检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]西北工业大学计算机学院,陕西西安710072
出 处:《计算机技术与发展》2013年第3期121-124,128,共5页Computer Technology and Development
基 金:西北工业大学基础研究基金(JC201149);西北工业大学研究生创业种子基金项目(Z2012141)
摘 要:为解决Web2.0环境中Web网站的SQL注入漏洞检测问题,提出了一种注入点提取方法。根据Web2.0网站的技术特点,通过分析网页HTML标记,解析执行网页客户端脚本,全面提取网站的数据输入点。根据数据输入点类型和参数组成,构建测试用例并建立注入点判定规则,从而提高了SQL注入漏洞检测效果。实验结果表明,增加脚本解析和数据输入点提取后,提高了Web2.0环境中SQL注入漏洞检测的测试覆盖率,降低了漏检率。本方法对使用传统技术和Web2.0技术网站进行的SQL注入漏洞检测,都具有适用性,能够获得较为全面的测试结果。To solve the SQL injection vulnerability detection in website under Web2.0 environment, proposed an injection point extraction approach. According to the characteristics of Web2.0 websites, by analyzing HTML markup, parsing and executing web client script, this approach got comprehensive data entry points of the website. Depending on the type of data entry points and arguments,built test case and established the rule to determine injection points, thereby enhancing the SQL injection vulnerability detection. Experimental results showed that, after adding script analysis and data entry point extraction, the approach of SQL injection vulnerability detection under Web2.0 envi ronment increased test coverage and reduced the rate of missing. This approach that used to detect SQL injection vulnerability in website which used traditional and Web2.0 technologies, had some applicability,could gain a more comprehensive test results.
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.15