CN113343246B - Method and terminal for detecting database loopholes - Google Patents
Method and terminal for detecting database loopholes Download PDFInfo
- Publication number
- CN113343246B CN113343246B CN202110591960.XA CN202110591960A CN113343246B CN 113343246 B CN113343246 B CN 113343246B CN 202110591960 A CN202110591960 A CN 202110591960A CN 113343246 B CN113343246 B CN 113343246B
- Authority
- CN
- China
- Prior art keywords
- database
- vulnerability
- detected
- script library
- result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The invention discloses a method and a terminal for detecting database vulnerabilities, wherein a database to be detected is determined according to an acquired database vulnerabilities detection request, and a corresponding database vulnerabilities script library is called according to the database to be detected; after logging in the database to be detected remotely, sequentially executing sentences in the script library, judging whether an execution result accords with the vulnerability condition according to the rule of the script library, and if so, adding the execution result into the vulnerability result; therefore, the remote database connection is used, the configuration file of the target host is not required to be occupied, but the database statement is executed under the condition that only the connection interface of the target host is occupied, the conditions of refusing connection service and the like are avoided, and the safety of the database in the detection process is improved; and the speed of executing database sentences is better than the speed of executing scripts, so that the detection rate is further improved.
Description
Technical Field
The present invention relates to the field of database technologies, and in particular, to a method and a terminal for detecting a database vulnerability.
Background
Database vulnerability detection is mainly used for finding known risks existing in a database. In the prior art, in order to detect database vulnerabilities, a configuration file is generally used, and detection modes such as remote acquisition permission, remote information acquisition, remote execution command, remote data operation, denial of service attack and the like are performed by executing a script file.
However, the mode of remotely sending the instruction and acquiring the configuration file of the remote terminal database program by using the script file can occupy the configuration file of the target host, so that the target host database program cannot be normally used in a short time, the detection speed is low, and the safe and normal operation of software can be influenced.
Disclosure of Invention
The technical problems to be solved by the invention are as follows: the method and the terminal for detecting the database loopholes can improve the speed and the safety of database loophole detection.
In order to solve the technical problems, the invention adopts the following technical scheme:
a method of detecting database vulnerabilities, comprising the steps of:
acquiring a database vulnerability detection request, determining a database to be detected according to the database vulnerability detection request, and calling a corresponding script library according to the database to be detected;
logging in the database to be detected remotely according to the database vulnerability detection request, sequentially executing sentences of the script library in the database to be detected, judging whether an execution result meets vulnerability conditions according to rules of the script library, and if so, adding the execution result into a vulnerability result.
In order to solve the technical problems, the invention adopts another technical scheme that:
a terminal for detecting database vulnerabilities, comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the following steps when executing the computer program:
acquiring a database vulnerability detection request, determining a database to be detected according to the database vulnerability detection request, and calling a corresponding script library according to the database to be detected;
logging in the database to be detected remotely according to the database vulnerability detection request, sequentially executing sentences of the script library in the database to be detected, judging whether an execution result meets vulnerability conditions according to rules of the script library, and if so, adding the execution result into a vulnerability result.
The invention has the beneficial effects that: determining a database to be detected according to the obtained database vulnerability detection request, and calling a corresponding database vulnerability script library according to the database to be detected; after logging in the database to be detected remotely, sequentially executing sentences in the script library, judging whether an execution result accords with the vulnerability condition according to the rule of the script library, and if so, adding the execution result into the vulnerability result; therefore, the remote database connection is used, the configuration file of the target host is not required to be occupied, but the database statement is executed under the condition that only the connection interface of the target host is occupied, the conditions of refusing connection service and the like are avoided, and the safety of the database in the detection process is improved; and the speed of executing database sentences is better than the speed of executing scripts, so that the detection rate is further improved.
Drawings
FIG. 1 is a flow chart of a method for detecting database vulnerabilities according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a terminal for detecting database vulnerabilities according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating steps of a method for detecting database vulnerabilities according to an embodiment of the present invention;
fig. 4 is a schematic diagram of input login parameters of a method for detecting database vulnerabilities according to an embodiment of the present invention.
Detailed Description
In order to describe the technical contents, the achieved objects and effects of the present invention in detail, the following description will be made with reference to the embodiments in conjunction with the accompanying drawings.
