精准SQL注入漏洞批量检测技术研究  被引量:1

Research on Precise Batch Detection Technology of SQL Injection Vulnerability

在线阅读下载全文

作  者:边莉 薛念明 张明岩 谢吉伦 林秀 BIAN Li;XUE Nianming;ZHANG Mingyan;XIE Jilun;LIN Xiu(Shandong Luneng Software Technology Co.,Ltd.,Jinan 250014,China)

机构地区:[1]山东鲁能软件技术有限公司,山东济南250014

出  处:《山东电力技术》2021年第7期13-18,共6页Shandong Electric Power

基  金:山东鲁能软件技术有限公司科技项目“开发测试一体化平台关键技术研发”(XM2020080)。

摘  要:结构化查询语言(Structured Query Language,SQL)注入漏洞是最常见也是最具破坏性的漏洞之一。由于该漏洞的检测手段单一、漏测、误报概率较大,提出一种精准SQL注入漏洞批量检测方案,能够快速有效识别被测系统中的SQL注入漏洞。该方案通过代理工具快速全面收集测试数据,有效弥补了爬虫工具在数据收集方面的不稳定性;集成SQLMAP并采用多线程并发方式对待测数据执行漏洞检测批处理任务,可充分利用系统资源。最后对测试结果进行分析快速准确定位注入点,发现所提方案具有实现代价小、运行效率高、检测结果精准的优势。SQL injection vulnerability is one of the most common and destructive vulnerabilities.The detection method of the vulnerability is single,and the probability of missing detection and false alarm is high.A precise batch detection scheme for SQL injection vulnerabilities was proposed,which could quickly and effectively identify SQL injection vulnerabilities in the system under test.The scheme collected test data quickly and comprehensively through agent tools,which effectively made up for the instability of crawler tools in data collection.SQLMP was integrated and multithreading concurrent method was adopted to execute batch task of vulnerability detection for test data,which made full use of system resources.Finally,the test results were analyzed to locate the injection point quickly and accurately.It was found that the proposed scheme has the advantages of low cost,high efficiency and accurate test results.

关 键 词:SQL注入 批量检测 代理工具 多线程并发 运行效率 

分 类 号:TP311[自动化与计算机技术—计算机软件与理论]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象