Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

SQL injection vulnerability automatic detection platform and method based on adaptive random test

A technology of random testing and automatic detection, applied in the field of information security, can solve the problems of high cost of running test cases, sparse effective test cases, and large test case space, so as to enhance flexibility and usability, improve test methods, and improve test efficiency Effect

Active Publication Date: 2017-11-21
INST OF SOFTWARE - CHINESE ACAD OF SCI
View PDF2 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] Although this method can effectively find the loopholes in the application, this method has some relatively large challenges in practical application: (1) the test case space is huge, (2) the effective test cases are sparse, (3) Test cases are expensive to run
Since there are many types of Sql injection vulnerabilities, user input cannot be expected. During the testing process, in order to find software vulnerabilities more effectively and comprehensively, it is usually necessary to generate a large number of test cases. Among these test cases, the test cases that can effectively trigger vulnerabilities are very Therefore, it will take a lot of time to detect whether there are vulnerabilities in the application by executing the test cases one by one with the ordinary fuzzing method.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SQL injection vulnerability automatic detection platform and method based on adaptive random test
  • SQL injection vulnerability automatic detection platform and method based on adaptive random test
  • SQL injection vulnerability automatic detection platform and method based on adaptive random test

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] Such as figure 1 As shown, the platform of the present invention is based on the Ubuntu 14.10 operating system, by initializing the test case, analyzing and extracting the test case feature vector, and carrying out vectorized representation of the test case, using HTTP request to send the test case to the test target, and recording the test case According to the response of the target, it is judged whether the Sql injection vulnerability is found according to the response, the distance between the test cases is calculated, and the test case for the next test is adaptively selected. More specifically, it includes the following modules: test case initialization module, test case feature extraction module, test case self-adaptive selection module, test case test module and so on.

[0026] (1) Initialize the test cases added by user-defined or predefined by the detection platform, and mutate the test cases according to the predefined rules. The test cases added by the user...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to an SQL (Structured Query Language) injection vulnerability automatic detection platform and method based on self-adaptive random test. The detection platform runs on a Ubuntu 14.10 operating system. According to the detection platform, test cases are initialized; feature vectors of the test cases are analyzed and extracted; the test cases are subjected to vectorization representation; the test cases are sent to a test target by using an HTTP (Hyper Text Transport Protocol) request; a response of the test target is recorded; according to the response, whether an SQL injection vulnerability is found is determined; distances between the test cases are calculated; test cases for carrying out test next time are adaptively selected. The detection platform creatively proposes to use a self-adaptive random test method, and supports to rapidly and automatically detect the target in a customized mode; on the basis of arranging the rich test cases in the platform, users can add test cases according to use demands of the users, and the platform can automatically complete initialization, variation, feature extraction and calculation on the test cases, so that the optimal test effect is achieved.

Description

technical field [0001] The invention relates to a Sql injection vulnerability automatic detection platform and method based on self-adaptive random testing, belonging to the technical field of information security. Background technique [0002] Sql (database) injection vulnerability is a common vulnerability in web applications. Due to the incomplete verification of user input by the application, malicious statements illegally entered by users are correctly executed in the database, exposing database information. According to the survey report of the Open Web Application Project, injection vulnerabilities have been ranked among the top 10 most harmful web security vulnerabilities for many years. Due to the harmfulness and pervasiveness of Sql injection vulnerabilities, many researchers have proposed various models and methods for detection and prevention of such security vulnerabilities. Currently commonly used methods are mainly through static analysis, user input filterin...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/36G06F21/57
CPCG06F11/3684G06F11/3688G06F21/577
Inventor 张东红张震宇汪诚弘
Owner INST OF SOFTWARE - CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com