Web attack protection method and system based on SQL injection

A rule and database technology, applied in the field of network security, can solve the problems of inaccurate results, low efficiency, large processing, etc., and achieve the effect of improving network security

Inactive Publication Date: 2021-07-30
GUIZHOU POWER GRID CO LTD
View PDF14 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] At present, there are some problems in the commonly used web attack behavior detection method based on SQL injection. In the actual attack behavior detection, the exhaustive method is often used to detect the SQL injection attack vulnerabilities existing in the web system. However, such The processing method needs to call all test cases when the web system is detected for the first time, which leads to problems such as low efficiency and large processing. In addition, there are also problems of simple design in the selection of existing test cases, which leads to inaccurate detection results. Accurate, even the problem of false negative rate

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Web attack protection method and system based on SQL injection
  • Web attack protection method and system based on SQL injection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0034] Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. It should be understood that the preferred embodiments are only for illustrating the present invention, but not for limiting the protection scope of the present invention.

[0035] Such as figure 1 As shown, the present invention proposes a kind of web attack protection method based on SQL injection, and this method specifically comprises:

[0036] Step S101: Obtain a first request for data access based on a web application.

[0037] SQL injection vulnerability is a vulnerability generated in the process of Internet data transmission based on website security. When the web application transmits SQL queries to the backward database, if the attacker can modify the syntax or meaning of the SQL statement, SQL injection may occur. Attackers can conduct SQL attacks through web form data, malicious IP address attacks, parameter modification of ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a web attack protection method based on SQL injection. The method comprises the following steps: acquiring a first data access request based on a web application program; analyzing a structured query language (SQL) injection feature in the access request, and sending the SQL injection feature to a first virtual machine based on a web application program to detect whether a SQL-based web attack behavior exists or not; if a first matching rule is met, sending the access request to a virtual database to obtain data content matched with the data access request; if a second matching rule is met, sending the access request directly to a web server to obtain data content matched with the data access request; and if the data content is not matched with the data access request, returning error information directly. Through the first detection at the web application program end and the second detection of content return, vulnerabilities existing in SQL injection are effectively protected, and the network security in the Internet data interaction process is effectively improved.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a SQL injection-based web attack protection method and system. Background technique [0002] Structured Query Language (SQL, Structured Query Language) injection attacks, that is, SQL injection attacks, may occur in any web application. Usually, web applications need to exchange data with web application servers. For web applications, obtain corresponding The code or the specific database used cannot be obtained directly, but some tests are required to confirm. The test methods adopted include actively sending exception requests to obtain the exception information returned by the web application. The exception information may contain According to the information, the web application is targeted to construct SQL statements containing attack behaviors to attack the web application. SQL injection means that the attacker sniffs out the loopholes in the web system during the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/55G06F21/57G06F16/955G06F16/242
CPCG06F21/552G06F21/577G06F16/955G06F16/2433
Inventor 魏力鹏王玮吕嵘晶龙玉江张克贤苏杨李洵王皓然严彬元刘俊荣陶佳冶周泽元方继宇班秋成周琳妍
Owner GUIZHOU POWER GRID CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap