通信学报2017,Vol.38Issue(z1):73-82,10.DOI:10.11959/j.issn.1000-436x.2017238
基于二阶分片重组盲注的渗透测试方法
Penetration test method using blind SQL injection based on second-order fragment and reassembly
摘要
Abstract
How to get rid of the blindness of current SQL injection penetration test, produce the optimized attack pattern of SQL injection, enhance the effectiveness in the phase of attack generation, and improve the accuracy of vulnerability detection of SQL injection using penetration test, is a big challenge. In order to resolve these problems, a new penetration test method using blind SQL injection was proposed based on second-order fragment and reassembly. In this method, the SQL injection attack model was built firstly and then the multiform and multi-type attack patterns of SQL injection pene-tration test driven by the SQL injection attack model was produced, which can reduce the blindness of SQL injection pe-netration test and improve the accuracy of SQL injection vulnerability detection. The experiments of SQL injection vul-nerability detection was conducted through the actual Web applications by using proposed method in comparison with current methods. The analysis results of test show the proposed method is better compared with other methods, which not only proves the effectiveness of proposed method, but also improve the accuracy of SQL injection vulnerability detection by reducing false negative in the defensive environment.关键词
SQL注入/渗透测试/攻击模型/二阶分片重组Key words
SQL injection/penetration test/attack model/second-order fragment and reassembly分类
信息技术与安全科学引用本文复制引用
乐德广,龚声蓉,吴少刚,徐锋,刘文生..基于二阶分片重组盲注的渗透测试方法[J].通信学报,2017,38(z1):73-82,10.基金项目
国家自然科学基金资助项目(No.61402057) (No.61402057)
江苏省产学研前瞻性联合研究基金资助项目(No.BY2016050-01) (No.BY2016050-01)
江苏省科技计划基金资助项目(No.BK20160411)The National Natural Science Foundation of China (No.61402057), The Production and Research Prospective Joint Research Project of Jiangsu Province (No.BY2016050-01), The Jiangsu Provincial Natural Science Foundation (No.BK20160411) (No.BK20160411)
