are the demand file of txt under extracting this path, and finally whole demand files are carried out
Pretreatment:Cookie value batches canonical is replaced, it is ensured that cookie information is effective in current web system in demand file after replacement
Cookie values, it is ensured that the penetration attack request sent in infiltration scanning process can be by program normal response.
It is by the process that process task is distributed:First result files are automatically created under current path to be swept for storage
Result is retouched, to carrying out overlapping operation if it there is result files, is created with user in result files
Identical folder structure under input path, to realize the differentiation of file scan result of the same name under different directories;Then receiving makes
The process of user's input opens number x, is intelligently distributed by program, creates x autoexec, already present autoexec
Then delete, the scan command that sql injections are performed to each demand file is written in x autoexec successively, now open
X process is opened, is that each process distributes an errorlevel, perform sql implantation tool scan commands, started to all files
Multi-process batch sql injection scannings are carried out simultaneously.
Multi-process batch scanning terminates rear operation result and preserves the process of detection:
After sql injection batch scannings are finished, according to request catalogue storage hierarchical relationship, the sql notes of each request are automatically saved
Enter scanning result file, destination file name asks to correspond with place path and source;
Whole result results are analyzed automatically after preservation, automatic identification has the scanning result file of sql injections, and will
This document is aggregated into assigned catalogue automatically " result sql injection problem collect " under.
After the completion of instrument operation, under path, sql injections are as all at " result sql injections problem collect "
The request scanning result record of leak, the quilt for contain the parameter that there is decanting point, the injection sentence for sending, obtaining by infiltration
Survey the information such as server OS, middleware.
Above-mentioned specific embodiment is only specific case of the invention, and scope of patent protection of the invention is included but is not limited to
Above-mentioned specific embodiment, any a kind of multi-process automation SQL injection batch scanning instrument of the invention and method of meeting
The appropriate change or replacement that claims and any technical field those of ordinary skill is done to it, should all fall into
Scope of patent protection of the invention.
Claims (10)
1. a kind of multi-process automation SQL injection batch scanning instrument, it is characterised in that including request module, distribution module and
Summarizing module, wherein,
Request module is used for demand file batch parameter processing;
Distribution module is used for task process intelligently distribution scanning, i.e., set into number of passes automatic distributing scan task and open according to user
Opening corresponding process carries out infiltration scanning;
Summarizing module is used for scanning result intelligence Macro or mass analysis, that is, automatically save and detect scanning result, and extraction has sql injections
The request of leak and detailed results.
2. a kind of multi-process according to claim 1 automates SQL injection batch scanning instrument, it is characterised in that described
Request module specifies the root path address of whole demand file preservation by user, and all files under path are analyzed
Screening, selects the demand file that can be scanned, and active session information then according to user configuring, database server and enters
Number of passes, batch text treatment is performed to request and is responded with ensureing that request can normally obtain server automatically.
3. a kind of multi-process according to claim 1 automates SQL injection batch scanning instrument, it is characterised in that described
Distribution module is used to open the process for specifying number, and realizes that multi-process mass simultaneous carry out sql injection scannings, should in scanning process
The whole parameters of distribution module identification, and all parameters are sent with test statement, analysis responds to judge that sql injects.
4. a kind of multi-process according to claim 1 automates SQL injection batch scanning instrument, it is characterised in that described
After all scanned, there is the request of sql injection loopholes and will leakage in Intelligent Measurement whole scanning results, retrieval to summarizing module
Hole request scanning result is aggregated into assigned catalogue, is user-friendly for result statistics and specifically checks.
5. a kind of multi-process automation SQL injection batch scanning method, automatic based on a kind of multi-process described in claim 1-4
Change SQL injection batch scanning instrument, it is characterised in that its implementation process is:
All requests in web system are obtained first;
The demand file is extracted by above-mentioned scanning tools, and demand file is pre-processed;
Process task is distributed, SQL injection is judged, i.e., opens the process for specifying number simultaneously, realize that multi-process mass simultaneous enter
Row sql injections are scanned, and whole parameters are recognized in scanning process, and all parameters are sent with test statement, and analysis responds to judge
Sql injects;
After the end of scan, whole scanning results are carried out with quick-searching, lookup has the scanning result of sql injections, and unified remittance
Always pressed from both sides to glue file, convenient use person checks operation result.
6. a kind of multi-process according to claim 5 automates SQL injection batch scanning method, it is characterised in that obtain
The process of all requests is in web system:By packet capturing Software tool, using the mode manually or automatically clicked on, by web systems
All requests are all captured in system, and save as several txt files.
7. a kind of multi-process according to claim 5 automates SQL injection batch scanning method, it is characterised in that obtain
The demand file and process for being pre-processed is:Route directory, the catalogue where the demand file of user's input are received first
By all asking the text that preserves in web system under path, then scanning tools automatically scanning route directory file knot
Structure is simultaneously recorded, and whole suffix are the demand file of txt under extracting this path, and finally whole demand files are pre-processed:
Cookie value batches canonical is replaced, it is ensured that cookie information is effectively cookie in current web system in demand file after replacement
Value, it is ensured that the penetration attack request sent in infiltration scanning process can be by program normal response.
8. a kind of multi-process according to claim 5 automates SQL injection batch scanning method, it is characterised in that will enter
Journey task distribution process be:Result files are automatically created under current path first for depositing scanning result, if
There is result files then to carrying out overlapping operation, created in result files with phase under user's input path
With folder structure, to realize the differentiation of file scan result of the same name under different directories;Then entering for user's input is received
Cheng Kaiqi number x, are intelligently distributed by program, create x autoexec, and already present autoexec is then deleted, will be right
The scan command that each demand file performs sql injections is written in x autoexec successively, now opens x process, is
Each process distributes an errorlevel, performs sql implantation tool scan commands, starts to all files while enter more
Journey batch sql injection scannings.
9. a kind of multi-process according to claim 8 automates SQL injection batch scanning method, it is characterised in that enter more
Journey batch scanning terminates rear operation result and preserves the process of detection:
After sql injection batch scannings are finished, according to request catalogue storage hierarchical relationship, the sql notes of each request are automatically saved
Enter scanning result file, destination file name asks to correspond with place path and source;
Whole result results are analyzed automatically after preservation, automatic identification has the scanning result file of sql injections, and will
This document is aggregated under assigned catalogue automatically;
After the completion of scanning tools operation, the request scanning result for being all in sql injection loopholes is recorded under assigned catalogue path.
10. a kind of multi-process according to claim 9 automates SQL injection batch scanning method, it is characterised in that record
Scanning result include the parameter that there is decanting point, the injection sentence for sending, by permeating the tested server operation system that obtains
System, middleware information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611064242.2A CN106789926A (en) | 2016-11-28 | 2016-11-28 | Multi-process automatic SQL injection batch scanning tool and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611064242.2A CN106789926A (en) | 2016-11-28 | 2016-11-28 | Multi-process automatic SQL injection batch scanning tool and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106789926A true CN106789926A (en) | 2017-05-31 |
Family
ID=58901921
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611064242.2A Pending CN106789926A (en) | 2016-11-28 | 2016-11-28 | Multi-process automatic SQL injection batch scanning tool and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106789926A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108959935A (en) * | 2018-06-25 | 2018-12-07 | 郑州云海信息技术有限公司 | A kind of loophole plug-in unit batch execution method and device |
| CN111783105A (en) * | 2020-07-08 | 2020-10-16 | 国家计算机网络与信息安全管理中心 | Penetration testing method, device, equipment and storage medium |
| CN111859401A (en) * | 2020-07-30 | 2020-10-30 | 杭州安恒信息技术股份有限公司 | Vulnerability data analysis method, system and related device |
| CN112699373A (en) * | 2020-12-24 | 2021-04-23 | 山东鲁能软件技术有限公司 | Method and device for detecting SQL injection vulnerability in batch |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8631497B1 (en) * | 2007-02-01 | 2014-01-14 | Mcafee, Inc. | Systems and methods for automating blind detection of computational vulnerabilities |
