Check patentability & draft patents in minutes with Patsnap Eureka AI!

A SQL injection detection method and device

A detection method and technology of time duration, applied in the field of network security, can solve the problems of false positives, low detection accuracy, false negatives, etc., and achieve the effects of accurate response time, improved accuracy, and reduced false positives and false positives.

Active Publication Date: 2019-11-19
NSFOCUS INFORMATION TECHNOLOGY CO LTD +1
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The embodiment of the present application provides a SQL injection detection method and device, which are used to solve the problems of low detection accuracy, missing and false positives in the prior art, etc.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A SQL injection detection method and device
  • A SQL injection detection method and device
  • A SQL injection detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0036] Such as figure 1 As mentioned above, it is a schematic flow chart of the method provided in the embodiment of the present application, and the method includes the following steps:

[0037] Step 101: Inject a delayed injection command into at least one HTTP request and send it to the server after obtaining the delayed HTTP request.

[0038] Among them, the delay injection command records the delay time that needs to be executed (that is, directly records the value of the delay time) or records the impact factor that represents the number of repeated executions of the characteristic expression (that is, indirectly indicates the value of the delay time value).

[0039]In the mode of indirectly indicating the value of the delay time, when the delay injection command is injected into at least one HTTP request, it is only necessary to set the impact factor of the number of repeated executions. Then, multiply the impact factor by the set coefficient to obtain the number of r...

Embodiment 2

[0104] In order to facilitate a further understanding of the SQL injection detection method provided in the present application, the embodiment of the present application further describes the method. Such as figure 2 shown, including the following steps:

[0105] Step 201: Inject the delay injection command into at least two HTTP requests and send it to the server after obtaining the delay HTTP request; the delay time in the delay injection command of at least one delay HTTP request is the same as that of other delay HTTP requests The delay time in the delay injection command is different.

[0106] Step 202: For each delayed HTTP request, disconnect the connection for the delayed HTTP request when the response data of the delayed HTTP request is started to be received.

[0107] Step 203: For each delayed HTTP request, from the processing record for the delayed HTTP request, read the field value of the specified field as the specified duration of the delayed HTTP request, a...

Embodiment 3

[0120] Based on the same inventive concept, the embodiment of the present application also provides a SQL injection detection device, the SQL injection detection principle of the device is similar to the SQL injection detection principle of the above SQL injection detection method. For details, please refer to the content of the above method, which will not be repeated here.

[0121] Such as image 3 Shown, is the structural representation of this device, and described device comprises:

[0122] Delayed injection command injection module 301: for injecting a delayed injection command into at least one HTTP request and sending it to the server after obtaining a delayed HTTP request.

[0123] Specified duration determination module 302: for each delayed HTTP request, determine the specified duration for the delayed HTTP request; wherein, the specified duration refers to the period from the beginning of domain name resolution or from the establishment of a TCP connection to the ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an SQL (Structured Query Language) injection detection method and device. The SQL injection detection method comprises the following steps: injecting a delaying injection command into at least one HTTP (Hyper Text Transport Protocol) request to obtain a delay HTTP request and sending the delay HTTP request to a server side; determining partial duration in duration from domain name resolution of each delay HTTP request or duration from establishment of TCP (Transmission Control Protocol) connection to receiving of response data, wherein the partial duration comprises duration from successful establishment of the TCP connection to the starting to receive the response data; and determining whether an injection bug exists or not according to the determined appointed duration and the pre-set duration. According to the SQL injection detection method disclosed by the invention, the accuracy of SQL injection detection can be improved. If the calculation finishing time of the appointed duration is the time of starting to receive the response data, connection can be switched off, so that the problem that effective response time cannot be obtained under a high concurrence condition is alleviated, an overtime phenomenon caused by the fact files are too large can also be avoided, and incorrect reporting and missed reporting, caused by influences of network variation, are avoided.

Description

technical field [0001] The present application relates to the technical field of network security, in particular to a SQL injection detection method and device. Background technique [0002] SQL (Structured Query Language, Structured Query Language) injection vulnerability is a common vulnerability in web application security. In practical applications, the SQL injection detection method is also a SQL injection attack method, that is, the target server is attacked by using the set SQL injection attack method, and whether there is an SQL injection vulnerability is determined according to the feedback from the target server. [0003] In the prior art, multiple HTTP (Hyper Text Transfer Protocol, Hyper Text Transfer Protocol) requests carrying SQL injection commands are used to detect time-type SQL injection vulnerabilities. Moreover, for the HTTP request used for detecting vulnerabilities, the timing is usually started from the resolution of the domain name (DNS, Domain Name ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1466
Inventor 符春辉田杰刘璐周黎张鑫赵一民
Owner NSFOCUS INFORMATION TECHNOLOGY CO LTD
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com