CN111832023B - SQL injection detection method and device based on C/S architecture - Google Patents
SQL injection detection method and device based on C/S architecture Download PDFInfo
- Publication number
- CN111832023B CN111832023B CN202010662451.7A CN202010662451A CN111832023B CN 111832023 B CN111832023 B CN 111832023B CN 202010662451 A CN202010662451 A CN 202010662451A CN 111832023 B CN111832023 B CN 111832023B
- Authority
- CN
- China
- Prior art keywords
- sql
- query statement
- sql query
- char
- injection detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 66
- 238000002347 injection Methods 0.000 title claims abstract description 57
- 239000007924 injection Substances 0.000 title claims abstract description 57
- 238000000034 method Methods 0.000 claims abstract description 10
- 230000008569 process Effects 0.000 claims abstract description 6
- 238000004458 analytical method Methods 0.000 claims description 22
- 230000003068 static effect Effects 0.000 claims description 12
- 230000002159 abnormal effect Effects 0.000 claims description 6
- 230000003203 everyday effect Effects 0.000 abstract 1
- 230000006870 function Effects 0.000 description 8
- 230000004048 modification Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 2
- 239000000243 solution Substances 0.000 description 2
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Abstract
The invention discloses a SQL injection detection method and a device thereof based on a C/S architecture, under the current complex network environment, the company data face various safety problems, wherein the common SQL injection is one of the safety problems which are required to be detected and processed in time every day. The invention mainly aims to provide a method which can quickly check out conventional SQL injection and adopt active strategies to process corresponding SQL injection threats and aims to improve the safety of the whole system.
Description
Technical Field
The invention relates to the technical field of information security, in particular to attack detection aiming at Structured Query Language (SQL).
Background
The structured query language SQL injection vulnerability attack is one of the most popular and hot hacking methods in the Internet at present. An attacker inserts an SQL command into a query character string of a Web form submission or a page request to cheat a server to execute a malicious SQL command so as to acquire the management user authority of the database, and the server is controlled to be a system to acquire important information or confidential files by promoting the management authority of the database to the management authority of an operating system.
With the increasingly common occurrence of SQL injection, a detection method for SQL injection attacks becomes a hotspot of research in the industry. The traditional SQL injection detection and prevention method has a mode of minimizing the user authority for a database or a server, or uses a verifier to check user input data by using a predetermined rule. SQL injection detection can be divided into static and dynamic ways, and the focus of static analysis is to verify user input types in order to reduce the chance of SQL injection attacks, but Web applications need to be rewritten. For example, JDBC-Checker uses a Java string parser to verify user input types and prevent SQL injection attacks, but fails to detect anomalies if malicious input data is all of the correct type or syntax. The dynamic analysis is corresponding to the analysis performed after the Web application is scanned, and can locate the vulnerability from the SQL injection attack without performing any modification operation on the Web application. Such as a parss open source program, which uses a predetermined attack code scan and determines whether an HTTP response is successful, it can not only discover SQL injection attacks and other vulnerabilities in Web applications, but dynamic analysis methods do not require modification of the Web application relative to static analysis, but the discovered vulnerabilities must be fixed manually by developers and are not effectively detectable for types of vulnerabilities without predefined code attacks.
Disclosure of Invention
Aiming at the problems in the existing static analysis and dynamic analysis, the invention provides a SQL injection detection method and a device based on the combination of the static analysis and the dynamic analysis of a C/S architecture.
The SQL injection detection method specifically comprises the following steps:
receiving data submitted by a client; executing SQL injection detection on the data at the WebServer end, checking a blacklist stored at the WebServer end, and judging whether the IP address of the user side webpage is in the blacklist; if yes, access to all the requested URL addresses is prohibited; if not, detecting data submitted by the client based on a preset SQL injection detection algorithm, wherein the preset SQL injection detection algorithm is a detection algorithm combining static analysis and dynamic analysis; if the detection result is legal, allowing the website to be normally accessed; and if the detection result is illegal, forbidding to access all the requested URL addresses, updating the blacklist of the WebServer end, and adding the IP address to the blacklist.
Further, the detecting the data submitted by the client based on the preset SQL injection detection algorithm further includes: defining a function f for deleting the attribute value of the SQL query statement in the data; if the FQ is an SQL query, FDQ ═ F (FQ) refers to an SQL query in which the FQ deletes the string value after' ═ or in parenthesis.
Further, the detecting the data submitted by the client based on the preset SQL injection detection algorithm further includes: in the running process of the Web application program, traversing all fixed SQL query statements in the Web application program, wherein for each fixed SQL query statement FIX _ SQLi, the following steps are carried out: and f (FIX _ SQLi), obtaining the corresponding dynamic SQL query statement DYN _ SQLi.
The intermediate result is calculated according to the following formula:
result=FIX_SQLi⊕DYN_SQLi
wherein ≧ is an exclusive-or operation; and judging whether the intermediate result is zero, if the result is 0, indicating that the data is normal, and otherwise, indicating that the data is abnormal.
Preferably, the deleting the attribute value of the SQL query statement in the data further includes: defining a function DelettFirst () for extracting and deleting a first character in an input SQL query statement and returning the character; defining two state constants IS _ START and IS _ END, representing the starting and ending states of the "'" symbol in the SQL query statement; defining an intermediate state variable Current _ Status, wherein the initialization value IS IS _ END; if the initial SQL query statement SQL is not empty, then the following operations are performed in a loop:
step S1, let temporary variable char ═ deletfrist (sql);
step S2, judging whether char is a "'" symbol, if yes, adding char into the variable output to be output and executing step S3, returning to step S1, otherwise, executing step S4;
step S3, determining whether the character before char IS a backslash "\", if yes, making Current _ Status ═ IS _ START, and returning to step S1;
step S4, judging whether the Current _ Status IS equal to IS _ END, if yes, adding char into the variable output to be output, returning to step S1, otherwise, executing step S5;
step S5, judging whether the previous character of char is a reverse slash' \\ \ or not, if yes, adding char into a variable output to be output;
and returning the variable output after the loop is finished as the SQL query statement after the attribute value is deleted.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
FIG. 1 is a flow chart of a current common SQL injection attack;
fig. 2 is a flow chart of SQL injection detection according to an embodiment of the invention.
Advantageous effects
Aiming at the syntactic characteristics of the SQL query statement, the attribute values found in the SQL query statement generally consist of the following forms: name ═ abc '(variable ═ string value') or index ═ 1 (variable ═ digital value). The SQL injection detection method provided by the application is combined with two modes of static analysis and dynamic analysis, the attribute values in SQL query are deleted in the static analysis, each SQL query statement is dynamically analyzed in the Web application running process, whether abnormity exists or not is judged by utilizing XOR operation, and the accuracy and the efficiency of the detection result are effectively improved. In addition, before the SQL query statement detection step combining the static analysis and the dynamic analysis, a blacklist mechanism is firstly used for screening obvious malicious websites and dynamically updating the blacklist, and after the blacklist mechanism is screened, an SQL injection detection algorithm is further used for detection, so that not only are unnecessary malicious detection steps reduced, but also the accuracy of SQL injection detection is further improved.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments that can be derived by one of ordinary skill in the art from the embodiments given herein are intended to be within the scope of the present invention.
SQL Injection (SQL Injection) vulnerability attacks are one of the most popular hacking methods on the web today. The attacker finally deceives the server to execute the malicious SQL command by inserting the SQL command into the query character string of the Web form submission or the page request. In order to acquire the management user authority of the database, the management user authority of the database is promoted to the management authority of the operating system, the operating system of the server is controlled, and important information or confidential files are acquired. Fig. 1 shows a currently common SQL injection attack flow.
As shown in fig. 2, the SQL injection detection apparatus based on the C/S architecture according to the embodiment of the present invention includes a receiving module and a detection module.
