【摘要】：隨著互聯(lián)網(wǎng)技術(shù)的快速發(fā)展，web應(yīng)用在各種業(yè)務(wù)領(lǐng)域得到了廣泛的應(yīng)用，大量存儲數(shù)據(jù)信息的web應(yīng)用被開發(fā)來提供各種服務(wù)，而安全漏洞卻對快速發(fā)展的web應(yīng)用構(gòu)成了嚴(yán)重的安全威脅。SQL注入是眾多web應(yīng)用安全漏洞中典型且危害嚴(yán)重的一種，許多有效的方法和工具被提出用于檢測和阻止一階SQL注入，然而對于將用戶輸入存儲在后端數(shù)據(jù)庫的二階SQL注入，卻缺乏準(zhǔn)確有效的檢測方法。 本文通過對二階SQL注入原理、過程的深入分析，抽象出二階SQL注入的形成過程，并在此基礎(chǔ)上提出一種綜合使用靜態(tài)和動態(tài)方法檢測二階SQL注入漏洞的方法。靜態(tài)分析部分，該方法首先分析源代碼，抽取出代碼中的SQL語句和列名，并根據(jù)代碼中的信息為每個(gè)列名創(chuàng)建數(shù)據(jù)項(xiàng)，然后通過識別準(zhǔn)則進(jìn)行匹配找到源代碼中可能存在二階SQL注入漏洞的數(shù)據(jù)項(xiàng)序組；動態(tài)測試部分，對可能存在漏洞的數(shù)據(jù)項(xiàng)序組進(jìn)一步進(jìn)行確認(rèn)，首先將數(shù)據(jù)項(xiàng)序組轉(zhuǎn)化為有效的測試序列，并生成進(jìn)行測試的惡意輸入，最后整合惡意輸入和測試序列進(jìn)行測試，根據(jù)系統(tǒng)響應(yīng)確定漏洞的存在。最后本文使用四個(gè)web應(yīng)用對方法的有效性和可行性進(jìn)行評估，實(shí)驗(yàn)結(jié)果表明本方法能準(zhǔn)確有效地檢測出存在的二階SQL注入漏洞。 本文方法優(yōu)點(diǎn)在于：檢測準(zhǔn)確率較高，能有效檢測到二階SQL注入漏洞，彌補(bǔ)了其他方法在二階SQL注入檢測方面的不足；結(jié)合靜態(tài)分析和動態(tài)測試方法，通過靜態(tài)分析充分利用了程序的內(nèi)部信息，，縮小了進(jìn)一步檢測的范圍，有效降低了漏報(bào)，同時(shí)通過動態(tài)測試創(chuàng)建實(shí)際的攻擊實(shí)例，彌補(bǔ)了靜態(tài)分析誤報(bào)率高的不足。
[Abstract]:With the rapid development of Internet technology, web applications have been widely used in various business fields. A large number of web applications that store data information have been developed to provide various services. However, security vulnerabilities pose a serious security threat to rapidly developing web applications. SQL injection is a typical and serious security vulnerability in many web applications. Many effective methods and tools have been proposed to detect and prevent first-order SQL injection. However, for the second order SQL injection of user input stored in the back-end database, there is a lack of accurate and effective detection method. By analyzing the principle and process of second-order SQL injection, this paper abstracts the forming process of second-order SQL injection, and then proposes a method for detecting second-order SQL injection vulnerabilities by using both static and dynamic methods. In the static analysis part, the method first analyzes the source code, extracts the SQL statements and column names from the code, and creates data items for each column name according to the information in the code. Then the identification criteria are used to match the data items in the source code where there may be a second-order SQL injection vulnerability in the source code. In the dynamic testing part, the possible vulnerable item order group is further confirmed. First, the item order group is converted into a valid test sequence, and the malicious input for testing is generated. Finally, the malicious input and test sequence are integrated to determine the existence of the vulnerability according to the system response. Finally, four web applications are used to evaluate the effectiveness and feasibility of the method. The experimental results show that the method can accurately and effectively detect the existing second-order SQL injection vulnerabilities. The advantages of this method are that the detection accuracy is high and the second-order SQL injection loophole can be detected effectively, which makes up for the deficiency of other methods in second-order SQL injection detection. Combined with static analysis and dynamic test method, through static analysis, the internal information of the program is fully utilized, the scope of further detection is reduced, and the missing report is effectively reduced. At the same time, the actual attack example is created by dynamic test. It makes up for the deficiency of high false alarm rate in static analysis.
【學(xué)位授予單位】：天津大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前1條

1 練坤梅;許靜;田偉;張瑩;;SQL注入漏洞多等級檢測方法研究[J];計(jì)算機(jī)科學(xué)與探索;2011年05期

本文編號：2389275