| With the rapid development of Internet technology, web applications have beenwidely used in a variety of business fields. A large number of data-driven webapplications have been developed to provide services and thereupon vulnerabilitieshave become a serious threat to the safety of web applications.SQL injection is is onetypical kind of web application security vulnerabilities. Many effective methods andtools have been proposed to detect it, however, these methods mainly focus on thefirst-order SQL injection attacks and few of them support the second-order SQLinjection detection.In this paper, based on the depth analysis of second-order injection principle andprocess, we abastract the attack process and propose a second-order SQL injectiondetecting method which integrates the use of both static and dynamic methods. Firstly,the vulnerable data item pair which probably has the second-order SQL injectionvulnerability is found from the source codes. The pair is then transformed into aneffective test sequence which is finally incorporated with the malicious input fortesting.Test results of applying the method to four real applications show itseffectiveness in the detection of second-order SQL injection.This method has the following advantages: high detection accuracy, it caneffectively detect second-order SQL injection vulnerabilities and make up forsecond-order SQL injection detection deficiency. The method combines static analysisand dynamic testing. Through static analysis, it takes full advantage of the programinternal information, greatly narrowes the scope of further testing and effectivelyreduces the omission; through dynamic testing, it creates the actual attack instances tomake up for the shortcomings of static analysis false positive rate. |
PDF Full Text Request