检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:程亚维[1] 王东霞[1] CHENG Yawei;WANG Dongxia(Jiyuan Vocational and Technical College,Jiyuan Henan 459000,China)
出 处:《信息与电脑》2023年第4期236-238,共3页Information & Computer
摘 要:为提高网页结构化查询语言(Structured Query Language,SQL)注入漏洞检测精度和检测效率,引入网络爬出技术,开展对其检测方法的设计研究。引入了一种SQL注入漏洞扫描程序,可抓取网页,并计算页面相似度;检测时模拟SQL注入漏洞攻击,对网页SQL注入漏洞扩展过程建模;利用网络爬虫技术,检测SQL可注入点,并深度挖掘漏洞。通过对比实验证明,设计的检测方法正确检测数量较多,检测耗时较短,具备极高的应用价值。In order to improve the detection accuracy and efficiency of Web Structured Query Language(SQL)injection vulnerability,the network crawling technology was introduced to carry out the design and research of its detection method.A SQL injection vulnerability scanner was introduced to crawl web pages and calculate page similarity.When detecting,the SQL injection vulnerability attack is simulated,and the expansion process of Web SQL injection vulnerability is modeled.The web crawler technology is used to detect SQL injection points and realize the depth mining of vulnerabilities.The comparative experiments show that the new detection method has more correct detection numbers and shorter detection time,and it has high application value.
关 键 词:网络爬虫技术 结构化查询语言(SQL) 漏洞检测 注入漏洞 页面相似度
分 类 号:TP309.1[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.21.125.27