计算机技术与发展Issue(3):121-124,128,5.DOI:10.3969/j.issn.1673-629X.2013.03.031
Web2.0环境下SQL注入漏洞注入点提取方法
Injection Point Extraction Approach in SQL Injection Vulnerability under Web2. 0 Environment
摘要
Abstract
To solve the SQL injection vulnerability detection in website under Web2. 0 environment,proposed an injection point extraction approach. According to the characteristics of Web2. 0 websites,by analyzing HTML markup,parsing and executing web client script,this approach got comprehensive data entry points of the website. Depending on the type of data entry points and arguments,built test case and established the rule to determine injection points,thereby enhancing the SQL injection vulnerability detection. Experimental results showed that,after adding script analysis and data entry point extraction,the approach of SQL injection vulnerability detection under Web2. 0 envi-ronment increased test coverage and reduced the rate of missing. This approach that used to detect SQL injection vulnerability in website which used traditional and Web2. 0 technologies,had some applicability,could gain a more comprehensive test results.关键词
Web2.0/SQL注入漏洞/漏洞检测/脚本解析/注入点提取Key words
Web2. 0/SQL injection vulnerability/vulnerability detection/script analysis/injection point extraction分类
信息技术与安全科学引用本文复制引用
马凯,蔡皖东,姚烨..Web2.0环境下SQL注入漏洞注入点提取方法[J].计算机技术与发展,2013,(3):121-124,128,5.基金项目
西北工业大学基础研究基金(JC201149) (JC201149)
西北工业大学研究生创业种子基金项目(Z2012141) (Z2012141)
