CN111064735A - 一种电力信息系统sql注入漏洞检测方法及系统 - Google Patents
一种电力信息系统sql注入漏洞检测方法及系统 Download PDFInfo
- Publication number
- CN111064735A CN111064735A CN201911357101.3A CN201911357101A CN111064735A CN 111064735 A CN111064735 A CN 111064735A CN 201911357101 A CN201911357101 A CN 201911357101A CN 111064735 A CN111064735 A CN 111064735A
- Authority
- CN
- China
- Prior art keywords
- state
- test
- injection
- response
- test case
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000002347 injection Methods 0.000 title claims abstract description 261
- 239000007924 injection Substances 0.000 title claims abstract description 261
- 238000001514 detection method Methods 0.000 title claims abstract description 54
- 238000012360 testing method Methods 0.000 claims abstract description 421
- 230000004044 response Effects 0.000 claims abstract description 129
- 238000000034 method Methods 0.000 claims abstract description 34
- 230000035515 penetration Effects 0.000 claims abstract description 32
- 230000009471 action Effects 0.000 claims abstract description 18
- 238000006243 chemical reaction Methods 0.000 claims abstract description 5
- 239000011159 matrix material Substances 0.000 claims description 71
- 230000001360 synchronised effect Effects 0.000 claims description 42
- 230000007704 transition Effects 0.000 claims description 40
- 238000012546 transfer Methods 0.000 claims description 37
- 230000002159 abnormal effect Effects 0.000 claims description 18
- 238000004458 analytical method Methods 0.000 claims description 17
- 238000010276 construction Methods 0.000 claims description 8
- 238000013507 mapping Methods 0.000 claims description 6
- QZLYKIGBANMMBK-DYKIIFRCSA-N 5β-androstane Chemical compound C([C@H]1CC2)CCC[C@]1(C)[C@@H]1[C@@H]2[C@@H]2CCC[C@@]2(C)CC1 QZLYKIGBANMMBK-DYKIIFRCSA-N 0.000 claims 1
- 230000000875 corresponding effect Effects 0.000 description 70
- 238000013101 initial test Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 102100029469 WD repeat and HMG-box DNA-binding protein 1 Human genes 0.000 description 5
- 101710097421 WD repeat and HMG-box DNA-binding protein 1 Proteins 0.000 description 5
- 238000011160 research Methods 0.000 description 4
- 230000001276 controlling effect Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 239000000243 solution Substances 0.000 description 2
- 238000010998 test method Methods 0.000 description 2
- 230000009466 transformation Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 238000012812 general test Methods 0.000 description 1
- 238000010422 painting Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Debugging And Monitoring (AREA)
Abstract
Description
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911357101.3A CN111064735B (zh) | 2019-12-25 | 2019-12-25 | 一种电力信息系统sql注入漏洞检测方法及系统 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911357101.3A CN111064735B (zh) | 2019-12-25 | 2019-12-25 | 一种电力信息系统sql注入漏洞检测方法及系统 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111064735A true CN111064735A (zh) | 2020-04-24 |
CN111064735B CN111064735B (zh) | 2021-10-15 |
Family
ID=70303560
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911357101.3A Active CN111064735B (zh) | 2019-12-25 | 2019-12-25 | 一种电力信息系统sql注入漏洞检测方法及系统 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111064735B (zh) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112306889A (zh) * | 2020-11-23 | 2021-02-02 | 国网北京市电力公司 | 充电桩的测试方法、装置、存储介质及处理器 |
CN113111008A (zh) * | 2021-05-12 | 2021-07-13 | 中国工商银行股份有限公司 | 测试用例生成方法及装置 |
CN113127366A (zh) * | 2021-04-28 | 2021-07-16 | 芜湖雄狮汽车科技有限公司 | 基于模型的矩阵自动化测试方法及计算机可读存储介质 |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102831345A (zh) * | 2012-07-30 | 2012-12-19 | 西北工业大学 | Sql注入漏洞检测中的注入点提取方法 |
US8381026B2 (en) * | 2009-06-22 | 2013-02-19 | Citrix Systems, Inc. | Systems and method for transaction stall detection and propagating the result in a multi-core architecture |
US20140283033A1 (en) * | 2013-03-15 | 2014-09-18 | Kunal Anand | Systems and methods for tokenizing user-generated content to enable the prevention of attacks |
CN104184728A (zh) * | 2014-08-14 | 2014-12-03 | 电子科技大学 | 一种Web应用系统的安全检测方法及安全检测装置 |
CN107292170A (zh) * | 2016-04-05 | 2017-10-24 | 阿里巴巴集团控股有限公司 | Sql注入攻击的检测方法及装置、系统 |
CN110581864A (zh) * | 2019-11-11 | 2019-12-17 | 北京安博通科技股份有限公司 | 一种sql注入攻击的检测方法及装置 |
-
2019
- 2019-12-25 CN CN201911357101.3A patent/CN111064735B/zh active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8381026B2 (en) * | 2009-06-22 | 2013-02-19 | Citrix Systems, Inc. | Systems and method for transaction stall detection and propagating the result in a multi-core architecture |
