Abstract: To diagnose vulnerabilities such as SQL injection, even for web-server devices that change the content of responses to requests in accordance with prescribed conditions. A normal-response collection means (10) transmits a normal request (REQN), accompanied by a registered user ID and password, a plurality of times. Said normal-response collection means (10) receives a plurality of responses (RESN) (hereafter “normal responses”) from a web server in response to the normal requests. A common-region extraction means (12) extracts a common region from the plurality of normal responses. An abnormal-response collection means (18) performs SQL injection on the web server, receives the response (RESA) (hereafter “abnormal response”), and records same in a storage unit (16). A determination means (14) determines that the web server has a vulnerability if the normal responses and the abnormal response are the same in the common region.
Type:
Grant
Filed:
November 10, 2011
Date of Patent:
December 23, 2014
Assignee:
Kyocera Communication Systems, Co., Ltd.
Abstract: To diagnose vulnerabilities such as SQL injection, even for web-server devices that change the content of responses to requests in accordance with prescribed conditions. A normal-response collection means (10) transmits a normal request (REQN), accompanied by a registered user ID and password, a plurality of times. Said normal-response collection means (10) receives a plurality of responses (RESN) (hereafter “normal responses”) from a web server in response to the normal requests. A common-region extraction means (12) extracts a common region from the plurality of normal responses. An abnormal-response collection means (18) performs SQL injection on the web server, receives the response (RESA) (hereafter “abnormal response”), and records same in a storage unit (16). A determination means (14) determines that the web server has a vulnerability if the normal responses and the abnormal response are the same in the common region.
Type:
Application
Filed:
November 10, 2011
Publication date:
August 29, 2013
Applicant:
KYOCERA COMMUNICATION SYSTEMS, Co. Ltd.