SQL注入攻击模型研究
首发时间:2016-11-30
摘要:随着web应用在人们日常生活中扮演越来越重要的角色,安全问题也越来越受到人们的重视。SQL注入是最常见的一类漏洞,由于攻击者可以通过SQL注入获取用户隐私信息,控制服务器,因此SQL注入一直都是最具危害性的web应用漏洞之一。检测SQL注入漏洞最具时效性和功效性的方法是进行渗透测试。本文重点研究了渗透测试中用例生成的问题,首先对SQL注入的攻击规律进行了研究,根据SQL注入中数据流出的通道的不同,建立了SQL注入的攻击模型。在建立的SQL攻击模型的基础上,给出了SQL注入测试用例的形式化描述,以此来指导SQL注入测试用例的生成。实验结果表明,以此方式生成的SQL注入用例更加全面,有效地降低了SQL注入检测中的漏报。
For information in English, please click here
Research on SQL Injection Vulnerability Attack model
Abstract:With web applications play an increasingly important role in people's daily life, security issues more and more people's attention. SQL injection is the most common type of vulnerability because an attacker can inject SQL obtain user privacy information, the control server, SQL injection has been one of the most harmful web application vulnerabilities. Detecting SQL injection vulnerabilities most timeliness and effectiveness of the method is to perform penetration testing. This paper focuses on the penetration test cases generated by the issue, first law of SQL injection attacks were studied, according to the data in different SQL injection outflow channel, the establishment of SQL injection attack model. On the basis of the established model of SQL attacks, SQL injection given formal description of test cases, in order to guide the SQL injection test case generation. The results show that in this way the generated SQL injection use case more fully, effectively reducing the SQL injection detection of false negatives
Keywords: SQL injection;vulnerability detection attack model
基金:
论文图表:
引用
No.4710832117220714****
同行评议
勘误表
SQL注入攻击模型研究
评论
全部评论0/1000