CN113660239A - SQL injection prevention system based on salting and front-end WAF protection coupling - Google Patents
SQL injection prevention system based on salting and front-end WAF protection coupling Download PDFInfo
- Publication number
- CN113660239A CN113660239A CN202110913144.6A CN202110913144A CN113660239A CN 113660239 A CN113660239 A CN 113660239A CN 202110913144 A CN202110913144 A CN 202110913144A CN 113660239 A CN113660239 A CN 113660239A
- Authority
- CN
- China
- Prior art keywords
- waf
- module
- proxy server
- salting
- protection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000002347 injection Methods 0.000 title claims abstract description 37
- 239000007924 injection Substances 0.000 title claims abstract description 37
- 238000009938 salting Methods 0.000 title claims abstract description 26
- 230000002265 prevention Effects 0.000 title claims abstract description 21
- 230000008878 coupling Effects 0.000 title claims abstract description 15
- 238000010168 coupling process Methods 0.000 title claims abstract description 15
- 238000005859 coupling reaction Methods 0.000 title claims abstract description 15
- 238000009434 installation Methods 0.000 claims description 38
- 238000011033 desalting Methods 0.000 claims description 12
- 238000001914 filtration Methods 0.000 claims description 9
- 230000001681 protective effect Effects 0.000 claims description 9
- 238000001816 cooling Methods 0.000 claims description 3
- 230000007123 defense Effects 0.000 abstract description 12
- 150000003839 salts Chemical class 0.000 description 8
- 238000010586 diagram Methods 0.000 description 6
- 238000000034 method Methods 0.000 description 5
- 238000013459 approach Methods 0.000 description 4
- 230000017525 heat dissipation Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 239000000428 dust Substances 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 238000005336 cracking Methods 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides an SQL injection prevention system based on salting and front-end WAF protection coupling. The SQL injection prevention system based on salting and front-end WAF protection coupling comprises: the system comprises a WAF module, an intermediate service module, a proxy server and a database; the output end of the WAF module is electrically connected with the input end of the intermediate service module; the intermediate service module comprises middleware and a network service. According to the SQL injection prevention system based on salting and front-end WAF protection coupling, the proxy server feeds back suspected SQL injection to the front-end WAF, the defense capability of the WAF is enhanced in real time, next time, in the face of the attack, the front-end protection can be directly blocked, the proxy server located at the rear end can be in a bottom-in-pocket state in subsequent defense, under the condition that the requirement on efficiency is high, the protection level of the proxy server can be changed by adjusting salting frequency and checking frequency, more protection tasks can be handed to the front end, and the rear end serves as the bottom-in-pocket.
Description
Technical Field
The invention relates to the technical field of network security, in particular to an SQL injection prevention system based on salting and front-end WAF protection coupling.
Background
With the development of internet technology, databases become necessary components for web backend, and attacks against databases are endless, and since SQL injection was applied to attack web services by malicious attackers 20 years ago, a large number of attack examples have been created so far, which brings huge losses to internet service manufacturers. A malicious attacker can easily construct an illegal SQL statement to be spliced in a legal input and then transmitted to the back end, so that unexpected influence is caused.
So far, protection against SQL injection is focused on black and white list filtering, pre-compiling, protection using a security framework and security functions, WAF protection: a filtering device is arranged at the front end of a WEB page, and the disallowed characters, such as a single quotation mark ', a keyword ' keywords ' and the like are removed or transferred, so that most SQL injection can be prevented after strict character check is carried out.
Pre-compiling: the precompilation is a function provided by a part of databases, and can be realized by firstly compiling by replacing keywords input at the front end with placeholders, executing a precompensation function to generate an executed syntax tree, and then importing parameters at the front end, wherein the parameters introduced at the front end can be directly brought into execution without compiling, so that the injection of malicious sentences can be prevented.