Referring to fig. 1, an embodiment of the present invention provides a method for detecting database vulnerabilities, including the steps of:
acquiring a database vulnerability detection request, determining a database to be detected according to the database vulnerability detection request, and calling a corresponding script library according to the database to be detected;
logging in the database to be detected remotely according to the database vulnerability detection request, sequentially executing sentences of the script library in the database to be detected, judging whether an execution result meets vulnerability conditions according to rules of the script library, and if so, adding the execution result into a vulnerability result.
From the above description, the beneficial effects of the invention are as follows: determining a database to be detected according to the obtained database vulnerability detection request, and calling a corresponding database vulnerability script library according to the database to be detected; after logging in the database to be detected remotely, sequentially executing sentences in the script library, judging whether an execution result accords with the vulnerability condition according to the rule of the script library, and if so, adding the execution result into the vulnerability result; therefore, the remote database connection is used, the configuration file of the target host is not required to be occupied, but the database statement is executed under the condition that only the connection interface of the target host is occupied, the conditions of refusing connection service and the like are avoided, and the safety of the database in the detection process is improved; and the speed of executing database sentences is better than the speed of executing scripts, so that the detection rate is further improved.
Further, before the obtaining the database vulnerability detection request, the method includes:
obtaining defects of repairing each updated version of a plurality of preset databases;
and generating corresponding vulnerability detection information according to each defect of each database, and collecting each vulnerability detection information of each database to obtain a vulnerability database.
As can be seen from the above description, the vulnerability database of the preset various databases is collected, so that vulnerability detection information of each database which may exist each time can be obtained from the vulnerability database, and subsequent vulnerability detection on the databases is facilitated.
Further, the retrieving the corresponding script library according to the database to be detected includes:
and calling a script library corresponding to the vulnerability library according to the database type of the database to be detected.
According to the description, the corresponding script library in the vulnerability library is fetched according to the data type of the database to be detected, so that the database to be detected is conveniently detected according to the script library.
Further, logging in the database to be detected remotely according to the database vulnerability detection request, and sequentially executing the sentences of the script library in the database to be detected includes:
obtaining login parameters in the database vulnerability detection request, and remotely connecting the database to be detected according to the login parameters;
and executing the SQL statement or the NoSQL statement in the script library in the database to be detected remotely.
According to the description, the database to be detected is logged in remotely according to the login parameters in the vulnerability detection request, the database statement is called remotely, the detection speed of the database of the target host is better than that of the direct execution script, and the detection speed of the vulnerability of the database is improved.
Further, judging whether the execution result meets the vulnerability condition according to the rule of the script library, if so, adding the execution result to the vulnerability result comprises:
matching the execution result with the rule of the script library;
judging whether the matching result meets the vulnerability condition, if so, adding the execution result into the vulnerability result, and if not, discarding the matching result.
As can be seen from the above description, the execution result of each script library statement is matched with the corresponding script library rule, and the execution result conforming to the vulnerability condition is added to the vulnerability result, so that the detection accuracy can be improved, and the normal operation of the target host is not affected because the configuration file of the host where the database to be detected is located is not occupied in the detection process.
Referring to fig. 2, another embodiment of the present invention provides a terminal for detecting database vulnerabilities, including a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor implements the following steps when executing the computer program:
acquiring a database vulnerability detection request, determining a database to be detected according to the database vulnerability detection request, and acquiring a corresponding script library according to the database to be detected;
logging in the database to be detected remotely according to the database vulnerability detection request, sequentially executing sentences of the script library in the database to be detected, judging whether an execution result meets vulnerability conditions according to rules of the script library, and if so, adding the execution result into a vulnerability result.
As can be seen from the above description, determining a database to be detected according to the obtained database vulnerability detection request, and calling a corresponding database vulnerability script library according to the database to be detected; after logging in the database to be detected remotely, sequentially executing sentences in the script library, judging whether an execution result accords with the vulnerability condition according to the rule of the script library, and if so, adding the execution result into the vulnerability result; therefore, the remote database connection is used, the configuration file of the target host is not required to be occupied, but the database statement is executed under the condition that only the connection interface of the target host is occupied, the conditions of refusing connection service and the like are avoided, and the safety of the database in the detection process is improved; and the speed of executing database sentences is better than the speed of executing scripts, so that the detection rate is further improved.
Further, before the obtaining the database vulnerability detection request, the method includes:
obtaining defects of repairing each updated version of a plurality of preset databases;
and generating corresponding vulnerability detection information according to each defect of each database, and collecting each vulnerability detection information of each database to obtain a vulnerability database.
As can be seen from the above description, the vulnerability database of the preset various databases is collected, so that vulnerability detection information of each database which may exist each time can be obtained from the vulnerability database, and subsequent vulnerability detection on the databases is facilitated.
Further, the retrieving the corresponding script library according to the database to be detected includes:
and calling a script library corresponding to the vulnerability library according to the database type of the database to be detected.
According to the description, the corresponding script library in the vulnerability library is fetched according to the data type of the database to be detected, so that the database to be detected is conveniently detected according to the script library.
Further, logging in the database to be detected remotely according to the database vulnerability detection request, and sequentially executing the sentences of the script library in the database to be detected includes:
obtaining login parameters in the database vulnerability detection request, and remotely connecting the database to be detected according to the login parameters;
and executing the SQL statement or the NoSQL statement in the script library in the database to be detected remotely.
According to the description, the database to be detected is logged in remotely according to the login parameters in the vulnerability detection request, the database statement is called remotely, the detection speed of the database of the target host is better than that of the direct execution script, and the detection speed of the vulnerability of the database is improved.
Further, judging whether the execution result meets the vulnerability condition according to the rule of the script library, if so, adding the result to the vulnerability set comprises:
matching the execution result with the rule of the script library;
judging whether the matching result meets the vulnerability condition, if so, adding the matched execution result into the vulnerability result, and if not, discarding the matching result.
As can be seen from the above description, the execution result of each script library statement is matched with the corresponding script library rule, and the matching result is added to the vulnerability result in accordance with the vulnerability result, so that the detection accuracy can be improved, and the normal operation of the target host is not affected because the configuration file of the host where the database to be detected is located is not occupied in the detection process.
The method and the terminal for detecting the database loopholes are suitable for detecting the known loopholes existing in the main stream database, can improve the speed and the safety of database loophole detection, and are described in the following by a specific embodiment:
example 1
Referring to fig. 1 and 3, a method for detecting database vulnerabilities includes the steps of:
s1, acquiring a database vulnerability detection request, determining a database to be detected according to the database vulnerability detection request, and calling a corresponding script library according to the database to be detected.
Wherein, before the invoking the database vulnerability detection request, the method comprises:
obtaining defects of repairing each updated version of a plurality of preset databases;
and generating corresponding vulnerability detection information according to each defect of each database, and collecting each vulnerability detection information of each database to obtain a vulnerability database.
Specifically, in this embodiment, before the database vulnerability detection request is obtained, a vulnerability database needs to be collected, a script developer updates the version repairing defect each time according to the database manufacturer, and generates vulnerability detection information according to possible dangerous execution sentences, where the vulnerability detection information includes a vulnerability name, a database type, a threat type, execution sentences, a matching rule, and the like, and the vulnerability detection information of different databases is collected to form the vulnerability database.
The step of calling the corresponding script library according to the database to be detected comprises the following steps:
and calling a script library corresponding to the vulnerability library according to the database type of the database to be detected.
Specifically, in this embodiment, the database vulnerability request includes a login parameter, please refer to fig. 4, and the user fills in the corresponding login parameter according to the detected database type, where the login parameter includes the to-be-detected database type, the database user name, the database password, the database name and the port number.
Therefore, the database to be detected can be determined through the database vulnerability detection request, and the corresponding script library is called from the vulnerability library according to the determined database to be detected.
S2, logging in the database to be detected remotely according to the database vulnerability detection request, sequentially executing sentences of the script library in the database to be detected, judging whether an execution result meets vulnerability conditions according to rules of the script library, and if so, adding the execution result into a vulnerability result.
The remote logging in the database to be detected according to the database vulnerability detection request, and sequentially executing the sentences of the script library in the database to be detected comprises:
obtaining login parameters in the database vulnerability detection request, and remotely connecting the database to be detected through JDBC (Java Database Connectivity, java database connection) according to the login parameters;
and executing the SQL statement or the NoSQL statement in the script library in the database to be detected remotely.
Specifically, in this embodiment, according to the login parameter in the database vulnerability detection request, the database to be detected is tried to be connected, and if the login fails, login failure information is returned to the vulnerability result;
if the login is successful, configuring the database, loading an execution script, and matching a corresponding rule base according to the data type containing one field and multi-field data returned after the script is executed to obtain a vulnerability rule base;
and generating an execution script library according to the database type in the database vulnerability detection request, and remotely executing each SQL sentence or NoSQL sentence in the script library through the existing connection.
Judging whether the execution result meets the vulnerability condition according to the rule of the script library, and if so, adding the execution result to the vulnerability result comprises the following steps:
matching the execution result with the rule of the script library;
judging whether the matching result meets the vulnerability condition, if so, adding the execution result into the vulnerability result, and if not, discarding the matching result.
Specifically, the result of executing each SQL sentence or NoSQL sentence in the script library is matched with the rule of the script library, when the matching result does not accord with the vulnerability condition, the matching result is abandoned, when the matching result accords with the vulnerability condition, the execution result which accords with the vulnerability is added into the vulnerability result, and when all the sentences in the script library are executed, the vulnerability result is returned.
Therefore, in this embodiment, through the remote JDBC connection, under the condition that only the target detection host database connection is occupied, the database statement is executed, so that attacks such as refusing to connect service are avoided, and security of vulnerability detection is improved; compared with the method for determining the configuration file of the database by using the script, the method has the advantages that the accuracy of remotely calling the query statement is higher, the speed of executing the database statement is better than the speed of executing the script file, and the vulnerability detection rate is improved.
Example two
The embodiment is a specific method for detecting database vulnerabilities:
the first step: preparing a database script library, namely a vulnerability library:
a complete database script library is prepared, and by now about 3000 script libraries are collected, for example:
one script is 1848 with a script number; the database type is Mysql; the execution statement is "show variables where variable _name= 'log_bin' and value= 'ON'"; the result data category is multiple records and multiple columns; the regular rule is none; the matching condition is not null;
the other script is 1849; the database type is Mysql; the execution statement is "select version ()"; the result data category is single record list; the regular rule is "[0-9] + (\0-9 +)? "; the matching condition is not null.
And a second step of: preparing login parameters:
selecting a database scanning type as Mysql, and inputting a user name: root, password: root, database name: itop and port number: 3306.
and a third step of: remote connection database:
judging whether the input parameters can be successfully connected with the Mysql database, and if so, continuing the next step; if the vulnerability detection engine fails, ending the scheduling of the vulnerability detection engine;
in this embodiment, the JDBC connection is successful, and the JDBC connection string is obtained.
Fourth step: loading a database script library:
according to the Mysql database selected by the user, the system will invoke 933 scripts to load the Mysql database for execution by the engine.
Fifth step: executing SQL sentences to detect database vulnerabilities:
933 script commands are executed one by one, and after successful execution is returned, a vulnerability result is returned for verification, wherein the specific rules are as follows:
5.1 definition of vulnerability rules
For example: script with a foot number of 1849, which detects whether the Mysql version number is too low, its rule is 5.7 or more, regular rule "[0-9] + (\\0-9 ] +? "the first two bits of the comparison version number.
5.2 remote execution of statements
According to the JDBC connection string, statement select version ().
5.3 returning the execution result
After executing the sentence in 5.2, obtaining single-row single-column data: 5.6.6-m9.
Sixth step: checking a result matching rule base:
the query data is 5.6.6-m9, the result is 5.6 after the query data is processed according to the rules ([ 0-9] + (\0-9.).
Seventh step: outputting the detected vulnerability result:
and traversing 933 scripts, repeating the steps from the fifth step to the sixth step, and finally storing the script numbers which do not accord with the rules in a list of vulnerability results to finish the detection of Mysql.
In the embodiment, 933 SQL scripts are executed, which takes 8 seconds to totally detect 106 vulnerabilities, wherein 11 high-risk, 83 medium-risk and 12 low-risk are detected; the 690 scripts are executed remotely, the time is 127 seconds, 19 loopholes are detected in total, 1 high-risk, 1 medium-risk and 1 low-risk are detected, and after verification through the loophole authentication official network, the false alarm rates of the two modes are 0%, so that the method for executing the query statement remotely is better in terms of speed and accuracy.
