Method for SQL injection vulnerability discovery based on simulated attack extension

A technology for simulating attacks and exploiting vulnerabilities, applied in electrical components, transmission systems, etc., can solve problems such as insecure web sites, insecure web server programs, and web application programs that contain vulnerabilities, achieving high detection rates, Good stability, to achieve the effect of coverage

Active Publication Date: 2014-05-07
JINHUA BIQI NETWORK TECH
View PDF5 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The SQL injection attacks on web applications are mainly caused by the following three aspects: (1) the web server program is not safe
If the WEB server itself has vulnerabilities such as buffer overflow, then the entire Web site has no security at all.
(2) The web application con

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for SQL injection vulnerability discovery based on simulated attack extension

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0019] The invention provides a more comprehensive solution for scanning vulnerabilities of server codes based on simulation attack extension. This scheme maintains an initial simulated attack case set during the SQL injection vulnerability scanning process, each element in the set is a SQL injection attack case, and the set can contain a SQL injection subset and the injection use cases in the subset. When performing a vulnerability scan on a webpage with an injection point, the injection test is performed based on the injection point traversal simulation attack case set of the webpage. If the injection is successful, it means that the server has a SQL injection vulnerability and no security verification mechanism is deployed. If the injection fails, the The automatic expansion rules expand the original simulated attack cases, and then perform injection tests. If the injection of the extended use cases is successful, it means that there are vulnerabilities in the server, and th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for SQL injection vulnerability discovery based on simulated attack extension. The method comprises the step that simulated attack cases injected through an SQL are extended so as to be used for discovering coding vulnerability of a server side and preventing vulnerability existing in a safety verification mechanism injected through the SQL. According to the method, the requirement for devices is simple, the discovery rate of server vulnerability is high, and meanwhile the stability is good when the method is applied to servers of different types and conducts scanning operation in safety mechanisms of different levels.

Description

technical field [0001] The invention relates to the fields of information security and webpage architecture, in particular to a method for scanning SQL injection vulnerabilities based on simulation attack expansion. Background technique [0002] As Web applications become more and more widespread, SQL injection attacks are one of the common means used by hackers to attack databases, and have become one of the biggest problems in network security. of security vulnerabilities. SQL injection attack (SQL injection) is one of the mainstream web attack methods at present. The SQL injection attacks on web applications are mainly caused by the following three aspects: (1) The web server program is not safe. If the WEB server itself has loopholes such as buffer overflow, then the entire Web site does not have any security at all. (2) The web application contains vulnerabilities. If the website programmers are inexperienced and do not filter and limit the parameters submitted by t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
Inventor 池水明周苏杭陈勤孙斌张旻方晓波
Owner JINHUA BIQI NETWORK TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products