【摘要】：隨著互聯(lián)網(wǎng)技術的快速發(fā)展，web應用在各種業(yè)務領域得到了廣泛的應用，大量存儲數(shù)據(jù)信息的web應用被開發(fā)來提供各種服務，而安全漏洞卻對快速發(fā)展的web應用構成了嚴重的安全威脅。SQL注入是眾多web應用安全漏洞中典型且危害嚴重的一種，許多有效的方法和工具被提出用于檢測和阻止一階SQL注入，然而對于將用戶輸入存儲在后端數(shù)據(jù)庫的二階SQL注入，卻缺乏準確有效的檢測方法。 本文通過對二階SQL注入原理、過程的深入分析，抽象出二階SQL注入的形成過程，并在此基礎上提出一種綜合使用靜態(tài)和動態(tài)方法檢測二階SQL注入漏洞的方法。靜態(tài)分析部分，該方法首先分析源代碼，抽取出代碼中的SQL語句和列名，并根據(jù)代碼中的信息為每個列名創(chuàng)建數(shù)據(jù)項，然后通過識別準則進行匹配找到源代碼中可能存在二階SQL注入漏洞的數(shù)據(jù)項序組；動態(tài)測試部分，對可能存在漏洞的數(shù)據(jù)項序組進一步進行確認，首先將數(shù)據(jù)項序組轉化為有效的測試序列，并生成進行測試的惡意輸入，最后整合惡意輸入和測試序列進行測試，根據(jù)系統(tǒng)響應確定漏洞的存在。最后本文使用四個web應用對方法的有效性和可行性進行評估，實驗結果表明本方法能準確有效地檢測出存在的二階SQL注入漏洞。 本文方法優(yōu)點在于：檢測準確率較高，能有效檢測到二階SQL注入漏洞，彌補了其他方法在二階SQL注入檢測方面的不足；結合靜態(tài)分析和動態(tài)測試方法，通過靜態(tài)分析充分利用了程序的內部信息，，縮小了進一步檢測的范圍，有效降低了漏報，同時通過動態(tài)測試創(chuàng)建實際的攻擊實例，彌補了靜態(tài)分析誤報率高的不足。
[Abstract]:With the rapid development of Internet technology, web applications have been widely used in various business fields. A large number of web applications that store data information have been developed to provide various services. However, security vulnerabilities pose a serious security threat to rapidly developing web applications. SQL injection is a typical and serious security vulnerability in many web applications. Many effective methods and tools have been proposed to detect and prevent first-order SQL injection. However, for the second order SQL injection of user input stored in the back-end database, there is a lack of accurate and effective detection method. By analyzing the principle and process of second-order SQL injection, this paper abstracts the forming process of second-order SQL injection, and then proposes a method for detecting second-order SQL injection vulnerabilities by using both static and dynamic methods. In the static analysis part, the method first analyzes the source code, extracts the SQL statements and column names from the code, and creates data items for each column name according to the information in the code. Then the identification criteria are used to match the data items in the source code where there may be a second-order SQL injection vulnerability in the source code. In the dynamic testing part, the possible vulnerable item order group is further confirmed. First, the item order group is converted into a valid test sequence, and the malicious input for testing is generated. Finally, the malicious input and test sequence are integrated to determine the existence of the vulnerability according to the system response. Finally, four web applications are used to evaluate the effectiveness and feasibility of the method. The experimental results show that the method can accurately and effectively detect the existing second-order SQL injection vulnerabilities. The advantages of this method are that the detection accuracy is high and the second-order SQL injection loophole can be detected effectively, which makes up for the deficiency of other methods in second-order SQL injection detection. Combined with static analysis and dynamic test method, through static analysis, the internal information of the program is fully utilized, the scope of further detection is reduced, and the missing report is effectively reduced. At the same time, the actual attack example is created by dynamic test. It makes up for the deficiency of high false alarm rate in static analysis.
【學位授予單位】：天津大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.08

【參考文獻】

相關期刊論文 前1條

1 練坤梅;許靜;田偉;張瑩;;SQL注入漏洞多等級檢測方法研究[J];計算機科學與探索;2011年05期

本文編號：2389275