The receiving module is used for receiving data submitted by the client;
the detection module is positioned at the WebServer end and used for executing SQL injection detection on the data at the WebServer end; the detection module comprises a blacklist judgment module and an SQL injection detection algorithm module;
the blacklist judging module is used for checking a blacklist stored by the WebServer end, judging whether the IP address of the webpage of the user end is in the blacklist or not, and if so, forbidding to access all the requested URL addresses;
if not, detecting the data submitted by the client by the SQL injection detection algorithm module based on a preset SQL injection detection algorithm, wherein the preset SQL injection detection algorithm is a detection algorithm combining static analysis and dynamic analysis;
if the detection result is legal, allowing the website to be normally accessed;
and if the detection result is illegal, forbidding to access all the requested URL addresses, updating the blacklist of the WebServer end, and adding the IP address to the blacklist.
Further, the detecting the data submitted by the client based on the preset SQL injection detection algorithm further includes: defining a function f for deleting the attribute value of the SQL query statement in the data; if the FQ is an SQL query, FDQ ═ F (FQ) refers to an SQL query in which the FQ deletes the string value after' ═ or in parenthesis.
Further, the detecting the data submitted by the client based on the preset SQL injection detection algorithm further includes: in the running process of the Web application program, traversing all fixed SQL query statements in the Web application program, wherein for each fixed SQL query statement FIX _ SQLi, the following steps are carried out: and f (FIX _ SQLi), obtaining the corresponding dynamic SQL query statement DYN _ SQLi.
The intermediate result is calculated according to the following formula:
wherein
Is an exclusive or operation; and judging whether the intermediate result is zero, if the result is 0, indicating that the data is normal, and otherwise, indicating that the data is abnormal.
Algorithm 1 is a pseudo-code example of the SQL injection detection algorithm proposed by the present invention:
defining N to represent the total number of fixed SQL query statements in the Web application, FIX _ SQLi to represent the ith statement, DYN _ SQLi ═ f (FIX _ SQLi) to represent the dynamic SQL query statement generated by the ith statement, and f () to be a function for deleting the attribute values in the SQL query statement.
Preferably, the deleting the attribute value of the SQL query statement in the data further includes: defining a function DelettFirst () for extracting and deleting a first character in an input SQL query statement and returning the character; defining two state constants IS _ START and IS _ END, representing the starting and ending states of the "'" symbol in the SQL query statement; defining an intermediate state variable Current _ Status, wherein the initialization value IS IS _ END; if the initial SQL query statement SQL is not empty, then the following operations are performed in a loop:
step S1, let temporary variable char ═ deletfrist (sql);
step S2, judging whether char is a "'" symbol, if yes, adding char into the variable output to be output and executing step S3, returning to step S1, otherwise, executing step S4;
step S3, determining whether the character before char IS a backslash "\", if yes, making Current _ Status ═ IS _ START, and returning to step S1;
step S4, judging whether the Current _ Status IS equal to IS _ END, if yes, adding char into the variable output to be output, returning to step S1, otherwise, executing step S5;
step S5, judging whether the previous character of char is a reverse slash' \\ \ or not, if yes, adding char into a variable output to be output;
and returning the variable output after the loop is finished as the SQL query statement after the attribute value is deleted.
Algorithm 2 gives the execution code for the function f:
the following shows, as an example, the result after the above function f is executed, Nomal _ SQL stands for normal SQL query statement, and AbNomal _ SQL stands for abnormal SQL query statement:
FIX_SQL=SELECT*FROM user WHERE userid=’$id’AND pass=’$password’DYN_SQL=f(FIX_SQL)=f(SELECT*FROM user WHERE userid=’$id’AND pass=’$password’)=SELECT*FROM user WHERE userid=”AND pass=”
Nomal_SQL=SELECT*FROM user WHERE userid=’root’AND\pass=’admin’SQL1=f(Nomal_SQL)=f(SELECT*FROM user WHERE userid=’root’AND pass=’admin’)=SELECT*FROM user WHERE userid=”AND pass=”
AbNomal_SQL=SELECT*FROM user WHERE userid=’1’or‘1=1’—‘AND pass=’admin’
SQL2=f(AbNomal_SQL)=f(SELECT*FROM user WHERE id=’1’or‘1=1’—‘AND pass=’admin’)=SELECT*FROM user WHERE id=”or“—‘’admin
the function of f () is applied no matter in normal SQL query statements or in abnormal SQL query statements, and for normal SQL query statements, the two statements before and after deletion of the attribute value should be logically the same, so that a logical xor operator can be used to determine whether the SQL statement is normal.
