会议专题

Test SQL Injection Vulnerabilities in Web Applications Based on Structure Matching

查看全文→
SQL injection, known as a popular attack against web applications, has become a serious security risk. However, traditional penetration test methods are insufficient to test SQL injection vulnerabilities (SQLIVs) in web applications. This paper presents a new test method called SMART, which automatically tests SQLIVs in web applications. SMART analyzes the SQL queries generated by web applications and uses a structure matching validation mechanism to determine whether SQLIVs exist. Comprehensive experiments show that SMART is effective in finding SQLIVs. Testing the web applications with SMART, the security against SQL injection can be greatly improved.

SQL injection web application network security

Haiyan Wu Guozhu Gao chunyu Miao

Computer & Information Center Tsinghua University Beijing, China

国际会议

2011 International Conference on Computer Science and Network Technology(2011计算机科学与网络技术国际会议 ICCSNT 2011)

哈尔滨

英文

935-938

2011-12-24(万方平台首次上网日期,不代表论文的发表时间)