Example III
Referring to fig. 2, a terminal for detecting database vulnerabilities includes a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the method for detecting database vulnerabilities according to the first or second embodiments when executing the computer program.
In summary, according to the method and the terminal for detecting database vulnerabilities provided by the invention, a vulnerability set of a plurality of preset databases is collected, a database to be detected is determined according to an obtained database vulnerability detection request, and a corresponding database vulnerability script library is called according to the type of the database to be detected; sequentially executing sentences in the script library after remotely logging in the database to be detected, matching the execution result with the script library rule, judging whether the matching result accords with the vulnerability condition, and adding the execution result into the vulnerability result if so; therefore, the remote database connection is used, the configuration file of the target host is not required to be occupied, but the database statement is executed under the condition that only the connection interface of the target host is occupied, the conditions of refusing connection service and the like are avoided, and the safety of the database in the detection process is improved; and the speed of executing database sentences is better than the speed of executing scripts, so that the detection rate is further improved.
The foregoing description is only illustrative of the present invention and is not intended to limit the scope of the invention, and all equivalent changes made by the specification and drawings of the present invention, or direct or indirect application in the relevant art, are included in the scope of the present invention.
Claims (6)
1. A method for detecting database vulnerabilities, comprising the steps of:
acquiring a database vulnerability detection request, determining a database to be detected according to the database vulnerability detection request, and calling a corresponding script library according to the database to be detected;
logging in the database to be detected remotely according to the database vulnerability detection request, sequentially executing SQL sentences or NoSQL sentences of the script library in the database to be detected, judging whether an execution result accords with vulnerability conditions according to rules of the script library, and if so, adding the execution result into a vulnerability result;
the step of obtaining the database vulnerability detection request comprises the following steps:
obtaining defects of repairing each updated version of a plurality of preset databases;
generating corresponding vulnerability detection information according to each defect of each database, and collecting each vulnerability detection information of each database to obtain a vulnerability database;
the vulnerability detection information comprises a vulnerability name, a database type, a threat type, an execution statement and a matching rule;
the obtaining the corresponding script library according to the database to be detected comprises the following steps:
and calling a script library corresponding to the vulnerability library according to the database type of the database to be detected.
2. The method according to claim 1, wherein remotely logging in the database to be detected according to the database vulnerability detection request, and sequentially executing the sentences of the script library in the database to be detected comprises:
obtaining login parameters in the database vulnerability detection request, and remotely connecting the database to be detected according to the login parameters;
and executing the SQL statement or the NoSQL statement in the script library in the database to be detected remotely.
3. The method for detecting a database vulnerability according to claim 1, wherein determining whether an execution result meets a vulnerability condition according to rules of the script library, and if yes, adding the execution result to a vulnerability result comprises:
matching the execution result with the rule of the script library;
judging whether the matching result meets the vulnerability condition, if so, adding the execution result into the vulnerability result, and if not, discarding the matching result.
4. A terminal for detecting database vulnerabilities, comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the computer program when executed by the processor performs the steps of:
acquiring a database vulnerability detection request, determining a database to be detected according to the database vulnerability detection request, and acquiring a corresponding script library according to the database to be detected;
logging in the database to be detected remotely according to the database vulnerability detection request, sequentially executing SQL sentences or NoSQL sentences of the script library in the database to be detected, judging whether an execution result accords with vulnerability conditions according to rules of the script library, and if so, adding the execution result into a vulnerability result;
the step of obtaining the database vulnerability detection request comprises the following steps:
obtaining defects of repairing each updated version of a plurality of preset databases;
generating corresponding vulnerability detection information according to each defect of each database, and collecting each vulnerability detection information of each database to obtain a vulnerability database;
the vulnerability detection information comprises a vulnerability name, a database type, a threat type, an execution statement and a matching rule;
the obtaining the corresponding script library according to the database to be detected comprises the following steps:
and calling a script library corresponding to the vulnerability library according to the database type of the database to be detected.
5. The terminal for detecting a database vulnerability as recited in claim 4, wherein remotely logging into the database to be detected according to the database vulnerability detection request, and sequentially executing the script database statements in the database to be detected comprises:
obtaining login parameters in the database vulnerability detection request, and remotely connecting the database to be detected according to the login parameters;
and executing the SQL statement or the NoSQL statement in the script library in the database to be detected remotely.