Finally, it should be noted that: it should be understood that the above examples are only for clearly illustrating the present application and are not intended to limit the embodiments. Other variations and modifications will be apparent to persons skilled in the art in light of the above description. And are neither required nor exhaustive of all embodiments. And obvious variations or modifications of this type are intended to be covered by the present invention.
Claims (6)
1. A SQL injection detection method based on a C/S architecture is characterized in that:
receiving data submitted by a client;
executing SQL injection detection on the data at the WebServer end, checking a blacklist stored at the WebServer end, and judging whether the IP address of the user side webpage is in the blacklist;
if yes, access to all the requested URL addresses is prohibited;
if not, detecting data submitted by the client based on a preset SQL injection detection algorithm, wherein the preset SQL injection detection algorithm is a detection algorithm combining static analysis and dynamic analysis;
if the detection result is legal, allowing the website to be normally accessed;
if the detection result is illegal, forbidding to access all the requested URL addresses, updating a blacklist of the WebServer end, and adding the IP address to the blacklist; the detecting the data submitted by the client based on the preset SQL injection detection algorithm further comprises the following steps: defining a function f for deleting the attribute value of the SQL query statement in the data; if the FQ is an SQL query statement, then FDQ ═ F (FQ), which is the SQL query statement after the FQ deletes the character string value 'after' or in parenthesis;
the detecting the data submitted by the client based on the preset SQL injection detection algorithm further comprises the following steps: in the running process of the Web application program, traversing all fixed SQL query statements in the Web application program, wherein for each fixed SQL query statement FIX _ SQLi, the following steps are carried out: f (FIX _ SQLi), obtaining a corresponding dynamic SQL query statement DYN _ SQLi;
the intermediate result is calculated according to the following formula:
result=FIX_SQLi⊕DYN_SQLi
wherein ≧ is an exclusive-or operation;
and judging whether the intermediate result is zero, if the result is 0, indicating that the data is normal, and otherwise, indicating that the data is abnormal.
2. The SQL injection detection method of claim 1, wherein deleting attribute values of SQL query statements in data further comprises:
defining a function DelettFirst () for extracting and deleting a first character in an input SQL query statement and returning the character;
defining two state constants IS _ START and IS _ END, representing the starting and ending states of the "'" symbol in the SQL query statement;
defining an intermediate state variable Current _ Status, wherein the initialization value IS IS _ END;
if the initial SQL query statement SQL is not empty, then the following operations are performed in a loop:
step S1, let temporary variable char ═ deletfrist (sql);
step S2, judging whether char is a "'" symbol, if yes, adding char into the variable output to be output and executing step S3, returning to step S1, otherwise, executing step S4;
step S3, determining whether the character before char IS a backslash "\", if yes, making Current _ Status ═ IS _ START, and returning to step S1;
step S4, judging whether the Current _ Status IS equal to IS _ END, if yes, adding char into the variable output to be output, returning to step S1, otherwise, executing step S5;
step S5, judging whether the previous character of char is a reverse slash' \\ \ or not, if yes, adding char into a variable output to be output;
and returning the variable output after the loop is finished as the SQL query statement after the attribute value is deleted.
3. A device of SQL injection detection method based on the C/S architecture of claim 1, characterized in that:
the receiving module is used for receiving data submitted by the client;
the detection module is positioned at the WebServer end and used for executing SQL injection detection on the data at the WebServer end;
the detection module comprises a blacklist judgment module and an SQL injection detection algorithm module, wherein the blacklist judgment module is used for checking a blacklist stored by the WebServer end, judging whether the IP address of a webpage of a user end is in the blacklist, and if so, forbidding to access all the requested URL addresses;
if not, detecting the data submitted by the client by the SQL injection detection algorithm module based on a preset SQL injection detection algorithm, wherein the preset SQL injection detection algorithm is a detection algorithm combining static analysis and dynamic analysis;
if the detection result is legal, allowing the website to be normally accessed;
and if the detection result is illegal, forbidding to access all the requested URL addresses, updating the blacklist of the WebServer end, and adding the IP address to the blacklist.
