SQL防注入检测分析

Research of Anti-SQL Injection

SQL防注入检测软件的开发初衷是为了帮助网站管理员检测本部门网站是否存在SQL注入漏洞,通过完整展示注入过程,使管理员达到了解和掌握本部门网站的薄弱环节,从而更新和改进,做到积极防御网络入侵的目的。该软件具有检测、分析速度快,应用平台广泛、内存占用小、运行速度快等特点,软件使用目前大众化的、易掌握的Visual Basic语言编写,使用时直接打开,无需安装。文章就实际操作软件的网站浏览检测、注入点分析和网站后台地址扫描三部分作了详细介绍。

The original purpose of Anti-SQL Injection program is to help the website administrators detect whether there are any SQL Injection vulnerabilities existing in their own departments＇ websites. The program shows the whole process of injecting, making the administrators aware and master the weak links of their own department websites, in order to update and improve the websites, so that they could prevent the web invasion positively. This program has lots of characteristics such as scanning, analyzing and running fast, taking small size of ROM, and can be installed in different operating systems, The program is developed by Visual Basic which is a currently popular and easily learned developing language. This article focuses on introducing the three parts of the program, website scanning, the analysis of injection link, and backstage management address scanning.