SQL statement detection method and system

A statement and technology to be detected, applied in the field of data security, can solve problems such as low detection efficiency and inability to expand the detection range, and achieve the effect of improving efficiency and good scalability

Active Publication Date: 2017-11-21
SANGFOR TECH INC
View PDF8 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For each dangerous statement, construct a detection rule, that is, a security rule, to detect and identify SQL statements that are the same as or similar to the dangerous statement, and run different security rules in sequence to analyze and identify each SQL statement separately. When the development of the plug-in is completed, its detection function is solidified. It can only detect SQL statements that are the same as or similar to the preset dangerous statements, and its detection range cannot be expanded. In addition, when there are many security rule plug-ins that need to be run, each security rule Plug-ins need to parse and identify all SQL statements, repeated parsing of SQL statements will make the detection efficiency low

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SQL statement detection method and system
  • SQL statement detection method and system
  • SQL statement detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0044] The embodiment of the present invention provides a method and system for detecting SQL statements, which are used for rapidly expanding the adaptability of the detection range, and efficiently detecting and defending database security vulnerabilities.

[0045] In the embodiment of the present invention, firstly, the feature information of each statement in the SQL statement is uniformly analyzed through the analysis module, and each plug-in does not need to repeatedly analyze the SQL statement, which improves the detection efficiency, and then the security rule plug-in extracts Match the feature information to obtain the security rule ID corresponding to the successfully matched security rule, and finally take corresponding actions according to the matching result of the rule ID. Since the security rule plug-in executes the corresponding security rules according to the loaded configuration file, when the detection requirements change with the change of the attack method,...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

Embodiments of the invention provide an SQL statement detection method and system, and aims at rapidly and efficiently detecting and defensing database security holes. The method comprises the following steps of: extracting feature information of each statement from to-be-detected structured query language SQL statements by an analysis module; loading a configuration file by a safety regulation plugin, matching the feature information according to corresponding safety regulations in the configuration file, and determining safety regulation IDs of the successfully matched safety regulations according to the matching result, wherein the safety regulations correspond to at least one safety regulation ID; and carrying out statistics on the successfully matched safety regulation IDs by a strategy matching module and executing preset safety strategies corresponding to the safety regulation IDs.

Description

technical field [0001] The invention relates to the field of data security, in particular to a SQL statement detection method and system. Background technique [0002] As a very important storage tool, databases often store a large amount of valuable or sensitive information, including financial, intellectual property, corporate data, etc. Network hackers will use various channels to obtain what they want information. Therefore, ensuring database security becomes particularly important. There are many means for network hackers to obtain information, such as SQL injection, which will take advantage of the loopholes in website construction to construct some special SQL statements to obtain information illegally. [0003] Each dangerous behavior corresponds to a SQL feature. In the prior art, dangerous behaviors are identified by identifying SQL features. For example, select * from a into outfile "D: / test.txt", the data in data table a can be exported to "D: / test.txt", caus...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F17/30G06F21/55
CPCG06F21/55G06F16/2448
Inventor 陈诗礼
Owner SANGFOR TECH INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap