摘要
为更好地防止SQL注入的危害,优化漏洞检测方法,提出一种基于DOM树序列值比对的SQL注入检测算法。对待检测的页面进行SQL注入,选取注入前后页面的DOM树中体现结构的关键参数;通过计算得到序列值,用比对序列值的方法比对页面是否相同,将节点比对转化成数值比对,简化网页比对。实验分析结果表明,该算法有效地提高了漏洞检测的准确率与效率。
SQL injection is one of the leading Web application security vulnerabilities,to find a better way to solve the problem and optimize the method of detecting,a SQL inj ection vulnerability detection based on sequence value comparison of Webpage DOM tree was presented.Firstly,the key parameters were selected which reflected the structure of DOM tree of Webpages before and after attack.Then,sequence value of DOM tree was calculated by using the key parameters and comparing the pages through the comparison of sequence value,Webpage comparison was simplified by converting the node comparison into numerical comparison.Finally,the experimental result shows that this method improves the SQL injection vulnerability detection accuracy and efficiency.
出处
《计算机工程与设计》
北大核心
2015年第2期350-354,共5页
Computer Engineering and Design
基金
广东省自然科学基金重点项目(S2012020011071)
广东省教育部产学研合作基金项目(2012B091000037
2012B091000041)
广州市科技计划基金项目(2013J4300058)
关键词
SQL注入
漏洞检测
DOM树
序列值
网页对比
SQL inj ection
vulnerability detection
DOM tree
sequence value
Webpage comparison
