SQL Injection Vulnerability Detection And Counter Based On Penetration Test

With the further popularization of the Internet and rapid development of computer network technology, Web technology has been widely used in various fields. Application system based on Web technology and database architecture has gradually become the mainstream, which has been widely used in internal and external business systems. However, the attendant is that security risks that Web application systems are facing have been growing with each passing day.Web security penetration test technology is a positive prevention technology contrary to Web applications. The theory of this technology is that it detects in a variety of ways against target system simulating the mode that hackers attacks Web applications before the application suffers attack. Among many methods of Web application attacks, SQL injection attacks is one of the most commonly used and most easy to implement one. So it’s the key for Web application system to achieve security of achieving the work of detection testing and counter against SQL injection vulnerability well to ensure security of the entire information infrastructure. It’s also an important research topic in network security.For above reasons, this paper studies prevention techniques and detection tools related to SQL injection vulnerabilities. It also compares the detection results of typical testing tools via experiments and summarizes detect characters of common testing tools. At last, it makes some improvement and summary for existing SQL injection vulnerability detection characters. Meanwhile, this paper uses common characters for SQL injection attacks to propose automated detection techniques for SQL injection vulnerability on basis of Selenium-a automated testing tool. Experiments show that test cases prepared by this technology can identify SQL injection attacks to a certain extent and has some identify function against possible unknown SQL injection point of Web application system. This provides a certain thought direction and reference value for the study of automated testing against SQL injection vulnerability.