CN111814143A - 一种动态监测sql注入的方法及系统 - Google Patents
一种动态监测sql注入的方法及系统 Download PDFInfo
- Publication number
- CN111814143A CN111814143A CN202010663405.9A CN202010663405A CN111814143A CN 111814143 A CN111814143 A CN 111814143A CN 202010663405 A CN202010663405 A CN 202010663405A CN 111814143 A CN111814143 A CN 111814143A
- Authority
- CN
- China
- Prior art keywords
- sql
- detection
- sql injection
- blacklist
- result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000002347 injection Methods 0.000 title claims abstract description 60
- 239000007924 injection Substances 0.000 title claims abstract description 60
- 238000000034 method Methods 0.000 title claims abstract description 18
- 238000012544 monitoring process Methods 0.000 title claims abstract description 16
- 238000001514 detection method Methods 0.000 claims description 75
- 239000003795 chemical substances by application Substances 0.000 claims description 22
- 238000004458 analytical method Methods 0.000 claims description 18
- 230000002159 abnormal effect Effects 0.000 claims description 16
- 238000007726 management method Methods 0.000 claims description 11
- 230000007246 mechanism Effects 0.000 claims description 10
- 230000003068 static effect Effects 0.000 claims description 10
- 238000007619 statistical method Methods 0.000 claims description 8
- 230000008569 process Effects 0.000 claims description 5
- 238000012550 audit Methods 0.000 claims description 3
- 230000000977 initiatory effect Effects 0.000 claims description 3
- 230000008859 change Effects 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 239000000243 solution Substances 0.000 description 2
- 230000008901 benefit Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Debugging And Monitoring (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010663405.9A CN111814143B (zh) | 2020-07-10 | 2020-07-10 | 一种动态监测sql注入的方法及系统 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010663405.9A CN111814143B (zh) | 2020-07-10 | 2020-07-10 | 一种动态监测sql注入的方法及系统 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111814143A true CN111814143A (zh) | 2020-10-23 |
CN111814143B CN111814143B (zh) | 2021-07-09 |
Family
ID=72843491
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010663405.9A Active CN111814143B (zh) | 2020-07-10 | 2020-07-10 | 一种动态监测sql注入的方法及系统 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111814143B (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113885958A (zh) * | 2021-09-30 | 2022-01-04 | 杭州默安科技有限公司 | 一种拦截脏数据的方法和系统 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102682047A (zh) * | 2011-10-18 | 2012-09-19 | 国网电力科学研究院 | 一种混合的sql注入防护方法 |
CN104618343A (zh) * | 2015-01-06 | 2015-05-13 | 中国科学院信息工程研究所 | 一种基于实时日志的网站威胁检测的方法及系统 |
CN104715018A (zh) * | 2015-02-04 | 2015-06-17 | 同程网络科技股份有限公司 | 基于语义分析的智能防sql注入方法 |
CN105704146A (zh) * | 2016-03-18 | 2016-06-22 | 四川长虹电器股份有限公司 | Sql防注入的系统与方法 |
-
2020
- 2020-07-10 CN CN202010663405.9A patent/CN111814143B/zh active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102682047A (zh) * | 2011-10-18 | 2012-09-19 | 国网电力科学研究院 | 一种混合的sql注入防护方法 |
CN104618343A (zh) * | 2015-01-06 | 2015-05-13 | 中国科学院信息工程研究所 | 一种基于实时日志的网站威胁检测的方法及系统 |
CN104715018A (zh) * | 2015-02-04 | 2015-06-17 | 同程网络科技股份有限公司 | 基于语义分析的智能防sql注入方法 |
CN105704146A (zh) * | 2016-03-18 | 2016-06-22 | 四川长虹电器股份有限公司 | Sql防注入的系统与方法 |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113885958A (zh) * | 2021-09-30 | 2022-01-04 | 杭州默安科技有限公司 | 一种拦截脏数据的方法和系统 |
CN113885958B (zh) * | 2021-09-30 | 2023-10-31 | 杭州默安科技有限公司 | 一种拦截脏数据的方法和系统 |
Also Published As
Publication number | Publication date |
---|---|
CN111814143B (zh) | 2021-07-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
RU2744671C2 (ru) | Система и способы для обнаружения сетевого мошенничества | |
US9563749B2 (en) | Comparing applications and assessing differences | |
US7281267B2 (en) | Software audit system | |
US7664924B2 (en) | System and method to secure a computer system by selective control of write access to a data storage medium | |
US7610273B2 (en) | Application identity and rating service | |
EP1920338B1 (en) | Network security systems and methods | |
US8078909B1 (en) | Detecting file system layout discrepancies | |
CN113660224B (zh) | 基于网络漏洞扫描的态势感知防御方法、装置及系统 | |
US20100122313A1 (en) | Method and system for restricting file access in a computer system | |
US20060130144A1 (en) | Protecting computing systems from unauthorized programs | |
US20070028303A1 (en) | Content tracking in a network security system | |
US20070028302A1 (en) | Distributed meta-information query in a network | |
US11625488B2 (en) | Continuous risk assessment for electronic protected health information | |
US20100153671A1 (en) | System and method to secure a computer system by selective control of write access to a data storage medium | |
RU2658878C1 (ru) | Способ и сервер для классификации веб-ресурса | |
US20060075468A1 (en) | System and method for locating malware and generating malware definitions | |
Continella et al. | Prometheus: Analyzing WebInject-based information stealers | |
US20060075490A1 (en) | System and method for actively operating malware to generate a definition | |
Naderi-Afooshteh et al. | Joza: Hybrid taint inference for defeating web application sql injection attacks | |
CN111814143B (zh) | 一种动态监测sql注入的方法及系统 | |
Koo et al. | Malicious website detection based on honeypot systems | |
US8141153B1 (en) | Method and apparatus for detecting executable software in an alternate data stream | |
Zhang et al. | SQL injection attack principles and preventive techniques for PHP site | |
Payet et al. | Ears in the wild: large-scale analysis of execution after redirect vulnerabilities | |
CN111832023B (zh) | 一种基于c/s架构的sql注入检测方法及其装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: Room 8329, 3rd floor, Chengbao Hotel, 6 xiaoyunli, Xiaoyun Road, Chaoyang District, Beijing Applicant after: Beijing reliable spectrum cloud Technology Co.,Ltd. Applicant after: Xiamen Biebeyun Co.,Ltd. Address before: 3f-a317, Zone C, innovation building, software park, torch hi tech Zone, Xiamen City, Fujian Province, 360100 Applicant before: Xiamen Biebeyun Co.,Ltd. Applicant before: Beijing reliable spectrum cloud Technology Co.,Ltd. |
|
TA01 | Transfer of patent application right | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20210622 Address after: 3f-a317, Zone C, innovation building, software park, torch hi tech Zone, Xiamen City, Fujian Province, 360100 Applicant after: Xiamen Biebeyun Co.,Ltd. Address before: Room 8329, 3rd floor, Chengbao Hotel, 6 xiaoyunli, Xiaoyun Road, Chaoyang District, Beijing Applicant before: Beijing reliable spectrum cloud Technology Co.,Ltd. Applicant before: Xiamen Biebeyun Co.,Ltd. |
|
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP03 | Change of name, title or address | ||
CP03 | Change of name, title or address |
Address after: 361000 3F-A317, Zone C, Innovation Building, Software Park, Torch High tech Zone, Xiamen City, Fujian Province Patentee after: Fujian Reliable Cloud Computing Technology Co.,Ltd. Country or region after: China Address before: 3f-a317, Zone C, innovation building, software park, torch hi tech Zone, Xiamen City, Fujian Province, 360100 Patentee before: Xiamen Biebeyun Co.,Ltd. Country or region before: China |