4. The SQL injection detection apparatus according to claim 3, wherein the detecting data submitted by the client based on the preset SQL injection detection algorithm further comprises:
defining a function f for deleting the attribute value of the SQL query statement in the data; if the FQ is an SQL query, FDQ ═ F (FQ) refers to an SQL query in which the FQ deletes the string value after' ═ or in parenthesis.
5. The SQL injection detection apparatus according to claim 4, wherein the detecting data submitted by the client based on the preset SQL injection detection algorithm further comprises:
in the running process of the Web application program, traversing all fixed SQL query statements in the Web application program, wherein for each fixed SQL query statement FIX _ SQLi, the following steps are carried out: f (FIX _ SQLi), obtaining a corresponding dynamic SQL query statement DYN _ SQLi;
the intermediate result is calculated according to the following formula:
result=FIX_SQLi⊕DYN_SQLi
wherein ≧ is an exclusive-or operation;
and judging whether the intermediate result is zero, if the result is 0, indicating that the data is normal, and otherwise, indicating that the data is abnormal.
6. The SQL injection detection apparatus of claim 4, wherein the deleting the attribute values of the SQL query statement in the data further comprises:
defining a function DelettFirst () for extracting and deleting a first character in an input SQL query statement and returning the character;
defining two state constants IS _ START and IS _ END, representing the starting and ending states of the "'" symbol in the SQL query statement;
defining an intermediate state variable Current _ Status, wherein the initialization value IS IS _ END;
if the initial SQL query statement SQL is not empty, then the following operations are performed in a loop:
step S1, let temporary variable char ═ deletfrist (sql);
step S2, judging whether char is a "'" symbol, if yes, adding char into the variable output to be output and executing step S3, returning to step S1, otherwise, executing step S4;
step S3, determining whether the character before char IS a backslash "\", if yes, making Current _ Status ═ IS _ START, and returning to step S1;
step S4, judging whether the Current _ Status IS equal to IS _ END, if yes, adding char into the variable output to be output, returning to step S1, otherwise, executing step S5;
step S5, judging whether the previous character of char is a reverse slash' \\ \ or not, if yes, adding char into a variable output to be output;
and returning the variable output after the loop is finished as the SQL query statement after the attribute value is deleted.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010662451.7A CN111832023B (en) | 2020-07-10 | 2020-07-10 | SQL injection detection method and device based on C/S architecture |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010662451.7A CN111832023B (en) | 2020-07-10 | 2020-07-10 | SQL injection detection method and device based on C/S architecture |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111832023A CN111832023A (en) | 2020-10-27 |
| CN111832023B true CN111832023B (en) | 2021-04-27 |
Family
ID=72900414
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010662451.7A Active CN111832023B (en) | 2020-07-10 | 2020-07-10 | SQL injection detection method and device based on C/S architecture |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111832023B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110474888A (en) * | 2019-07-26 | 2019-11-19 | 广东睿江云计算股份有限公司 | A kind of free-standing sql injection defence analysis alarm method and its system based on php |
| CN110557404A (en) * | 2019-09-27 | 2019-12-10 | 四川长虹电器股份有限公司 | method for filtering SQL injection attack |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8225402B1 (en) * | 2008-04-09 | 2012-07-17 | Amir Averbuch | Anomaly-based detection of SQL injection attacks |
| CN102682047A (en) * | 2011-10-18 | 2012-09-19 | 国网电力科学研究院 | Mixed structured query language (SQL) injection protection method |
| CN105704146A (en) * | 2016-03-18 | 2016-06-22 | 四川长虹电器股份有限公司 | System and method for SQL injection prevention |
| CN110647749A (en) * | 2019-09-20 | 2020-01-03 | 湖南大学 | Second-order SQL injection attack defense method |
-
2020
- 2020-07-10 CN CN202010662451.7A patent/CN111832023B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110474888A (en) * | 2019-07-26 | 2019-11-19 | 广东睿江云计算股份有限公司 | A kind of free-standing sql injection defence analysis alarm method and its system based on php |
| CN110557404A (en) * | 2019-09-27 | 2019-12-10 | 四川长虹电器股份有限公司 | method for filtering SQL injection attack |
Non-Patent Citations (1)
| Title |
|---|
| 基于SQL注入攻击的三种防御技术;李晓龙;《万方数据库》;20130813;第18-21页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111832023A (en) | 2020-10-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8800042B2 (en) | Secure web application development and execution environment | |
| KR101497742B1 (en) | System and method for authentication, data transfer, and protection against phising | |
| US8266700B2 (en) | Secure web application development environment | |
| US8640231B2 (en) | Client side attack resistant phishing detection | |
| US7613918B2 (en) | System and method for enforcing a security context on a downloadable | |
| JP5511097B2 (en) | Intelligent hash for centrally detecting malware | |
| US8051486B2 (en) | Indicating SQL injection attack vulnerability with a stored value | |
| Calzavara et al. | Semantics-based analysis of content security policy deployment | |
| CN111770104A (en) | Web vulnerability detection method, system, terminal and computer readable storage medium | |
| CN105404816A (en) | Content-based vulnerability detection method and device | |
| US8484232B2 (en) | Method, computer arrangement, computer program and computer program product for checking for the presence of control statements in a data value | |
| CN112738127B (en) | Web-based website and host vulnerability detection system and method thereof | |
| CN111832023B (en) | SQL injection detection method and device based on C/S architecture | |
| CN111814143B (en) | Method and system for dynamically monitoring SQL injection | |
| WO2020022456A1 (en) | Information processing device, information processing method, and information processing program | |
| Black et al. | Software assurance tools: Web application security scanner functional specification version 1.0 | |
| Sheykhkanloo | A pattern recognition neural network model for detection and classification of SQL injection attacks | |
| AU2014200698B2 (en) | A computer-implemented method for detecting domain injection or evasion | |
| JP2019194832A (en) | System and method for detecting changes in web resources | |
| US20230036599A1 (en) | System context database management | |
| George et al. | A proposed architecture for query anomaly detection and prevention against SQL injection attacks | |
| Hildebrand | Automated Scanning for Web Cache Poisoning Vulnerabilities | |
| Strukov et al. | Some Techniques of Detecting Web Applications Vulnerabilities | |
| Aljamea et al. | Effective Solutions for Most Common Vulnerabilities in Web Applications | |
| CN117494136A (en) | Vulnerability detection method and device of application software, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: Room 8329, 3rd floor, Chengbao Hotel, 6 xiaoyunli, Xiaoyun Road, Chaoyang District, Beijing Applicant after: Beijing reliable spectrum cloud Technology Co.,Ltd. Applicant after: Xiamen Biebeyun Co.,Ltd. Address before: 3f-a317, Zone C, innovation building, software park, torch hi tech Zone, Xiamen City, Fujian Province, 360100 Applicant before: Xiamen Biebeyun Co.,Ltd. Applicant before: Beijing reliable spectrum cloud Technology Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20210413 Address after: 3f-a317, Zone C, innovation building, software park, torch hi tech Zone, Xiamen City, Fujian Province, 360100 Applicant after: Xiamen Biebeyun Co.,Ltd. Address before: Room 8329, 3rd floor, Chengbao Hotel, 6 xiaoyunli, Xiaoyun Road, Chaoyang District, Beijing Applicant before: Beijing reliable spectrum cloud Technology Co.,Ltd. Applicant before: Xiamen Biebeyun Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 361000 3F-A317, Zone C, Innovation Building, Software Park, Torch High tech Zone, Xiamen City, Fujian Province Patentee after: Fujian Reliable Cloud Computing Technology Co.,Ltd. Country or region after: China Address before: 3f-a317, Zone C, innovation building, software park, torch hi tech Zone, Xiamen City, Fujian Province, 360100 Patentee before: Xiamen Biebeyun Co.,Ltd. Country or region before: China |