SQL (Structured Query Language) injection type vulnerability detection method and system oriented to Java Web application

SQL (Structured Query Language) injection type vulnerability detection method and system oriented to Java Web application

The invention discloses an SQL (Structured Query Language) injection type vulnerability detection method and system for Java Web application, and relates to the field of computer network security. According to the method, the expert knowledge base is used for performing taint marking on the Source p...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: FENG YUN, TAN YAOKANG, TAN RU, CHEN QINGWANG, CAO YAQIN, ZHU HONGWEN, XIAO JUXIN, LIU QIXU
Format: Patent
Sprache:chi ; eng
Schlagworte:
CALCULATING
COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title
container_volume
creator FENG YUN
TAN YAOKANG
TAN RU
CHEN QINGWANG
CAO YAQIN
ZHU HONGWEN
XIAO JUXIN
LIU QIXU
description The invention discloses an SQL (Structured Query Language) injection type vulnerability detection method and system for Java Web application, and relates to the field of computer network security. According to the method, the expert knowledge base is used for performing taint marking on the Source point and the Sink point, and program slicing, pruning and optimizing are performed on the function call graph, so that the efficiency of a static analysis technology based on the code attribute graph is improved while the detection type range of the Java Web SQL injection vulnerability is expanded, the method adapts to the change trend of the current Java Web SQL injection vulnerability, and the detection efficiency of the Java Web SQL injection vulnerability is improved. And the security and the reliability of the current Java Web application system can be improved. 本发明公开了一种面向Java Web应用的SQL注入型漏洞检测方法及系统,涉及计算机网络安全领域。本发明使用专家知识库对Source点和Sink点进行污点标记,对函数调用图进行程序切片剪枝优化,在扩大面向Java Web SQL注入漏洞检测类型范围的同时,也提高了基于代码属性图的静态分析技术的效率,
format Patent
fullrecord <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_CN118468288A</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>CN118468288A</sourcerecordid><originalsourceid>FETCH-epo_espacenet_CN118468288A3</originalsourceid><addsrcrecordid>eNqNjLEKwjAURbs4iPoPz00Hh6pIVymKSBFKBcfymj5rJE1C8lLI36vQD3C6wznnTpNYlQWsKnZBcHDUQhnIRShQdwE7WoPUbxIsjQaOlmAISpPDRirJEVriEfbEL9MC6hZ89Ew9GCdJ8_eRDVxxQHhQA2itkgJ_yTyZPFF5Wow7S5bn0z2_bMiamrxFQZq4zm9pmu0P2TbLjrt_nA_kREak</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>SQL (Structured Query Language) injection type vulnerability detection method and system oriented to Java Web application</title><source>esp@cenet</source><creator>FENG YUN ; TAN YAOKANG ; TAN RU ; CHEN QINGWANG ; CAO YAQIN ; ZHU HONGWEN ; XIAO JUXIN ; LIU QIXU</creator><creatorcontrib>FENG YUN ; TAN YAOKANG ; TAN RU ; CHEN QINGWANG ; CAO YAQIN ; ZHU HONGWEN ; XIAO JUXIN ; LIU QIXU</creatorcontrib><description>The invention discloses an SQL (Structured Query Language) injection type vulnerability detection method and system for Java Web application, and relates to the field of computer network security. According to the method, the expert knowledge base is used for performing taint marking on the Source point and the Sink point, and program slicing, pruning and optimizing are performed on the function call graph, so that the efficiency of a static analysis technology based on the code attribute graph is improved while the detection type range of the Java Web SQL injection vulnerability is expanded, the method adapts to the change trend of the current Java Web SQL injection vulnerability, and the detection efficiency of the Java Web SQL injection vulnerability is improved. And the security and the reliability of the current Java Web application system can be improved. 本发明公开了一种面向Java Web应用的SQL注入型漏洞检测方法及系统,涉及计算机网络安全领域。本发明使用专家知识库对Source点和Sink点进行污点标记,对函数调用图进行程序切片剪枝优化,在扩大面向Java Web SQL注入漏洞检测类型范围的同时,也提高了基于代码属性图的静态分析技术的效率,</description><language>chi ; eng</language><subject>CALCULATING ; COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS ; COMPUTING ; COUNTING ; ELECTRIC DIGITAL DATA PROCESSING ; PHYSICS</subject><creationdate>2024</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20240809&amp;DB=EPODOC&amp;CC=CN&amp;NR=118468288A$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,776,881,25543,76294</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20240809&amp;DB=EPODOC&amp;CC=CN&amp;NR=118468288A$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>FENG YUN</creatorcontrib><creatorcontrib>TAN YAOKANG</creatorcontrib><creatorcontrib>TAN RU</creatorcontrib><creatorcontrib>CHEN QINGWANG</creatorcontrib><creatorcontrib>CAO YAQIN</creatorcontrib><creatorcontrib>ZHU HONGWEN</creatorcontrib><creatorcontrib>XIAO JUXIN</creatorcontrib><creatorcontrib>LIU QIXU</creatorcontrib><title>SQL (Structured Query Language) injection type vulnerability detection method and system oriented to Java Web application</title><description>The invention discloses an SQL (Structured Query Language) injection type vulnerability detection method and system for Java Web application, and relates to the field of computer network security. According to the method, the expert knowledge base is used for performing taint marking on the Source point and the Sink point, and program slicing, pruning and optimizing are performed on the function call graph, so that the efficiency of a static analysis technology based on the code attribute graph is improved while the detection type range of the Java Web SQL injection vulnerability is expanded, the method adapts to the change trend of the current Java Web SQL injection vulnerability, and the detection efficiency of the Java Web SQL injection vulnerability is improved. And the security and the reliability of the current Java Web application system can be improved. 本发明公开了一种面向Java Web应用的SQL注入型漏洞检测方法及系统,涉及计算机网络安全领域。本发明使用专家知识库对Source点和Sink点进行污点标记,对函数调用图进行程序切片剪枝优化,在扩大面向Java Web SQL注入漏洞检测类型范围的同时,也提高了基于代码属性图的静态分析技术的效率,</description><subject>CALCULATING</subject><subject>COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS</subject><subject>COMPUTING</subject><subject>COUNTING</subject><subject>ELECTRIC DIGITAL DATA PROCESSING</subject><subject>PHYSICS</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2024</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNqNjLEKwjAURbs4iPoPz00Hh6pIVymKSBFKBcfymj5rJE1C8lLI36vQD3C6wznnTpNYlQWsKnZBcHDUQhnIRShQdwE7WoPUbxIsjQaOlmAISpPDRirJEVriEfbEL9MC6hZ89Ew9GCdJ8_eRDVxxQHhQA2itkgJ_yTyZPFF5Wow7S5bn0z2_bMiamrxFQZq4zm9pmu0P2TbLjrt_nA_kREak</recordid><startdate>20240809</startdate><enddate>20240809</enddate><creator>FENG YUN</creator><creator>TAN YAOKANG</creator><creator>TAN RU</creator><creator>CHEN QINGWANG</creator><creator>CAO YAQIN</creator><creator>ZHU HONGWEN</creator><creator>XIAO JUXIN</creator><creator>LIU QIXU</creator><scope>EVB</scope></search><sort><creationdate>20240809</creationdate><title>SQL (Structured Query Language) injection type vulnerability detection method and system oriented to Java Web application</title><author>FENG YUN ; TAN YAOKANG ; TAN RU ; CHEN QINGWANG ; CAO YAQIN ; ZHU HONGWEN ; XIAO JUXIN ; LIU QIXU</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_CN118468288A3</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>chi ; eng</language><creationdate>2024</creationdate><topic>CALCULATING</topic><topic>COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS</topic><topic>COMPUTING</topic><topic>COUNTING</topic><topic>ELECTRIC DIGITAL DATA PROCESSING</topic><topic>PHYSICS</topic><toplevel>online_resources</toplevel><creatorcontrib>FENG YUN</creatorcontrib><creatorcontrib>TAN YAOKANG</creatorcontrib><creatorcontrib>TAN RU</creatorcontrib><creatorcontrib>CHEN QINGWANG</creatorcontrib><creatorcontrib>CAO YAQIN</creatorcontrib><creatorcontrib>ZHU HONGWEN</creatorcontrib><creatorcontrib>XIAO JUXIN</creatorcontrib><creatorcontrib>LIU QIXU</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>FENG YUN</au><au>TAN YAOKANG</au><au>TAN RU</au><au>CHEN QINGWANG</au><au>CAO YAQIN</au><au>ZHU HONGWEN</au><au>XIAO JUXIN</au><au>LIU QIXU</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>SQL (Structured Query Language) injection type vulnerability detection method and system oriented to Java Web application</title><date>2024-08-09</date><risdate>2024</risdate><abstract>The invention discloses an SQL (Structured Query Language) injection type vulnerability detection method and system for Java Web application, and relates to the field of computer network security. According to the method, the expert knowledge base is used for performing taint marking on the Source point and the Sink point, and program slicing, pruning and optimizing are performed on the function call graph, so that the efficiency of a static analysis technology based on the code attribute graph is improved while the detection type range of the Java Web SQL injection vulnerability is expanded, the method adapts to the change trend of the current Java Web SQL injection vulnerability, and the detection efficiency of the Java Web SQL injection vulnerability is improved. And the security and the reliability of the current Java Web application system can be improved. 本发明公开了一种面向Java Web应用的SQL注入型漏洞检测方法及系统,涉及计算机网络安全领域。本发明使用专家知识库对Source点和Sink点进行污点标记,对函数调用图进行程序切片剪枝优化,在扩大面向Java Web SQL注入漏洞检测类型范围的同时,也提高了基于代码属性图的静态分析技术的效率,</abstract><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier
ispartof
issn
language chi ; eng
recordid cdi_epo_espacenet_CN118468288A
source esp@cenet
subjects CALCULATING
COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
title SQL (Structured Query Language) injection type vulnerability detection method and system oriented to Java Web application
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-22T23%3A23%3A16IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=FENG%20YUN&rft.date=2024-08-09&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3ECN118468288A%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true