Design And Implementation Of Filter Module For Preventing SQL Injection Based On Static Analysis

With the rapid development of computer network, Web applications based onB/S structure gradually replaces by the application of the C/S structure, and Webapplications security has also become a research focus of the relevant scholars. SQLinjection attack is one of the most serious problems to influence Web applicationssecurity, so effective detection and prevention SQL injection attack has very importantpractical significance for guaranteeing the safety of Web applications. The traditionalmethods for defending SQL injection attack have instruction random, penetration test,input filtration and so on. These methods either can’t defense all types of SQLinjection attacks, or have extremely high false positives and false negative rate, orneed the support of server and database agency, which has very complex deployment.According to the shortcomings of the traditional defense methods, this paperproposes a method of design and implementation of filter module for preventing SQLattacks based on static analysis, which combines with static analyses and dynamictesting technology. It first statically analyzes source files of Web application, extractsuser input to the structure path of executed parameters and generates policy document.During dynamic execution, it replaces the input parameter of policy document by thevalue of user input, and then judges whether Web application has SQL injectionattacks by comparing the acquired SQL statement’s semantic and structuralsimilarities and differences with the original SQL statements. The design andrealization of the filer module is based on Java language. Its deployment is simplewithout complex configuration of server or database, and is able to prevent all kindsof SQL injection attacks, effectively improving the accuracy of detecting SQLinjection attacks, and its cost is small.The experimental results show that the method is feasible and effective, and ithas little influence to application’s performance after increased the filter module.Compared with the similar related work, it has certain advantages.