[1]马凯,蔡皖东,姚烨.Web2.0环境下SQL注入漏洞注入点提取方法[J].计算机技术与发展,2013,(03):121-124.
 MA Kai,CAI Wan-dong,YAO Ye.Injection Point Extraction Approach in SQL Injection Vulnerability under Web2. 0 Environment[J].,2013,(03):121-124.
点击复制

Web2.0环境下SQL注入漏洞注入点提取方法()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
期数:
2013年03期
页码:
121-124
栏目:
安全与防范
出版日期:
1900-01-01

文章信息/Info

Title:
Injection Point Extraction Approach in SQL Injection Vulnerability under Web2. 0 Environment
文章编号:
1673-629X(2013)03-0121-04
作者:
马凯蔡皖东姚烨
西北工业大学 计算机学院
Author(s):
MA KaiCAI Wan-dongYAO Ye
关键词:
Web2.0SQL注入漏洞漏洞检测脚本解析注入点提取
Keywords:
Web2.0SQL injection vulnerabilityvulnerability detectionscript analysisinjection point extraction
文献标志码:
A
摘要:
为解决Web2.0环境中Web网站的SQL注入漏洞检测问题,提出了一种注入点提取方法.根据Web2.0网站的技术特点,通过分析网页HTML标记,解析执行网页客户端脚本,全面提取网站的数据输入点.根据数据输入点类型和参数组成,构建测试用例并建立注入点判定规则,从而提高了SQL注入漏洞检测效果.实验结果表明,增加脚本解析和数据输入点提取后,提高了Web2.0环境中SQL注入漏洞检测的测试覆盖率,降低了漏检率.本方法对使用传统技术和Web2.0技术网站进行的SQL注入漏洞检测,都具有适用性,能够获得较为全面的测试结果
Abstract:
To solve the SQL injection vulnerability detection in website under Web2. 0 environment,proposed an injection point extraction approach. According to the characteristics of Web2. 0 websites,by analyzing HTML markup,parsing and executing web client script,this approach got comprehensive data entry points of the website. Depending on the type of data entry points and arguments,built test case and established the rule to determine injection points,thereby enhancing the SQL injection vulnerability detection. Experimental results showed that,after adding script analysis and data entry point extraction,the approach of SQL injection vulnerability detection under Web2. 0 envi-ronment increased test coverage and reduced the rate of missing. This approach that used to detect SQL injection vulnerability in website which used traditional and Web2. 0 technologies,had some applicability,could gain a more comprehensive test results

相似文献/References:

[1]高永兵 吴纪磊 胡文江 魏晓东.基于Web服务的Mashup应用的研究与实现[J].计算机技术与发展,2010,(06):137.
 GAO Yong-bing,WU Ji-lei,HU Wen-jiang,et al.Research and Implementation of Mashup Application Based on Web Service[J].,2010,(03):137.
[2]佘名高 王程根 邓浩 李袆.基于Web2.0的Ajax技术的开发[J].计算机技术与发展,2007,(05):203.
 SHE Ming-gao,WANG Cheng-gen,DENG Hao,et al.Ajax Development Based on Web2.0[J].,2007,(03):203.
[3]李学俊 李龙澍 徐怡.基于Web2.0的Wiki系统的研究与应用[J].计算机技术与发展,2007,(07):250.
 LI Xue-jun,LI Long-shu,XU Yi.Research and Application of Wiki System Based on Web2.0[J].,2007,(03):250.
[4]张朝阳 熊淑华 衡丽.基于ZendFramework的网站设计与实现[J].计算机技术与发展,2011,(11):197.
 ZHANG Zhao-yang,XIONG Shu-hua,HENG Li.Website Design and Implementation Based on Zend Framework[J].,2011,(03):197.
[5]熊文 熊淑华 孙旭 张朝阳.Ajax技术在Web2.0网站设计中的应用研究[J].计算机技术与发展,2012,(03):145.
 XIONG Wen,XIONG Shu-hua,SUN Xu,et al.Application Research of Ajax in Web2.0 Website Design[J].,2012,(03):145.
[6]宁玉文 沈霞娟 高东怀 张迎.Web2.0环境下的高校虚拟学习社区设计[J].计算机技术与发展,2012,(05):209.
 NING Yu-wen,SHEN Xia-juan,GAO Dong-huai,et al.Design of Virtual Learning Community in Higher School Based on Web2.0 Environment[J].,2012,(03):209.

更新日期/Last Update: 1900-01-01