SQL injection is a common means of attacking Web programs.Traditional detection tools for SQL injection vulnerability are difficult to meet the growing amount of program code in terms of positioning efficiency and detection range.In response to this situation,we proposed a method to locate the SQL injection vulnerabilities existed in programs,which combines the techniques of penetration testing and program analysis,after analysing the characteristics of SQL injection vulnerabilities.In the method,the penetration testing identifies the possible SQL injection points by simulating the attacks,and the program analysis parses the source codes.This method achieves the localisation of SQL injection points by marking and tracking the polluted variables.Experimental results showed that the proposed method had better performance in positioning time and vulnerability detection effect.%SQL 注入是攻击 Web 程序的常见手段。传统的 SQL 注入漏洞检测工具在定位效率、检测广度很难满足目前日益增长的程序代码量。针对这种情况,分析 SQL 注入漏洞的特征,提出一种渗透测试与程序分析技术相结合的方法来定位程序中存在的 SQL注入漏洞。其中渗透测试部分通过模拟攻击找出可能的 SQL 注入点,程序分析部分对源程序代码进行分析,通过对污染变量的标记跟踪来实现 SQL 注入点的定位。实验结果表明,所提出的方法在定位时间、漏洞检测效果有较好表现。
展开▼
