摘要
由于Web应用系统的开发周期较短,同时开发人员安全编程意识不足,Web应用程序会存在漏洞。因此,检测Web应用系统的安全性是安全领域的亟待解决的问题。SQL注入漏洞检测工具模拟黑客攻击的方式,采用网络爬虫技术建立需检测的URL库,依据SQL注入模板精心构造URL,并从根据浏览器返回信息,判定是否存在SQL注入点。可以提前意识到Web应用存在的漏洞,并及时修补,降低系统受攻击的风险,是有效的Web安全防护手段。
Web application development cycle is very short, and programmers lack the awareness of security programming, loopholes in Web applications are inevitable. So how to detect and assess security of Web applications is a serious problem of Web security. SQL Injection Detection System simulates the way that hacker at acks to send specific vulnerability characteristics. This tool can create URL library using the web crawler technology, and construct URL careful y based on SQL injection template. According to the response of browser, determine the existence of SQL injection. Users can aware of Web application vulnerabilities early, and repair them timely. As a result the risk of at ack system is reduced and it is the ef ective method to protect Web security.
基金
河南省科技计划项目(142300410108)
河南省教育厅科学技术研究重点项目基础研究(14A520056)
南阳师范学院校级项目(QN2013047)
关键词
SQL注入
漏洞检测
WEB安全
sql injection
vulnerability scanning
web application security
