Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A SQL injection vulnerability detection method and device for rest API

A vulnerability detection and detection technology, which is applied in the computer field, can solve problems such as low opening efficiency, data tampering, and inability to know code implementation details, so as to achieve high reliability and improve detection accuracy

Active Publication Date: 2021-08-10
ZHENGZHOU YUNHAI INFORMATION TECH CO LTD
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The original SOAP-based Web API had the disadvantages of cumbersome calls and low opening efficiency. In recent years, the lightweight REST API has become popular rapidly, and it has gradually replaced SOAP API as the most important API type.
[0003] However, there are various security vulnerabilities in Web API, such as SQL injection vulnerability, which is a serious web security vulnerability. Malicious attackers can inject SQL commands into parameters, causing the server to execute these SQL commands
Generally speaking, SQL injection vulnerabilities will lead to database data leakage and data tampering. If the database allows the execution of operating system commands, it may cause the entire database server to be invaded. Therefore, for Web API, SQL injection vulnerabilities are security issues that must be prevented.
[0004] However, most of the current SQL injection vulnerability detection methods for Web APIs are for SOAP API detection. There is no SQL injection vulnerability detection method and corresponding tools for REST APIs, and the REST APIs in the real Internet environment are unknown. Its code implementation details, at the same time, the RESTful API has new features when calling, and adopts a new authentication and authorization protocol
As a result, none of the existing detection algorithms can effectively detect SQL injection vulnerabilities for REST APIs

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A SQL injection vulnerability detection method and device for rest API
  • A SQL injection vulnerability detection method and device for rest API
  • A SQL injection vulnerability detection method and device for rest API

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0051] The following will clearly and completely describe the technical solutions in the embodiments of the application with reference to the drawings in the embodiments of the application. Apparently, the described embodiments are only some of the embodiments of the application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

[0052] In order to facilitate the understanding of the technical solution provided by the present application, a brief description of the research background of the technical solution of the present application is given below.

[0053] As we all know, as described in the background technology, due to the shortcomings of cumbersome calls and low opening efficiency of SOAP-based Web API, in recent years, lightweight REST API has become popular rapidly, and it has gradually replaced SOA...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

This application discloses a SQL injection vulnerability detection method and device for a REST API. The method includes: first injecting a detection vector that is easy to trigger SQL syntax errors into the API list to be detected to form a first API attack request, and then using SQL error information to regularize Match the expression to detect whether there is an SQL syntax error in the first API attack response; if no SQL syntax error is detected, according to the API parameter type, inject the vector of two API response content comparison detections, and obtain the second API attack response, After the third API attack response and API normal response, compare the three to detect whether the relationship between the three meets the preset SQL injection vulnerability conditions, and obtain the detection result. It can be seen that this application achieves effective detection of SQL injection vulnerabilities in RESTful APIs by injecting detection vectors that are likely to trigger SQL syntax errors and API response content comparison detection vectors into the RESTful API to be detected, and then detecting the corresponding API responses. .

Description

technical field [0001] The present application relates to the field of computer technology, in particular to a SQL injection vulnerability detection method and device for a REST API. Background technique [0002] With the opening of APIs (Web services) by major Internet companies, the functions of Web applications have become more scalable; at the same time, a complex Web ecosystem in which multiple Web services are coordinated to complete transactions has gradually formed, such as e-commerce third-party payment services, etc. Web API has thus become a key link between Web applications. The original SOAP-based Web API had the disadvantages of cumbersome calls and low opening efficiency. In recent years, the lightweight REST API has become popular rapidly, and it has gradually replaced SOAP API as the most important API type. [0003] However, there are various security vulnerabilities in Web API, such as SQL injection vulnerability, which is a serious web security vulnerabi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/1416H04L63/1433H04L63/1466H04L67/02
Inventor 刘浩
Owner ZHENGZHOU YUNHAI INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com