检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:叶梦雄[1] YE Meng-xiong(Xi'an Aeronautical Polytechnic Institute,Xi'an 710089,China)
机构地区:[1]西安航空职业技术学院
出 处:《电子设计工程》2019年第16期20-23,28,共5页Electronic Design Engineering
摘 要:对于现代SQL注入检测大部分都是将语法分析策略为基础,但是此种策略检测的效率较低,并且还存在漏洞扫描不完善的问题,实现基于Web的SQL注入漏洞扫描系统的设计。对SQL注入漏洞给相应检测及防御技术进行研究,通过本地创建的实验环境,将Pubs数据库作为案例和多种渗透方法实现SQL注入实验。以SQL注入攻击特点为基础,提出四种具体防御措施。实验表示,此防御措施Web应用系统能够对大部分SQL注入攻击进行防范,并且对于Web应用系统中的SQL注入点具有良好的识别效果。Most of the modern SQL injection detection is based on the parsing strategy,but the efficiency of this strategy detection is low,and there are still some problems of imperfect vulnerability scanning. The design of a Web-based vulnerability scanning system for SQL injection is realized. The technology of detecting and defending SQL injection vulnerabilities is studied. Through the local experimental environment,Pubs database is used as a case and a variety of penetration methods to realize the experiment of SQL injection. Based on the characteristics of SQL injection attack,four specific defense measures are proposed. Experiments show that this defense measure Web application system can prevent most of the SQL injection attacks,and has a good recognition effect for the SQL injection points in Web application system.
分 类 号:TN99[电子电信—信号与信息处理]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.171