6. The terminal for detecting a database vulnerability according to claim 4, wherein determining whether an execution result meets a vulnerability condition according to rules of the script library, and if yes, adding the execution result to a vulnerability result comprises:
matching the execution result with the rule of the script library;
judging whether the matching result meets the vulnerability condition, if so, adding the execution result into the vulnerability result, and if not, discarding the matching result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110591960.XA CN113343246B (en) | 2021-05-28 | 2021-05-28 | Method and terminal for detecting database loopholes |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110591960.XA CN113343246B (en) | 2021-05-28 | 2021-05-28 | Method and terminal for detecting database loopholes |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113343246A CN113343246A (en) | 2021-09-03 |
| CN113343246B true CN113343246B (en) | 2023-05-23 |
Family
ID=77471953
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110591960.XA Active CN113343246B (en) | 2021-05-28 | 2021-05-28 | Method and terminal for detecting database loopholes |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113343246B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112738094A (en) * | 2020-12-29 | 2021-04-30 | 国网山东省电力公司滨州供电公司 | Expandable network security vulnerability monitoring method, system, terminal and storage medium |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103530565A (en) * | 2013-10-21 | 2014-01-22 | 北京锐安科技有限公司 | Method and device for scanning website program bugs based on web |
| US11170113B2 (en) * | 2017-01-04 | 2021-11-09 | Checkmarx Ltd. | Management of security vulnerabilities |
| CN107368582B (en) * | 2017-07-21 | 2020-12-22 | 深信服科技股份有限公司 | SQL statement detection method and system |
| CN112087462A (en) * | 2020-09-11 | 2020-12-15 | 北京顶象技术有限公司 | Vulnerability detection method and device of industrial control system |
| CN112818352B (en) * | 2021-02-22 | 2022-05-10 | 北京安华金和科技有限公司 | Database detection method and device, storage medium and electronic device |
-
2021
- 2021-05-28 CN CN202110591960.XA patent/CN113343246B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112738094A (en) * | 2020-12-29 | 2021-04-30 | 国网山东省电力公司滨州供电公司 | Expandable network security vulnerability monitoring method, system, terminal and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113343246A (en) | 2021-09-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110399730B (en) | Method, system and medium for checking intelligent contract vulnerability | |
| CN100461132C (en) | Software safety code analyzer based on static analysis of source code and testing method therefor | |
| US10505966B2 (en) | Cross-site request forgery (CSRF) vulnerability detection | |
| US20070156644A1 (en) | SQL injection detector | |
| CN106961419A (en) | WebShell detection methods, apparatus and system | |
| CN113158197B (en) | SQL injection vulnerability detection method and system based on active IAST | |
| CN110225029A (en) | Detection method for injection attack, device, server and storage medium | |
| Dalai et al. | Neutralizing SQL injection attack using server side code modification in web applications | |
| CN115033894B (en) | Software component supply chain safety detection method and device based on knowledge graph | |
| RU2652451C2 (en) | Methods for anomalous elements detection on web pages | |
| CN104462985A (en) | Detecting method and device of bat loopholes | |
| CN114969766B (en) | Account locking bypassing logic vulnerability detection method, system and storage medium | |
| CN109067717B (en) | Method and device for detecting SQL injection vulnerability | |
| CN107302530B (en) | Industrial control system attack detection device based on white list and detection method thereof | |
| CN109657462B (en) | Data detection method, system, electronic device and storage medium | |
| CN108959860B (en) | Method for detecting whether Android system is cracked or not and obtaining cracking record | |
| CN113343246B (en) | Method and terminal for detecting database loopholes | |
| CN111104670B (en) | APT attack identification and protection method | |
| CN113595975A (en) | Detection method and device for Webshell of Java memory | |
| CN111898126A (en) | Android repackaging application detection method based on dynamically acquired user interface | |
| CN110806980A (en) | Detection method, device, equipment and storage medium | |
| US20220335122A1 (en) | Command injection identification | |
| CN103116724B (en) | The method of locator(-ter) sample hazardous act and device | |
| CN111310162B (en) | Trusted computing-based equipment access control method, device, product and medium | |
| CN117201193B (en) | Virus detection method and device, storage medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |