摘要
随着互联网的发展,人们面临的网络安全威胁在不断增加。在Web应用存在的各种漏洞中,SQL注入漏洞因其影响巨大,是安全测试领域研究的重要课题之一。按照系统文献综述的方法,调研40篇文献,研究现有的SQL注入漏洞检测技术,从SQL注入漏洞的形成原因,SQL注入主要攻击方式,以及安全测试的角度,综述近10年来SQL注入漏洞检测方面的主要技术和方法,归纳这一领域的未来研究方向,研究结果可供相关研究人员和测试人员参考。
With the development of the Internet,people are facing increasing threats to network security.Among the vulnerabilities that exist in Web applications,SQL injection has great harm and is one of the most important subject in security test research.It follows the method of system atic literature review,investigates 40 literatures,and studies the existing SQL injection vulnerability detection technology.From the causes of SQL injection vulnerability,the primary methods of SQL injection attack,as well as the security testing perspective,it provides a review of the main techniques of SQL injection vulnerability detection in recent 10 years,and sums up the future research directions of this field.
作者
黄小丹
HUANG Xiao-dan(College of Computer Science,Sichuan University,Chengdu 610065)
出处
《现代计算机》
2020年第10期51-58,共8页
Modern Computer
关键词
WEB应用
安全测试
SQL注入漏洞
漏洞检测
系统文献综述
Web Applications
Safety Testing
SQL Injection Vulnerability
Vulnerability Detection
Systematic Literature Review
