Unlock instant, AI-driven research and patent intelligence for your innovation.

A vulnerability detection method and device

A vulnerability detection and vulnerability technology, applied in transmission systems, electrical components, etc., can solve the problems of error-prone, low vulnerability detection efficiency, etc., and achieve the effect of improving efficiency and accuracy

Active Publication Date: 2021-06-15
ZHENGZHOU YUNHAI INFORMATION TECH CO LTD
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, when there is no echo in the web application, the existing penetration testing tools need to manually input and view data, and the detection efficiency of vulnerabilities is low and error-prone

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A vulnerability detection method and device
  • A vulnerability detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] The inventor found through research that there may be SQL injection vulnerabilities, command execution vulnerabilities, SSRF and other vulnerabilities in the Web site, and in the process of detecting the vulnerabilities, the Web application sometimes does not echo, resulting in low efficiency of vulnerability detection.

[0032] Currently, when there is no echo in the web application, you can use the penetration testing tool to detect vulnerabilities. Penetration testing is a mechanism provided to prove that the network defense is operating normally according to the expected plan. Generally speaking, the security of the computer network system can be evaluated by simulating the attack method of malicious hackers.

[0033] In addition, the domain name system is the mapping relationship between domain names and Internet Protocol (IP) addresses on the World Wide Web. Users can access the Internet through domain names, and obtain the IP addresses corresponding to domain name...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the present application discloses a vulnerability detection method and device. Firstly, the URL of the uniform resource locator to be detected and the attack load are obtained. The attack load can be used to generate domain name system parsing logs, and an access request is sent to the URL to be detected. In the access request Including the attack payload, determine whether there is a domain name system resolution log corresponding to the URL to be detected. If it exists, it means that the URL to be detected has a vulnerability and executed the command in the attack payload to generate a domain name system resolution log, that is, the URL to be detected is not detected If the attack payload is detected or the attack payload is not filtered out, then it can be considered that the URL to be detected has a vulnerability. Therefore, in the embodiment of the present application, the detection of the vulnerability of the URL to be detected can be automatically completed without manual loading and manual checking, which improves the efficiency and accuracy of vulnerability detection.

Description

technical field [0001] The invention relates to the technical field of computer Web service applications, in particular to a loophole detection method and device. Background technique [0002] Web sites are the basic components of the Internet. Today's Web sites all use dynamic interactive web page technology, and most of them use databases to store data on the sites. A database-driven Web site usually consists of three layers: presentation layer, logic layer, and storage layer. The presentation layer is used for page display, the logic layer implements specific business functions, and the storage layer implements data storage. The HTTP request is transmitted to the logic layer through the presentation layer, and the logic layer uses commands to request data from the storage layer database as needed, and forms an HTTP response to return to the presentation layer. [0003] Web sites may have vulnerabilities, such as Structured Query Language (Structured Query Language, SQL)...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/1416H04L63/1433H04L61/4511
Inventor 陈栋
Owner ZHENGZHOU YUNHAI INFORMATION TECH CO LTD