And the WAF protection: the WAF adopts a black and white list and performs filtering based on a certain rule, but a malicious attacker can bypass the filtering by various means, such as wide byte injection, secondary injection, injection after encoding and the like. The WAF is difficult to make perfect rules, the white list limits input contents, and the flexibility is insufficient in many scenes, so that the business requirements cannot be met;
pre-compiling: precompilation is a method which can prevent injection in a hundred percent theoretically, but is not applicable in a scene that a table, a column and a name need to be dynamically transmitted. For some older systems, it is difficult to reconstruct their code to meet the security standards, and it is much easier to use additional systems than to change existing code.
Therefore, it is necessary to provide an SQL injection prevention system based on salting coupled with front-end WAF protection to solve the above technical problems.
Disclosure of Invention
The invention provides an SQL injection prevention system based on salting and front-end WAF protection coupling, which solves the problems that an old system cannot effectively prevent SQL injection and a WAF protection system cannot effectively obtain latest injection data.
In order to solve the technical problem, the SQL injection prevention system based on salting and front-end WAF protection coupling provided by the invention comprises: the system comprises a WAF module, an intermediate service module, a proxy server and a database; the output end of the WAF module is electrically connected with the input end of the intermediate service module; the intermediate service module comprises middleware and network service and is used for carrying out salting operation on existing keywords of the statements transmitted from the front end; the input end of the proxy server is electrically connected with the output end of the intermediate service module, the proxy server comprises a feedback module and a desalting module, and the output end of the proxy server is connected with the input end of the WAF module; the input end of the database is connected with the output end of the proxy server.
Preferably, the firewall of the WAF module is connected to the client at the front end, and performs a filtering operation on the incoming parameters in advance when receiving the HTTP request.
Preferably, the intermediate service module receives the filtered request, and performs salting on the existing keywords to form a salted SQL statement.
Preferably, the proxy server identifies and identifies the salted SQL statements, and transmits the suspected SQL statements to the front-end WAF module under the feedback of the feedback module after the suspected SQL statements are desalted by the desalting module.
Preferably, the proxy server desalts the qualified statements to form standard SQL statements, and the standard SQL statements are transmitted to the back end of the database to be executed normally.
Preferably, the proxy server equipment needs to be installed on corresponding installation equipment when in use, the installation equipment comprises an installation box, an air inlet hole is formed in the installation box, an installation groove is formed in the outer surface of the installation box, and a cooling fan is arranged on one side of the installation box;
the rotating piece is rotatably arranged on the outer surface of the mounting box, and a rotating door is fixedly connected to the surface of the rotating piece;
the protective filter plate is movably arranged inside the mounting groove;
the surface of the adjusting motor is fixed on the surface of the rotating door, and the output end of the adjusting motor is fixedly connected with a screw rod;
the surface threads of the two moving frames are arranged on the surface of the screw rod;
the server body is arranged inside the movable frame;
the two groups of limiting slide bars are fixedly arranged on the inner side surface of the rotating door;
and the surface of the locking screw shaft is installed on the outer surface of the rotating door in a threaded manner.
Preferably, the inside of the air inlet hole is communicated with the inside of the installation box, and the inside of the air inlet hole is communicated with the inside of the installation groove.
Preferably, the protection filter plate is a moisture-resistant filter plate, the surface of the protection filter plate is in sliding connection with the inner surface of the mounting groove, and the size of the protection filter plate is matched with that of the air inlet hole.
Preferably, the surface of the screw rod is a reverse double-threaded rod, the surface of the screw rod is in threaded connection with the surface of the movable frame, and the surface of the movable frame is in sliding connection with the surface of the limiting sliding rod.
Preferably, a connecting groove is formed in the mounting box, and the surface of the locking screw shaft is in threaded connection with the inner surface of the connecting groove.
