Injection vulnerability detection method and device

A vulnerability detection and vulnerability technology, which is applied in the computer field, can solve the problems of high task processing pressure of business servers, low detection efficiency, and occupation of transmission bandwidth, etc., and achieve the effect of solving low detection efficiency, reducing task processing pressure, and avoiding consumption

Active Publication Date: 2018-10-16
TENCENT TECH (SHENZHEN) CO LTD
View PDF9 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, although the above method can accurately detect injection vulnerabilities, it needs to initiate thousands or even more web page access requests to the business server, which will not only consume a lot of time and occupy a lot of tr

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Injection vulnerability detection method and device
  • Injection vulnerability detection method and device
  • Injection vulnerability detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numerals in different drawings refer to the same or similar elements unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the present invention. Rather, they are merely examples of apparatuses and methods consistent with aspects of the invention as recited in the appended claims.

[0034] As mentioned above, the injection vulnerability is caused by parameter injection, that is, during the query process of the business database, as parameters are injected into the business database, the executed database statement generated during the query process may not meet the grammatical rules.

[0035] For example, when there is no injection vulnerability in the webpage requested by the ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to an injection vulnerability detection method and device. The injection vulnerability detection method comprises the following steps: receiving a webpage access request initiated by an application according to a parameter carrying a detection mark, wherein the webpage access request indicates a webpage requested to be accessed by the application; responding to the webpage access request, and performing injection query on a service database according to the parameter carrying the detection mark; monitoring a query process of the service database, and acquiring an executeddatabase statement generated during the query process; and performing grammatical analysis on the executed database statement including the detection mark, and obtaining a detection result for indicating whether the webpage has an injection vulnerability. The injection vulnerability detection method and the device provided by the invention solve the problem of low efficiency of injection vulnerability detection in the prior art.

Description

technical field [0001] The invention relates to the field of computer technology, in particular to a method and device for detecting injection loopholes. Background technique [0002] With the development of computer technology, applications installed in terminals can provide users with more and more offline services, and with the diversification of user needs, applications will also need to deploy some services in business servers, making Through the initiation of the web page access request, the application program requests to query the business database deployed in the business server, and then obtain the web page resource returned by the business server, so that the user can enjoy the online service provided by the application program through the web page resource. [0003] For the query performed by the business database, it can be a non-injection query without parameters, or an injection query with parameters. If the business server does not perform parameter verifica...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06G06F21/57G06F17/30
CPCG06F21/577H04L63/1433H04L63/1466
Inventor 牛保龙杨勇胡珀刘志颖李相垚易楠陈剑洪旭升苗军
Owner TENCENT TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap