| With the rapid development of computer network technology, the web technology has got broad application in each fields, accompanied by security risk that web application faces increased gradually. Because development programmers are short of safe programming knowledge or experience, which can result in some vulnerabilities existing in the web applications inevitably, among them, the SQL injection is one of most common vulnerability.Web application security vulnerability detection is a technology, which can defend the attacks for web applications actively.The technology is to simulate the way that hacker attacks to carry out the various detections on the system, and to discover the potential vulnerabilities in the target system, before application suffers attack not yet. Because web applications work at the application layer of protocol HTTP, so traditional network protection equipment such as fire wall, IDS can do nothing for the attacks to them. At this moment, web application implement of detecting is needed to protect the safety of the application layer protocol HTTP, the two work together to protect the safety of web application.Web applications have many different vulnerabilities, the paper has studied SQL injection vulnerability specially. In the report of web application safety risk that announced by OWASP, SQL injection vulnerability is got the most attention to hacker among all the vulnerabilities.The vulnerability is used probably, so studying SQL injection vulnerability is a very meaningful work.Firstly,The paper analyzed severe situations that web application security faced, introduced the main current web application detection implement, and analyzed their advantages and deficiencies.Then the reason for formation of SQL injection vulnerability, the characteristic of the vulnerability, the attack process of SQL injection, and the measures of defending this kind attack are studied. In addition, the technology of SQL injection vulnerability detection is studied. Based on those achievements, the frame of web security testing system is designed, the function and operating principle of each main composition module is explained, the prototype of the system is realized. And then the testing environment is built, a testing of systematic function is carried out. The testing result accords with expected target mainly. Finally the insufficient places that need to be modified in the system are analyzed, the next work is pointed out. |
PDF Full Text Request