Method for driving web application penetration testing by applying SGM-SQL (sage grant management-structured query language) injection model

A technology of penetration testing and injection model, applied in software testing/debugging, instrumentation, electrical digital data processing, etc. The lack of generalization and other problems can make up for the low accuracy of penetration testing and improve the accuracy of penetration testing.

Inactive Publication Date: 2011-07-27
NANKAI UNIV +1
View PDF8 Cites 29 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] At present, the main problem of penetration testing of web applications is that the testing accuracy is not high
This is caused by many reasons, such as the following research problems that need to be solved urgently: 1) the lack of research on the accurate definition and description of web application security vulnerabilities, resulting in the lack of criteria for accurately determining the existence of vulnerabilities in testing; 2) the use of security vulnerability penetration test cases Insuf

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for driving web application penetration testing by applying SGM-SQL (sage grant management-structured query language) injection model
  • Method for driving web application penetration testing by applying SGM-SQL (sage grant management-structured query language) injection model
  • Method for driving web application penetration testing by applying SGM-SQL (sage grant management-structured query language) injection model

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0177] According to the method of the present invention, based on the instantiation result and test algorithm of the proposed penetration test formal expression system, the penetration test is performed on the SQL injection security loophole of the web application. Taking automatic penetration testing of web applications with SQL injection security vulnerabilities as an example, the specific implementation process is as follows.

[0178] 1. Develop an automatic web application security vulnerability penetration testing system.

[0179] In order to test the target web application, a system for security vulnerability penetration testing of the tested web application can be developed: adopt the general "crawling-injection-analysis" detection method of relevant security vulnerability penetration testing. The main structure of the automatic penetration testing system is recommended to include the following modules: crawling module, penetration testing module (including use case injec...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a method for driving web application penetration testing by applying an SGM-SQL (sage grant management-structured query language) injection model, in the method, a web application penetration test framework driven by an SGM-SQL injection attack model is defined; by defining the SGM-SQL injection attack model in the framework and guiding the definition of a formalized definition set of SQL injection safety loopholes and a formalized description system of penetration test cases thereof, the accurate criterion for judging existence of the safety loopholes and the orderedcomplete test cases are further provided for the penetrating testing, and an SQL injection safety loophole penetration test algorithm driven by the SGM-SQL injection attack model is accordingly provided, thereby improving the accuracy of the web application SQL injection safety loophole penetration testing. Practices prove that the method is credible, systematic and complete, and can be applied in the field of the web application safety loophole penetration testing.

Description

【Technical field】 [0001] The invention belongs to the technical field of web application security loophole detection and model-based testing, and in particular relates to a method for modeling SQL injection attacks by using SGM and driving SQL injection security loophole penetration testing with the model. 【Background technique】 [0002] With the development of Internet technology, the problem of security loopholes in Web applications has increasingly become a significant Internet security problem. One of the most harmful vulnerabilities is the SQL injection attack vulnerability (SQL injection). SQL injection attack is a type of security vulnerability that is not difficult to attack but has serious consequences and has a wide impact. It needs to be paid attention to and studied. [0003] Software security testing is an effective way to detect whether there are security vulnerabilities in web applications. Currently, the testing of web application security vulnerabilities m...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/00G06F11/36G06F21/57
Inventor 许静田伟练坤梅张莹刘磊张天华
Owner NANKAI UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap