Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

SQL injection vulnerability detection method and device for REST API

A vulnerability detection and detection technology, applied in the computer field, can solve the problems of data tampering, low opening efficiency, user input parameter validity verification and filtering, etc., and achieve the effect of improving detection accuracy and high reliability

Active Publication Date: 2019-01-18
ZHENGZHOU YUNHAI INFORMATION TECH CO LTD
View PDF8 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The original SOAP-based Web API had the disadvantages of cumbersome calls and low opening efficiency. In recent years, the lightweight REST API has become popular rapidly, and it has gradually replaced SOAP API as the most important API type.
[0003] However, there are various security vulnerabilities in Web API, such as SQL injection vulnerability, which is a serious web security vulnerability. Malicious attackers can inject SQL commands into parameters, causing the server to execute these SQL commands
Generally speaking, SQL injection vulnerabilities will lead to database data leakage and data tampering. If the database allows the execution of operating system commands, it may cause the entire database server to be invaded. Therefore, for Web API, SQL injection vulnerabilities are security issues that must be prevented.
[0004] However, most of the current SQL injection vulnerability detection methods for Web APIs are for SOAP API detection. There is no SQL injection vulnerability detection method and corresponding tools for REST APIs, and the REST APIs in the real Internet environment are unknown. Its code implementation details, at the same time, the RESTful API has new features when calling, and adopts a new authentication and authorization protocol
As a result, none of the existing detection algorithms can effectively detect SQL injection vulnerabilities for REST APIs

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SQL injection vulnerability detection method and device for REST API
  • SQL injection vulnerability detection method and device for REST API
  • SQL injection vulnerability detection method and device for REST API

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0051] The following will clearly and completely describe the technical solutions in the embodiments of the application with reference to the drawings in the embodiments of the application. Apparently, the described embodiments are only some of the embodiments of the application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

[0052] In order to facilitate the understanding of the technical solution provided by the present application, a brief description of the research background of the technical solution of the present application is given below.

[0053] As we all know, as described in the background technology, due to the shortcomings of cumbersome calls and low opening efficiency of SOAP-based Web API, in recent years, lightweight REST API has become popular rapidly, and it has gradually replaced SOA...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an SQL injection vulnerability detection method and device for a REST API, and the method comprises the steps: injecting a detection vector that is easy to trigger a SQL syntaxerror into a to-be-detected API list to form a first API attack request, and then using a SQL error information regular matching expression to detect whether a first API attack response has a SQL syntax error or not; injecting two API response content comparison detection vectors according to the type of an API parameter if no SQL syntax error is detected, obtaining a second API attack response,a third API attack response and an API normal response to perform the comparison therebetween, detecting whether the relationship between the second API attack response, the third API attack responseand the API normal response meets a default SQL injection vulnerability condition and obtaining a detection result. Therefore, the detection vector that is easy to trigger the SQL syntax error and a vector for the API response content comparison detection are injected into the to-be-detected RESTful API, thereby detecting the mode of the corresponding API response, and achieving the effective detection of the SQL injection vulnerability of the RESTful API.

Description

technical field [0001] The present application relates to the field of computer technology, in particular to a SQL injection vulnerability detection method and device for a REST API. Background technique [0002] With the opening of APIs (Web services) by major Internet companies, the functions of Web applications have become more scalable; at the same time, a complex Web ecosystem in which multiple Web services are coordinated to complete transactions has gradually formed, such as e-commerce third-party payment services, etc. Web API has thus become a key link between Web applications. The original SOAP-based Web API had the disadvantages of cumbersome calls and low opening efficiency. In recent years, the lightweight REST API has become popular rapidly, and it has gradually replaced SOAP API as the most important API type. [0003] However, there are various security vulnerabilities in Web API, such as SQL injection vulnerability, which is a serious web security vulnerabi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/1416H04L63/1433H04L63/1466H04L67/02
Inventor 刘浩
Owner ZHENGZHOU YUNHAI INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products