Compared with the related technology, the SQL injection prevention system based on salting and front-end WAF protection coupling provided by the invention has the following beneficial effects:
the invention provides an SQL injection prevention system based on salt adding and front-end WAF protection coupling, firstly, salt adding operation between a front end and a database and desalting operation of a proxy server can ensure that an attacker cannot effectively use keywords except the keywords, thus avoiding most SQL injection, the method has high efficiency under common conditions, meanwhile, the proxy server can feed back suspected SQL injection to the WAF at the front end to enhance the defense capability of the WAF in real time, next time, in the face of the attack, the protection at the front end can be directly blocked, the proxy server at the rear end can be in a bottom-of-the-way state in subsequent defense, and under the condition of high requirement on efficiency, the protection grade of the attacker can be changed by adjusting salt adding frequency and checking frequency, and more protection tasks can be handed to the front end, the back end is used as a pocket bottom.
Drawings
FIG. 1 is a diagram of a defense model topology for an SQL injection prevention system based on salting and front-end WAF protection coupling provided by the present invention;
FIG. 2 is a topology diagram of the proxy server shown in FIG. 1;
FIG. 3 is a schematic structural diagram of a server installation device of the SQL injection prevention system based on salting coupled with front-end WAF protection according to the present invention;
FIG. 4 is a schematic view of the interior of the mounting box of FIG. 3;
fig. 5 is a schematic view of the structure of the intake vent portion shown in fig. 3.
Reference numbers in the figures:
1. the air conditioner comprises an installation box 11, an air inlet hole 12, an installation groove 13 and a heat dissipation fan;
2. a rotary member 21, a rotary door;
3. a protective filter plate;
4. an adjusting motor 41 and a screw rod;
5. a movable frame;
6. a server body;
7. a limiting slide bar;
8. and locking the screw shaft.
Detailed Description
The invention is further described with reference to the following figures and embodiments.
Please refer to fig. 1, fig. 2, fig. 3, fig. 4 and fig. 5 in combination, wherein fig. 1 is a topology diagram of a defense model of an SQL injection prevention system based on coupling of salting and front-end WAF protection according to the present invention; FIG. 2 is a topology diagram of the proxy server shown in FIG. 1; FIG. 3 is a schematic structural diagram of a server installation device of the SQL injection prevention system based on salting coupled with front-end WAF protection according to the present invention; FIG. 4 is a schematic view of the interior of the mounting box of FIG. 3; fig. 5 is a schematic view of the structure of the intake vent portion shown in fig. 3.
An SQL injection prevention system based on salting coupled with front-end WAF protection comprises:
the system comprises a WAF module, an intermediate service module, a proxy server and a database;
the output end of the WAF module is electrically connected with the input end of the intermediate service module;
the intermediate service module comprises middleware and network service and is used for carrying out salting operation on existing keywords of the statements transmitted from the front end;
the input end of the proxy server is electrically connected with the output end of the intermediate service module, the proxy server comprises a feedback module and a desalting module, and the output end of the proxy server is connected with the input end of the WAF module;
the input end of the database is connected with the output end of the proxy server.
And the firewall of the WAF module is connected with the client at the front end, and performs filtering operation on the incoming parameters in advance when receiving the HTTP request.
The WAF firewall performs filtering operation on the incoming parameters in the front end in advance.
And the intermediate service module receives the filtered request and adds salt to the existing keywords to form a salified SQL statement.
The middleware service performs salting operation on the existing keywords of the front-end incoming statement, such as select, update, quotation mark, and table, column name, such as adding a random number in the middle of the keyword, the generation of the random number depends on the current time or stock price, and under the condition of ensuring that the random number is sufficiently random:
if the data introduced by the front-end parameters contains keywords, the keywords are not randomized, and the question statement can be easily distinguished and marked when the statement is introduced into the proxy server.
The statement can be transmitted to a WAF module at the front end after desalting treatment, and added into a blacklist, so that the number of the blacklist can be increased in real time;
on the other hand, if the statement has no problem, the statement becomes a standard SQL statement after desalting, and the SQL statement is transmitted to the back end of the database to be normally executed.
The proxy server respectively identifies the SQL sentences added with salt, and after the suspected SQL sentences are desalted through the desalting module, the suspected SQL sentences are transmitted to the WAF module at the front end under the feedback of the feedback module.
And the proxy server desalts the qualified statements to form standard SQL statements, and the standard SQL statements are transmitted to the back end of the database to be normally executed.
And the frequency of updating the salt operation and whether all statements are salted may be set.
A balance can be made between query efficiency and security, since the front-end blacklist can filter out most attacks as the attack data collection increases, the system will run more secure.
The protection of the rear end is used for high-level defense and providing real-time defense data for the front end so as to provide the protection capability of the front end protection, and the use is safer;
the proxy server and the middleware adopt a method of adding salt and desalting to stop known and unknown SQL injection, and simultaneously can effectively avoid cracking invasion of attackers by some combination means;
the proxy server does not occupy the original computing resources, has little influence on the query efficiency, has the function of adjusting the protection capability in real time, and can balance the efficiency and the safety.
By adding a proxy server between the web and the database, most SQL injection can be blocked under the condition of hardly influencing efficiency, and the defense result of the back end is fed back to the front end, so that the defense capability of the front end is enhanced.
The proxy server equipment is required to be installed on corresponding installation equipment when in use, the installation equipment comprises an installation box 1, an air inlet 11 is formed in the installation box 1, an installation groove 12 is formed in the outer surface of the installation box 1, and a cooling fan 13 is arranged on one side of the installation box 1; the rotating part 2 is rotatably arranged on the outer surface of the mounting box 1, and a rotating door 21 is fixedly connected to the surface of the rotating part 2; the protective filter plate 3 is movably arranged in the mounting groove 12; the surface of the adjusting motor 4 is fixed on the surface of the rotating door 21, and the output end of the adjusting motor 4 is fixedly connected with a screw rod 41; at least two moving frames 5, wherein the surface threads of the two moving frames 5 are arranged on the surface of the screw rod 41; a server body 6, wherein the server body 6 is installed inside the movable frame 5; the two groups of limiting slide bars 7 are fixedly arranged on the inner side surface of the rotating door 21; and a locking screw shaft 8, wherein the surface of the locking screw shaft 8 is installed on the outer surface of the rotating door 21 in a threaded manner.
The proxy server equipment is arranged in the movable frames 5, the two groups of movable frames 5 are symmetrically distributed and are respectively arranged on the reverse thread surfaces of the screw rods 41, so that the distance between the two groups of installed server bodies 6 can be conveniently adjusted, the heat generated by the two groups of server bodies 6 due to too close distance is prevented from being mutually influenced, meanwhile, the installation box 1 is provided with the heat dissipation fan 13, and the heat dissipation fan 13 accelerates the circulation and heat dissipation of air for the server bodies 6 in the installation box 1 through the air inlet 11.
The outside of fresh air inlet 11 is provided with movable mounting's protection filter plate 3, conveniently filters the air of the inside input of install bin 1, prevents that dust and moisture from getting into the inside of install bin 1, ensures the stability of equipment operation, and 3 movable mounting's of protection filter plate mode is conveniently installed and is dismantled.
The rotating door 21 is convenient to rotate and adjust on the installation box 1 through the rotating part 2, and when the rotating door 21 rotates, the adjusting structure in the installation box 1 and the server body 6 can be synchronously driven to synchronously rotate and adjust outwards, so that the structure of the server body 6 can be conveniently installed and disassembled, the inconvenience in installation and disassembly of equipment due to the narrow space in the installation box 1 is avoided, and convenience is provided for operation and maintenance of the equipment;
when the turnstile 21 outwards opens, the locking screw axle 8 of unscrewing, turnstile 21 rotates to the horizontality through rotating 2 when, turnstile 21 drives 1 inside adjusting motor 4 of install bin, lead screw 41, remove frame 5, server body 6 expandes to the outside in step, and the back is opened completely to turnstile 21, the stable support of server body 6 is directly over turnstile 21, the equipment that the turnstile 21 upwards opened the back and need overhaul and maintain demonstrates in the outside of install bin 1 completely, break away from the inside narrow and small space of install bin 1, make server body 6 and its continuous electrical equipment's maintenance more convenient.
When the adjusting motor 4 is used, the adjusting motor 4 is connected with an external power supply, and the adjusting motor 4 provides a power source for the screw rod 41.
Two sets of spacing slide bars 7 provide spacing for the lift adjustment of removing frame 5 to remove the surface sliding connection of frame 5 and spacing slide bar 7, provide stable support for the lift adjustment of removing frame 5.
The inside of the air inlet hole 11 and the inside of the installation case 1 communicate with each other, and the inside of the air inlet hole 11 and the inside of the installation groove 12 communicate with each other.
The inlet opening 11 is used for the input of heat transfer air, and mounting groove 12 is used for protecting the installation and the dismantlement of filter plate 3, can shelter from and protect inlet opening 11 after protecting filter plate 3 and installing the inside at mounting groove 12.
The protection filter plate 3 is a moisture-resistant filter plate, the surface of the protection filter plate 3 is in sliding connection with the inner surface of the mounting groove 12, and the size of the protection filter plate 3 is matched with that of the air inlet 11.
The protective filter plate 3 can be installed and detached according to the actual use requirement, and when the air needs to be subjected to dust filtration and moisture prevention, the protective filter plate 3 is installed inside the installation groove 12;
when need not dustproof and dampproofing, can dismantle protection filter plate 3 according to the demand of using for the inside of fresh air inlet 11 and external air communicate each other.
The surface of the screw rod 41 is a reverse double-threaded rod, the surface of the screw rod 41 is in threaded connection with the surface of the movable frame 5, and the surface of the movable frame 5 is in sliding connection with the surface of the limiting slide rod 7.
The two groups of moving frames 5 are symmetrically arranged on the directional double-threaded rod structure of the screw rod 41, so that the screw rod 41 can synchronously drive the two groups of moving frames 5 to approach or separate from each other when rotating;
when the screw rod 41 rotates forwards, the screw rod 41 drives the two groups of moving frames 51 to approach each other, and when the two groups of moving frames 51 approach each other, the server body 6 is driven to approach each other, so that the position of the server body 6 can be conveniently adjusted;
when the screw rod 41 reversely rotates, the screw rod 41 drives the two sets of moving frames 51 to be away from each other, and the two sets of moving frames 51 drive the server body 6 to be away from each other when being away from each other, so that the position of the server body 6 can be conveniently adjusted.
The mounting box 1 is provided with a connecting groove, and the surface of the locking screw shaft 8 is in threaded connection with the inner surface of the connecting groove.
The installed swing door 21 is stably fixed on the surface of the installation box 1 by the locking screw shaft 8.
Compared with the related technology, the SQL injection prevention system based on salting and front-end WAF protection coupling provided by the invention has the following beneficial effects:
firstly, the salting operation between the front end and the database and the desalting operation of the proxy server can ensure that an attacker cannot effectively use the keywords except the keywords, so that most SQL injections can be avoided, the method has high efficiency under common conditions, meanwhile, the proxy server can feed back the suspected SQL injection to the WAF at the front end, the defense capability of the WAF is enhanced in real time, next time, in the face of the attack, the protection at the front end can be directly blocked, the proxy server at the rear end can be in a bottom-in-pocket state in subsequent defense, and under the condition of high requirement on efficiency, the salt adding frequency and the checking frequency can be adjusted to change the protection level of the attacker, so that more protection tasks can be handed to the front end, and the rear end can be used as the bottom-in-pocket.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. An SQL injection prevention system based on salting coupled with front-end WAF protection, comprising:
the system comprises a WAF module, an intermediate service module, a proxy server and a database;
the output end of the WAF module is electrically connected with the input end of the intermediate service module;
the intermediate service module comprises middleware and network service and is used for carrying out salting operation on existing keywords of the statements transmitted from the front end;
the input end of the proxy server is electrically connected with the output end of the intermediate service module, the proxy server comprises a feedback module and a desalting module, and the output end of the proxy server is connected with the input end of the WAF module;
the input end of the database is connected with the output end of the proxy server.
2. The system of claim 1, wherein a firewall of the WAF module is connected to a client at the front end and performs a filtering operation on incoming parameters in advance when receiving HTTP requests.
3. The system of claim 2, wherein the intermediary service module receives the filtered request and saltates existing keywords to form a saltated SQL statement.
4. The SQL injection prevention system based on salting and front-end WAF protection coupling of claim 3, wherein the proxy server identifies and distinguishes the salted SQL statements, and transmits the suspected SQL statements to the front-end WAF module under the feedback of the feedback module after the suspected SQL statements are desalted by the desalting module.
5. The system according to claim 3, wherein the proxy server performs desalting on the qualified statements to form standard SQL statements, and the standard SQL statements are transmitted to the back end of the database for normal execution.
6. The SQL injection prevention system based on salting and front-end WAF protection coupling of claim 1, wherein the proxy server device needs to be installed on corresponding installation equipment when in use, the installation equipment comprises an installation box, an air inlet hole is formed in the installation box, an installation groove is formed in the outer surface of the installation box, and a cooling fan is arranged on one side of the installation box;
the rotating piece is rotatably arranged on the outer surface of the mounting box, and a rotating door is fixedly connected to the surface of the rotating piece;
the protective filter plate is movably arranged inside the mounting groove;
the surface of the adjusting motor is fixed on the surface of the rotating door, and the output end of the adjusting motor is fixedly connected with a screw rod;
the surface threads of the two moving frames are arranged on the surface of the screw rod;
the server body is arranged inside the movable frame;
the two groups of limiting slide bars are fixedly arranged on the inner side surface of the rotating door;
and the surface of the locking screw shaft is installed on the outer surface of the rotating door in a threaded manner.
7. The system of claim 6, wherein the interior of the air inlet is in communication with the interior of the mounting box and the interior of the air inlet is in communication with the interior of the mounting slot.
8. The system of claim 6, wherein the protective filter is a moisture resistant filter, and the surface of the protective filter is slidably attached to the inner surface of the mounting groove, the protective filter having a size that fits the size of the air inlet opening.
9. The system of claim 6, wherein the surface of the lead screw is a reverse double threaded rod and is in threaded connection with the surface of the mobile frame, and the surface of the mobile frame is in sliding connection with the surface of the stop slide bar.
10. The system of claim 6, wherein the mounting box has a slot, and wherein the locking screw shaft has a surface that is threadably engaged with an inner surface of the slot.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110913144.6A CN113660239A (en) | 2021-08-10 | 2021-08-10 | SQL injection prevention system based on salting and front-end WAF protection coupling |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110913144.6A CN113660239A (en) | 2021-08-10 | 2021-08-10 | SQL injection prevention system based on salting and front-end WAF protection coupling |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113660239A true CN113660239A (en) | 2021-11-16 |
Family
ID=78479314
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110913144.6A Pending CN113660239A (en) | 2021-08-10 | 2021-08-10 | SQL injection prevention system based on salting and front-end WAF protection coupling |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113660239A (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100199345A1 (en) * | 2009-02-04 | 2010-08-05 | Breach Security, Inc. | Method and System for Providing Remote Protection of Web Servers |
| CN103338208A (en) * | 2013-07-16 | 2013-10-02 | 五八同城信息技术有限公司 | Method and system for SQL injection and defense |
| CN106355094A (en) * | 2016-07-08 | 2017-01-25 | 耿童童 | SQL (structured query language) injection attack defensive system and defensive method based on grammar transformation |
| CN107566363A (en) * | 2017-08-30 | 2018-01-09 | 杭州安恒信息技术有限公司 | A kind of SQL injection attack guarding method based on machine learning |
| CN107644175A (en) * | 2017-09-13 | 2018-01-30 | 南京南瑞集团公司 | A kind of method for preventing SQL injection |
| CN107682373A (en) * | 2017-11-21 | 2018-02-09 | 中国电子科技集团公司第五十四研究所 | A kind of SQL injection defence method based on SQL isomerization |
| CN110290148A (en) * | 2019-07-16 | 2019-09-27 | 深圳乐信软件技术有限公司 | A kind of defence method, device, server and the storage medium of WEB firewall |
| CN111221844A (en) * | 2019-11-14 | 2020-06-02 | 广东电网有限责任公司信息中心 | Web server protection method based on mimicry instruction set randomization and database proxy node |
| CN111695152A (en) * | 2020-05-26 | 2020-09-22 | 东南大学 | MySQL database protection method based on security agent |
-
2021
- 2021-08-10 CN CN202110913144.6A patent/CN113660239A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100199345A1 (en) * | 2009-02-04 | 2010-08-05 | Breach Security, Inc. | Method and System for Providing Remote Protection of Web Servers |
| CN103338208A (en) * | 2013-07-16 | 2013-10-02 | 五八同城信息技术有限公司 | Method and system for SQL injection and defense |
| CN106355094A (en) * | 2016-07-08 | 2017-01-25 | 耿童童 | SQL (structured query language) injection attack defensive system and defensive method based on grammar transformation |
| CN107566363A (en) * | 2017-08-30 | 2018-01-09 | 杭州安恒信息技术有限公司 | A kind of SQL injection attack guarding method based on machine learning |
| CN107644175A (en) * | 2017-09-13 | 2018-01-30 | 南京南瑞集团公司 | A kind of method for preventing SQL injection |
| CN107682373A (en) * | 2017-11-21 | 2018-02-09 | 中国电子科技集团公司第五十四研究所 | A kind of SQL injection defence method based on SQL isomerization |
| CN110290148A (en) * | 2019-07-16 | 2019-09-27 | 深圳乐信软件技术有限公司 | A kind of defence method, device, server and the storage medium of WEB firewall |
| CN111221844A (en) * | 2019-11-14 | 2020-06-02 | 广东电网有限责任公司信息中心 | Web server protection method based on mimicry instruction set randomization and database proxy node |
| CN111695152A (en) * | 2020-05-26 | 2020-09-22 | 东南大学 | MySQL database protection method based on security agent |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| DE112012002624B4 (en) | Regex compiler | |
| Van Gundy et al. | Catch Me, If You Can: Evading Network Signatures with Web-based Polymorphic Worms. | |
| US10122816B2 (en) | HTTP proxy | |
| US7761917B1 (en) | Method and apparatus for the detection and prevention of intrusions, computer worms, and denial of service attacks | |
| CN101022343B (en) | Network invading detecting/resisting system and method | |
| US20070022474A1 (en) | Portable firewall | |
| US9043895B2 (en) | Reverse proxy database system and method | |
| US20100325685A1 (en) | Security Integration System and Device | |
| CN103701783B (en) | Preprocessing unit, data processing system consisting of same, and processing method | |
| JP4774307B2 (en) | Unauthorized access monitoring device and packet relay device | |
| BRPI0415789A (en) | method for managing application security with a security module | |
| CN106576051B (en) | It is a kind of to detect the method threatened for 1st, the network equipment, non-transitory machine-readable media | |
| CN1885788A (en) | Network safety protection method and system | |
| CN1642097A (en) | Journal accounting method and system | |
| CN107122657B (en) | Database agent device for defending SQL injection attack | |
| US20060080637A1 (en) | System and method for providing malware information for programmatic access | |
| CN109698831A (en) | Data prevention method and device | |
| CN104702571A (en) | Method for detecting intrusion of network data in Xen virtual environment | |
| CN111880994A (en) | Big data analysis device for information security operation and maintenance management | |
| CN113660239A (en) | SQL injection prevention system based on salting and front-end WAF protection coupling | |
| CN111585956A (en) | Website anti-brushing verification method and device | |
| CN110245195B (en) | Structured query language injection detection method and device based on honeypot system | |
| CN106789892B (en) | Universal method for defending distributed denial of service attack for cloud platform | |
| KR100500589B1 (en) | An apparatus and method for worm protection using pattern matching method based on a hardware system | |
| Shanmughaneethi et al. | SBSQLID: Securing web applications with service based SQL injection detection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20211116 |
|
| RJ01 | Rejection of invention patent application after publication |