Detection method and detection system for SQL injection attack

Abstract

The invention discloses a detection method and a detection system for SQL (Structured Query Language) injection attack. The detection method and the detection system are used for increasing the accuracy of vulnerability detection for SQL injection attack and assisting the website in finding the true SQL injection vulnerability. The detection method for SQL injection attack comprises the following steps of: detecting a dangerous attack HTTP (Hyper Text Transfer Protocol) request and/or safe attack HTTP request contained in an HTTP request, for the HTTP request sent to a server by a request terminal; sending the detected safe attack HTTP request to the server and intercepting the detected dangerous attack HTTP request; for an HTTP response corresponding to the HTTP request containing the safe attack HTTP request returned to the request terminal by the server, confirming the existence of the SQL injection vulnerability if detecting the preset first feature information contained in the HTTP response.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a SQL injection attack detection method and system. Background technique [0002] SQL (Structured Query Language, Structured Query Language) injection attack refers to the construction of special input as parameters into the Web application, and these inputs are mostly some combinations in the SQL syntax, by executing the SQL statement to execute the attacker's desired The main reason is that the program does not carefully filter the data entered by the user, resulting in illegal data intrusion into the system. [0003] The current defense algorithms against SQL injection are mainly based on rules and semantic analysis. The rules mainly use regular matching to filter the input parameters for each SQL injection rule. Semantic analysis is mainly based on the compiling principle. It performs semantic analysis on HTTP (HyperText Transfer Protocol, Hypertext Transfer Pr...

AI Technical Summary

Problems solved by technology

[0004] The above two methods are based on the detection of HTTP requests. The obvious defect brought about by this is that the judgment of SQL injection attacks is based on theory and has not been tested in practice, which will cause more false positives.

There are at least two adverse effects: one is that the website itself has no loopholes, but the protection product generates a bunch of attack logs, which customers cannot read, and the value of the product is not strong; the other is that the website itself has loopholes, but because Attacks are blocked by protection products, and website administrators cannot know the SQL injection attack vulnerabilities that exist on the website. Once the protection products fail or there are new 0-day (cracked) vulnerabilities that bypass the protection products, the website security will be seriously threatened

Images