Web应用二阶SQL注入漏洞检测方法研究
发布时间:2018-12-21 18:15
【摘要】:随着互联网技术的快速发展,web应用在各种业务领域得到了广泛的应用,大量存储数据信息的web应用被开发来提供各种服务,而安全漏洞却对快速发展的web应用构成了严重的安全威胁。SQL注入是众多web应用安全漏洞中典型且危害严重的一种,许多有效的方法和工具被提出用于检测和阻止一阶SQL注入,然而对于将用户输入存储在后端数据库的二阶SQL注入,却缺乏准确有效的检测方法。 本文通过对二阶SQL注入原理、过程的深入分析,抽象出二阶SQL注入的形成过程,并在此基础上提出一种综合使用静态和动态方法检测二阶SQL注入漏洞的方法。静态分析部分,该方法首先分析源代码,抽取出代码中的SQL语句和列名,并根据代码中的信息为每个列名创建数据项,然后通过识别准则进行匹配找到源代码中可能存在二阶SQL注入漏洞的数据项序组;动态测试部分,对可能存在漏洞的数据项序组进一步进行确认,首先将数据项序组转化为有效的测试序列,并生成进行测试的恶意输入,最后整合恶意输入和测试序列进行测试,根据系统响应确定漏洞的存在。最后本文使用四个web应用对方法的有效性和可行性进行评估,实验结果表明本方法能准确有效地检测出存在的二阶SQL注入漏洞。 本文方法优点在于:检测准确率较高,能有效检测到二阶SQL注入漏洞,弥补了其他方法在二阶SQL注入检测方面的不足;结合静态分析和动态测试方法,通过静态分析充分利用了程序的内部信息,,缩小了进一步检测的范围,有效降低了漏报,同时通过动态测试创建实际的攻击实例,弥补了静态分析误报率高的不足。
[Abstract]:With the rapid development of Internet technology, web applications have been widely used in various business fields. A large number of web applications that store data information have been developed to provide various services. However, security vulnerabilities pose a serious security threat to rapidly developing web applications. SQL injection is a typical and serious security vulnerability in many web applications. Many effective methods and tools have been proposed to detect and prevent first-order SQL injection. However, for the second order SQL injection of user input stored in the back-end database, there is a lack of accurate and effective detection method. By analyzing the principle and process of second-order SQL injection, this paper abstracts the forming process of second-order SQL injection, and then proposes a method for detecting second-order SQL injection vulnerabilities by using both static and dynamic methods. In the static analysis part, the method first analyzes the source code, extracts the SQL statements and column names from the code, and creates data items for each column name according to the information in the code. Then the identification criteria are used to match the data items in the source code where there may be a second-order SQL injection vulnerability in the source code. In the dynamic testing part, the possible vulnerable item order group is further confirmed. First, the item order group is converted into a valid test sequence, and the malicious input for testing is generated. Finally, the malicious input and test sequence are integrated to determine the existence of the vulnerability according to the system response. Finally, four web applications are used to evaluate the effectiveness and feasibility of the method. The experimental results show that the method can accurately and effectively detect the existing second-order SQL injection vulnerabilities. The advantages of this method are that the detection accuracy is high and the second-order SQL injection loophole can be detected effectively, which makes up for the deficiency of other methods in second-order SQL injection detection. Combined with static analysis and dynamic test method, through static analysis, the internal information of the program is fully utilized, the scope of further detection is reduced, and the missing report is effectively reduced. At the same time, the actual attack example is created by dynamic test. It makes up for the deficiency of high false alarm rate in static analysis.
【学位授予单位】:天津大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
本文编号:2389275
[Abstract]:With the rapid development of Internet technology, web applications have been widely used in various business fields. A large number of web applications that store data information have been developed to provide various services. However, security vulnerabilities pose a serious security threat to rapidly developing web applications. SQL injection is a typical and serious security vulnerability in many web applications. Many effective methods and tools have been proposed to detect and prevent first-order SQL injection. However, for the second order SQL injection of user input stored in the back-end database, there is a lack of accurate and effective detection method. By analyzing the principle and process of second-order SQL injection, this paper abstracts the forming process of second-order SQL injection, and then proposes a method for detecting second-order SQL injection vulnerabilities by using both static and dynamic methods. In the static analysis part, the method first analyzes the source code, extracts the SQL statements and column names from the code, and creates data items for each column name according to the information in the code. Then the identification criteria are used to match the data items in the source code where there may be a second-order SQL injection vulnerability in the source code. In the dynamic testing part, the possible vulnerable item order group is further confirmed. First, the item order group is converted into a valid test sequence, and the malicious input for testing is generated. Finally, the malicious input and test sequence are integrated to determine the existence of the vulnerability according to the system response. Finally, four web applications are used to evaluate the effectiveness and feasibility of the method. The experimental results show that the method can accurately and effectively detect the existing second-order SQL injection vulnerabilities. The advantages of this method are that the detection accuracy is high and the second-order SQL injection loophole can be detected effectively, which makes up for the deficiency of other methods in second-order SQL injection detection. Combined with static analysis and dynamic test method, through static analysis, the internal information of the program is fully utilized, the scope of further detection is reduced, and the missing report is effectively reduced. At the same time, the actual attack example is created by dynamic test. It makes up for the deficiency of high false alarm rate in static analysis.
【学位授予单位】:天津大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【参考文献】
相关期刊论文 前1条
1 练坤梅;许静;田伟;张莹;;SQL注入漏洞多等级检测方法研究[J];计算机科学与探索;2011年05期
本文编号:2389275
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2389275.html
