摘要
对于现代SQL注入检测大部分都是将语法分析策略为基础,但是此种策略检测的效率较低,并且还存在漏洞扫描不完善的问题,实现基于Web的SQL注入漏洞扫描系统的设计。对SQL注入漏洞给相应检测及防御技术进行研究,通过本地创建的实验环境,将Pubs数据库作为案例和多种渗透方法实现SQL注入实验。以SQL注入攻击特点为基础,提出四种具体防御措施。实验表示,此防御措施Web应用系统能够对大部分SQL注入攻击进行防范,并且对于Web应用系统中的SQL注入点具有良好的识别效果。
Most of the modern SQL injection detection is based on the parsing strategy,but the efficiency of this strategy detection is low,and there are still some problems of imperfect vulnerability scanning. The design of a Web-based vulnerability scanning system for SQL injection is realized. The technology of detecting and defending SQL injection vulnerabilities is studied. Through the local experimental environment,Pubs database is used as a case and a variety of penetration methods to realize the experiment of SQL injection. Based on the characteristics of SQL injection attack,four specific defense measures are proposed. Experiments show that this defense measure Web application system can prevent most of the SQL injection attacks,and has a good recognition effect for the SQL injection points in Web application system.
作者
叶梦雄
YE Meng-xiong(Xi'an Aeronautical Polytechnic Institute,Xi'an 710089,China)
出处
《电子设计工程》
2019年第16期20-23,28,共5页
Electronic Design Engineering
