CN111832023B - SQL injection detection method and device based on C/S architecture - Google Patents
SQL injection detection method and device based on C/S architecture Download PDFInfo
- Publication number
- CN111832023B CN111832023B CN202010662451.7A CN202010662451A CN111832023B CN 111832023 B CN111832023 B CN 111832023B CN 202010662451 A CN202010662451 A CN 202010662451A CN 111832023 B CN111832023 B CN 111832023B
- Authority
- CN
- China
- Prior art keywords
- sql
- query statement
- sql query
- char
- injection detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 66
- 238000002347 injection Methods 0.000 title claims abstract description 57
- 239000007924 injection Substances 0.000 title claims abstract description 57
- 238000000034 method Methods 0.000 claims abstract description 10
- 230000008569 process Effects 0.000 claims abstract description 6
- 238000004458 analytical method Methods 0.000 claims description 22
- 230000003068 static effect Effects 0.000 claims description 12
- 230000002159 abnormal effect Effects 0.000 claims description 6
- 230000003203 everyday effect Effects 0.000 abstract 1
- 230000006870 function Effects 0.000 description 8
- 230000004048 modification Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 2
- 239000000243 solution Substances 0.000 description 2
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Abstract
Description
Claims (6)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010662451.7A CN111832023B (en) | 2020-07-10 | 2020-07-10 | SQL injection detection method and device based on C/S architecture |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010662451.7A CN111832023B (en) | 2020-07-10 | 2020-07-10 | SQL injection detection method and device based on C/S architecture |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111832023A CN111832023A (en) | 2020-10-27 |
CN111832023B true CN111832023B (en) | 2021-04-27 |
Family
ID=72900414
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010662451.7A Active CN111832023B (en) | 2020-07-10 | 2020-07-10 | SQL injection detection method and device based on C/S architecture |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111832023B (en) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110474888A (en) * | 2019-07-26 | 2019-11-19 | 广东睿江云计算股份有限公司 | A kind of free-standing sql injection defence analysis alarm method and its system based on php |
CN110557404A (en) * | 2019-09-27 | 2019-12-10 | 四川长虹电器股份有限公司 | method for filtering SQL injection attack |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8225402B1 (en) * | 2008-04-09 | 2012-07-17 | Amir Averbuch | Anomaly-based detection of SQL injection attacks |
CN102682047A (en) * | 2011-10-18 | 2012-09-19 | 国网电力科学研究院 | Mixed structured query language (SQL) injection protection method |
CN105704146A (en) * | 2016-03-18 | 2016-06-22 | 四川长虹电器股份有限公司 | System and method for SQL injection prevention |
CN110647749A (en) * | 2019-09-20 | 2020-01-03 | 湖南大学 | Second-order SQL injection attack defense method |
-
2020
- 2020-07-10 CN CN202010662451.7A patent/CN111832023B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110474888A (en) * | 2019-07-26 | 2019-11-19 | 广东睿江云计算股份有限公司 | A kind of free-standing sql injection defence analysis alarm method and its system based on php |
CN110557404A (en) * | 2019-09-27 | 2019-12-10 | 四川长虹电器股份有限公司 | method for filtering SQL injection attack |
Non-Patent Citations (1)
Title |
---|
基于SQL注入攻击的三种防御技术;李晓龙;《万方数据库》;20130813;第18-21页 * |
Also Published As
Publication number | Publication date |
---|---|
CN111832023A (en) | 2020-10-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8800042B2 (en) | Secure web application development and execution environment | |
KR101497742B1 (en) | System and method for authentication, data transfer, and protection against phising | |
US8266700B2 (en) | Secure web application development environment | |
US8640231B2 (en) | Client side attack resistant phishing detection | |
US7613918B2 (en) | System and method for enforcing a security context on a downloadable | |
JP5511097B2 (en) | Intelligent hash for centrally detecting malware | |
US8051486B2 (en) | Indicating SQL injection attack vulnerability with a stored value | |
Calzavara et al. | Semantics-based analysis of content security policy deployment | |
CN111770104A (en) | Web vulnerability detection method, system, terminal and computer readable storage medium | |
CN105404816A (en) | Content-based vulnerability detection method and device | |
US8484232B2 (en) | Method, computer arrangement, computer program and computer program product for checking for the presence of control statements in a data value | |
CN112738127B (en) | Web-based website and host vulnerability detection system and method thereof | |
CN111832023B (en) | SQL injection detection method and device based on C/S architecture | |
CN111814143B (en) | Method and system for dynamically monitoring SQL injection | |
WO2020022456A1 (en) | Information processing device, information processing method, and information processing program | |
Black et al. | Software assurance tools: Web application security scanner functional specification version 1.0 | |
Sheykhkanloo | A pattern recognition neural network model for detection and classification of SQL injection attacks | |
AU2014200698B2 (en) | A computer-implemented method for detecting domain injection or evasion | |
JP2019194832A (en) | System and method for detecting changes in web resources | |
US20230036599A1 (en) | System context database management | |
George et al. | A proposed architecture for query anomaly detection and prevention against SQL injection attacks | |
Hildebrand | Automated Scanning for Web Cache Poisoning Vulnerabilities | |
Strukov et al. | Some Techniques of Detecting Web Applications Vulnerabilities | |
Aljamea et al. | Effective Solutions for Most Common Vulnerabilities in Web Applications | |
CN117494136A (en) | Vulnerability detection method and device of application software, electronic equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: Room 8329, 3rd floor, Chengbao Hotel, 6 xiaoyunli, Xiaoyun Road, Chaoyang District, Beijing Applicant after: Beijing reliable spectrum cloud Technology Co.,Ltd. Applicant after: Xiamen Biebeyun Co.,Ltd. Address before: 3f-a317, Zone C, innovation building, software park, torch hi tech Zone, Xiamen City, Fujian Province, 360100 Applicant before: Xiamen Biebeyun Co.,Ltd. Applicant before: Beijing reliable spectrum cloud Technology Co.,Ltd. |
|
CB02 | Change of applicant information | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20210413 Address after: 3f-a317, Zone C, innovation building, software park, torch hi tech Zone, Xiamen City, Fujian Province, 360100 Applicant after: Xiamen Biebeyun Co.,Ltd. Address before: Room 8329, 3rd floor, Chengbao Hotel, 6 xiaoyunli, Xiaoyun Road, Chaoyang District, Beijing Applicant before: Beijing reliable spectrum cloud Technology Co.,Ltd. Applicant before: Xiamen Biebeyun Co.,Ltd. |
|
TA01 | Transfer of patent application right | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP03 | Change of name, title or address |
Address after: 361000 3F-A317, Zone C, Innovation Building, Software Park, Torch High tech Zone, Xiamen City, Fujian Province Patentee after: Fujian Reliable Cloud Computing Technology Co.,Ltd. Country or region after: China Address before: 3f-a317, Zone C, innovation building, software park, torch hi tech Zone, Xiamen City, Fujian Province, 360100 Patentee before: Xiamen Biebeyun Co.,Ltd. Country or region before: China |