Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Injection vulnerability detection method and device

A vulnerability detection and vulnerability technology, which is applied in the Internet field to reduce the number of false positives and improve the accuracy

Active Publication Date: 2019-01-04
PING AN TECH (SHENZHEN) CO LTD
View PDF7 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, since many pages themselves are dynamically changing, and the content of some pages returned during multiple requests is dynamically changing, there are a lot of errors in judging whether there is an injection vulnerability by calculating the similarity value of two pages. report

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Injection vulnerability detection method and device
  • Injection vulnerability detection method and device
  • Injection vulnerability detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0054] The following will clearly and completely describe the technical solutions in the embodiments of the present application with reference to the drawings in the embodiments of the present application. Obviously, the described embodiments are part of the embodiments of the present application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

[0055] It should be understood that the terms "first", "second", "third", and "fourth" in the description and claims of the present application and the drawings are used to distinguish different objects, rather than to Describe a specific order. Furthermore, the terms "include" and "have", as well as any variations thereof, are intended to cover a non-exclusive inclusion. For example, a process, method, system, product or device comprising a series of steps or uni...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention discloses an injection vulnerability detection method and device. The method comprises the following steps of acquiring a first parameter set, wherein the first parameter set includes different page parameters between a first page and a second page; sending N third requests and M fourth requests to a server, and receiving N third pages returned by the server aimingat the N third requests and M fourth pages returned aiming at the M fourth requests, and then acquiring a second parameter set, wherein the second parameter set includes different page parameters between each two pages in the N third pages and the first page, and different page parameters between each two pages in the M fourth pages and the second page; When at least one page parameter in the first parameter set is not in the second parameter set, determining that an injection vulnerability exists in the server. In the invention, the times of false alarm can be reduced and the accuracy of injection vulnerability detection is increased.

Description

technical field [0001] The present application relates to the technical field of the Internet, in particular to a method and device for detecting injection vulnerabilities. Background technique [0002] Injection vulnerabilities are caused by not judging the legality of user input data when writing code. At present, similarity detection is a common method in injection vulnerability detection. [0003] Existing similarity detection mainly uses similar algorithms (such as local sensitive hash algorithm simhash, minimum hash algorithm minhash, etc.) to calculate the true logic (sql true logic) request returned page content and false logic (sql false logic) request The similarity value of the returned page content. When the similarity value is greater than the preset threshold, it is considered that the two pages are similar, and there is no injection vulnerability. When the similarity value is smaller than the preset threshold, it is considered that the two pages are not simi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1433
Inventor 熊庆昌
Owner PING AN TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products