论文信息 - Detecting SQL Vulnerability Attack Based on the Dynamic and Static Analysis Technology

Detecting SQL Vulnerability Attack Based on the Dynamic and Static Analysis Technology

Targeting at PHP program, this paper proposes an SQL vulnerability detection method based on the injection analysis technology. This method makes a detailed analysis on the one-time injection in the aspects of data flow and program behavior, on the basis of the combination of dynamic and static analysis technique. Then it implements the SQL vulnerability determination algorithm which is based on lexical feature comparison. At last, this paper combines alias analysis technology, behavior model and SQL which is based on lexical feature comparison to design and establish a prototype system for SQL vulnerability detection. The experiment shows that our system has a good strong ability of SQL vulnerability detection and very low time cost.

Dan Wang | Wenbing Zhao | Yuan Liu | Yaohui Wang

[1] Oscar H. Ibarra,et al. Automata-based symbolic string analysis for vulnerability detection , 2014, Formal Methods Syst. Des..

[2] Ma Xiao-ting. Research on Detection and Prevention Technologies for SQL Injection Vulnerability , 2010 .

[3] Alwyn Roshan Pais,et al. Model Based Hybrid Approach to Prevent SQL Injection Attacks in PHP , 2011, InfoSecHiComNet.