Research on SQL Injection Vulnerability Attack model

• 1、School of CyberSpace Security,Beijing University of Posts and Telecommunications,Beijing 100876

Abstract：With web applications play an increasingly important role in people's daily life, security issues more and more people's attention. SQL injection is the most common type of vulnerability because an attacker can inject SQL obtain user privacy information, the control server, SQL injection has been one of the most harmful web application vulnerabilities. Detecting SQL injection vulnerabilities most timeliness and effectiveness of the method is to perform penetration testing. This paper focuses on the penetration test cases generated by the issue, first law of SQL injection attacks were studied, according to the data in different SQL injection outflow channel, the establishment of SQL injection attack model. On the basis of the established model of SQL attacks, SQL injection given formal description of test cases, in order to guide the SQL injection test case generation. The results show that in this way the generated SQL injection use case more fully, effectively reducing the SQL injection detection of false negatives

Keywords： SQL injection；vulnerability detection attack model