Research And Implement Of Detecting SQL Vulnerability System Based On The Analysis Of Program

In recent years, with the fast development of Web technology, the website is becoming more and more close to people’s life, small to that the individual establishes blogs to write and declare the mood and dynamic state, large to that enterprises, units and government sectors establish websites to release products, news, dynamic state and so on. In life, people can do many things through websites efficiently and rapidly, such as online shopping, social contact, searching, mobile health care, mobile payment, education, insurance, etc. Indeed, the increasing and the popularization of websites have brought great convenience to people’s life, but there are also some Web security issues lurking. The SQL loopholes are just the most common security loopholes in Web security. With the rising of big data in the future, the application of Web will be more and more inclined to center on data, while the problems of SQL vulnerability are naturally the key point of Web security research. So doing research on the detection and defense of SQL vulnerability is of great significance to the security of Web.To the above problems, this paper first introduces the attack principle of SQL vulnerability, raises the relevant detection techniques of SQL vulnerability, detailedly discusses the classical methods based on SQL vulnerability detection and the advanced technologies at home and abroad, and analyses and compares advantages and disadvantages of the various methods. Secondly, it studies and discusses the SQL vulnerability detection theory based on the program analysis technology, and designs a detection model for SQL vulnerability. The general framework mainly includes source code analysis module, program activity analysis module, parameter constructing module and SQL loophole judgment module.The root cause of SQL injection attack is that the SQL statement constructed dynamically on the server side contains malicious user’s input and the server side has no sufficient validation mechanism. For the reasons above, this paper designs an SQL vulnerability detection method for PHP programs based on the program analysis. This method, based on the analysis technology which combines dynamic and static analysis, conducts the detailed analysis and research on an injected activity from the aspects of data flow and control flow, and then performs the SQL decision algorithm based on the comparison of lexical features to detect SQL vulnerabilities through data simulation test. At last, this article combines program analysis technology, morphological features comparison and SQL vulnerability detection algorithm to design and establish a prototype system for SQL vulnerability detection.Through analysis of experiment data, the SQL vulnerability detection method based on the program analysis can detect SQL vulnerabilitys with advantages of lower false alert probability, lower probability of missing report, and shorter time expense.