| Information warfare is an important operational method of our army in new period. As the main target in information warfare, the database system, which undertakes the massive information processing task, is the key to win the warfare. Therefore, the research focus on technology of database security testing, will play the vital role in penetrating the information system and protecting the security of database.SQL injection and TDS protocol testing are the two important techniques for database security testing and also the emphasis we discuss in the paper. SQL injection attack, which has the traits of high risk, high frequency and universality, is popular in recent years. And checking for SQL injection become the key step in protecting database security. Based on the theories and practice of SQL injection, sql manipulation, code injection, function call injection, buffer overflow are concluded . Because of betterment of checking and guessing, the accuracy and efficiency of SQL injection have been improved more.TDS protocol testing is another important technique for database security testing, and also the trend and new direction in security test domain. In the thesis, we introduce the block-based protocol analysis for TDS protocol testing. Three testing methods of data mutation, string and field combination are implemented and special packets are designed on the length, content of testing strings for the validity and agility.The prototype system based on SQL injection and TDS protocol testing is introduced and tested. The validity of the prototype system is proved by testing on the objects and two known vulnerabilities of MS SQL Server.The research has vital significance for protecting security of database. It maybe can help the administrators find the potential security problems and even exploit some methods on discovering holes which are not in public. |
PDF Full Text Request