CN102831345A (zh) * | 2012-07-30 | 2012-12-19 | 西北工业大学 | Sql注入漏洞检测中的注入点提取方法 |
US20140283033A1 (en) * | 2013-03-15 | 2014-09-18 | Kunal Anand | Systems and methods for tokenizing user-generated content to enable the prevention of attacks |
CN104184728A (zh) * | 2014-08-14 | 2014-12-03 | 电子科技大学 | 一种Web应用系统的安全检测方法及安全检测装置 |
CN107292170A (zh) * | 2016-04-05 | 2017-10-24 | 阿里巴巴集团控股有限公司 | Sql注入攻击的检测方法及装置、系统 |
CN110581864A (zh) * | 2019-11-11 | 2019-12-17 | 北京安博通科技股份有限公司 | 一种sql注入攻击的检测方法及装置 |
Non-Patent Citations (3)
Title |
---|
LEI LIU ET AL: "Exposing SQL Injection Vulnerability through Penetration Test Based on Finite State Machine", 《2016 2ND IEEE INTERNATIONAL CONFERENCE ON COMPUTER AND COMMUNICATIONS》 * |
文 硕等: "基于策略推导的访问控制漏洞测试用例生成方法", 《计 算 机 学 报》 * |
李 栋等: "基于扩展 FSM 的 Web 应用安全测试研究", 《计算机应用与软件》 * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112306889A (zh) * | 2020-11-23 | 2021-02-02 | 国网北京市电力公司 | 充电桩的测试方法、装置、存储介质及处理器 |
CN112306889B (zh) * | 2020-11-23 | 2023-10-20 | 国网北京市电力公司 | 充电桩的测试方法、装置、存储介质及处理器 |
CN113127366A (zh) * | 2021-04-28 | 2021-07-16 | 芜湖雄狮汽车科技有限公司 | 基于模型的矩阵自动化测试方法及计算机可读存储介质 |
CN113127366B (zh) * | 2021-04-28 | 2023-08-15 | 芜湖雄狮汽车科技有限公司 | 基于模型的矩阵自动化测试方法及计算机可读存储介质 |
CN113111008A (zh) * | 2021-05-12 | 2021-07-13 | 中国工商银行股份有限公司 | 测试用例生成方法及装置 |
CN113111008B (zh) * | 2021-05-12 | 2024-02-23 | 中国工商银行股份有限公司 | 测试用例生成方法及装置 |
Also Published As
Publication number | Publication date |
---|---|
CN111064735B (zh) | 2021-10-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111064735B (zh) | 一种电力信息系统sql注入漏洞检测方法及系统 | |
Li et al. | Block: a black-box approach for detection of state violation attacks towards web applications | |
Xue et al. | Detection and classification of malicious JavaScript via attack behavior modelling | |
CN107292170B (zh) | Sql注入攻击的检测方法及装置、系统 | |
Akrout et al. | An automated black box approach for web vulnerability identification and attack scenario generation | |
CN114866358B (zh) | 一种基于知识图谱的自动化渗透测试方法及系统 | |
Xiao et al. | An approach for SQL injection detection based on behavior and response analysis | |
CN113098887A (zh) | 一种基于网站联合特征的钓鱼网站检测方法 | |
Zhang et al. | ART4SQLi: The ART of SQL injection vulnerability discovery | |
Zhuo et al. | Long short‐term memory on abstract syntax tree for SQL injection detection | |
RU2659482C1 (ru) | Способ защиты веб-приложений при помощи интеллектуального сетевого экрана с использованием автоматического построения моделей приложений | |
US20230222223A1 (en) | Computer-implemented method for testing the cybersecurity of a target environment | |
Zhuang et al. | Just-in-time defect prediction based on AST change embedding | |
Alidoosti et al. | Evaluating the web‐application resiliency to business‐layer DoS attacks | |
Meena Siwach | Anomaly detection for web log data analysis: a review | |
CN116663018A (zh) | 一种基于代码可执行路径的漏洞检测方法及装置 | |
Zhang et al. | Research on SQL injection vulnerabilities and its detection methods | |
CN107368427B (zh) | 一种基于自适应随机测试的Sql注入漏洞自动检测平台及方法 | |
Shi et al. | A new approach for SQL-injection detection | |
Praveen et al. | Nosql injection detection using supervised text classification | |
Wang et al. | A model-based behavioral fuzzing approach for network service | |
US10515219B2 (en) | Determining terms for security test | |
Lin et al. | Novel JavaScript malware detection based on fuzzy Petri nets | |
Wang et al. | A model-based fuzzing approach for DBMS | |
Khan | Detecting phishing attacks using nlp |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20210202 Address after: No.38, Tongyan Road, Haihe Education Park, Jinnan District, Tianjin Applicant after: NANKAI University Applicant after: STATE GRID TIANJIN ELECTRIC POWER Co. Applicant after: STATE GRID CORPORATION OF CHINA Address before: No.38, Tongyan Road, Haihe Education Park, Jinnan District, Tianjin Applicant before: NANKAI University Applicant before: STATE GRID TIANJIN ELECTRIC POWER Co. |
|
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20240220 Address after: 300384 No. 8, Haitai Huake 4th Road, Binhai New Area, Tianjin Patentee after: ELECTRIC POWER SCIENCE & RESEARCH INSTITUTE OF STATE GRID TIANJIN ELECTRIC POWER Co. Country or region after: China Patentee after: STATE GRID TIANJIN ELECTRIC POWER Co. Patentee after: STATE GRID CORPORATION OF CHINA Patentee after: NANKAI University Address before: No.38, Tongyan Road, Haihe Education Park, Jinnan District, Tianjin Patentee before: NANKAI University Country or region before: China Patentee before: STATE GRID TIANJIN ELECTRIC POWER Co. Patentee before: STATE GRID CORPORATION OF CHINA |