| CN103685228A (en) * | 2013-10-12 | 2014-03-26 | 北京奇虎科技有限公司 | Website vulnerability rapid scanning method and device |
| CN104394197A (en) * | 2014-11-07 | 2015-03-04 | 南方电网科学研究院有限责任公司 | SQL (Structured Query Language) injection detection system and method based on cloud environment |
| CN104683328A (en) * | 2015-01-29 | 2015-06-03 | 兴华永恒(北京)科技有限责任公司 | Method and system for scanning cross-site vulnerability |
-
2016
- 2016-11-28 CN CN201611064242.2A patent/CN106789926A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8631497B1 (en) * | 2007-02-01 | 2014-01-14 | Mcafee, Inc. | Systems and methods for automating blind detection of computational vulnerabilities |
| CN103685228A (en) * | 2013-10-12 | 2014-03-26 | 北京奇虎科技有限公司 | Website vulnerability rapid scanning method and device |
| CN104394197A (en) * | 2014-11-07 | 2015-03-04 | 南方电网科学研究院有限责任公司 | SQL (Structured Query Language) injection detection system and method based on cloud environment |
| CN104683328A (en) * | 2015-01-29 | 2015-06-03 | 兴华永恒(北京)科技有限责任公司 | Method and system for scanning cross-site vulnerability |
Non-Patent Citations (3)
| Title |
|---|
| FORWARDBA: ""Sqlmap批量扫描burpsuite请求日志记录"", 《HTTP://WWW.51TESTING.COM/HTML/07/N-3711507.HTML》 * |
| LAKE2: ""自研之路:腾讯漏洞扫描系统的十年历程"", 《HTTPS://SECURITY.TENCENT.COM/INDEX.PHP/BLOG/MSG/100》 * |
| 网友: ""我是如何打造一款自动化SQL注入工具的"", 《HTTPS://WWW.FREEBUF.COM/SECTOOL/74445.HTML》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108959935A (en) * | 2018-06-25 | 2018-12-07 | 郑州云海信息技术有限公司 | A kind of loophole plug-in unit batch execution method and device |
| CN108959935B (en) * | 2018-06-25 | 2021-08-20 | 郑州云海信息技术有限公司 | Method and device for batch execution of bug plug-ins |
| CN111783105A (en) * | 2020-07-08 | 2020-10-16 | 国家计算机网络与信息安全管理中心 | Penetration testing method, device, equipment and storage medium |
| CN111783105B (en) * | 2020-07-08 | 2024-03-29 | 国家计算机网络与信息安全管理中心 | Penetration test method, device, equipment and storage medium |
| CN111859401A (en) * | 2020-07-30 | 2020-10-30 | 杭州安恒信息技术股份有限公司 | Vulnerability data analysis method, system and related device |
| CN112699373A (en) * | 2020-12-24 | 2021-04-23 | 山东鲁能软件技术有限公司 | Method and device for detecting SQL injection vulnerability in batch |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106789926A (en) | Multi-process automatic SQL injection batch scanning tool and method | |
| CN104035867B (en) | Application function traversal method of testing based on Android | |
| CN102122265B (en) | System and method for verifying computer software test results | |
| CN104200167B (en) | Automate penetration testing method and system | |
| CN103186444B (en) | A kind of performance test methods, test platform and test machine | |
| CN103237082B (en) | Cloud method of testing, system and cloud server | |
| CN102693183A (en) | Method and system for realizing automatic software testing | |
| CN108521339B (en) | Feedback type node fault processing method and system based on cluster log | |
| CN102521354B (en) | Auditing and testing method and auditing and testing device for data base protocol | |
| CN105681126A (en) | Automatic test method and system based on protocol interface | |
| CN103942497A (en) | Forensics type website vulnerability scanning method and system | |
| CN108632111A (en) | Service link monitoring method based on log | |
| CN105426307A (en) | Local area network product test resource sharing method and system | |
| CN103368970B (en) | A kind of automation safety detection method for network objectives | |
| CN108876291A (en) | A kind of enterprise operation data collection system, method and cloud server | |
| CN111258881B (en) | Intelligent test system for workflow test | |
| CN109359707B (en) | Method and device for processing rock and soil sample information, computer equipment and storage medium | |
| CN104123397A (en) | Automatic test device and method for Web page | |
| CN113055408B (en) | Network security test integrated device | |
| CN108335724B (en) | Automatic generation system for customer service management, laboratory process, quality control and report | |
| CN111949548B (en) | Automatic unauthorized penetration testing method and storage device | |
| CN107169016A (en) | A kind of application log acquisition method and device | |
| CN104915291B (en) | Terminal restarts verification method and system | |
| CN109921945A (en) | Shunt method and its device of the request forwarding of no NGINX a kind of in application layer | |
| CN114398028A (en) | Task batch processing method and device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170531 |