Design And Implementation Of SQL Injection Detection Scanner

With the rapid development of computer network, network applications are becoming more and more popular. Network security is a key problem which is derived from the development of the network. And for more and more application sites of the attack is inevitable to become a network security is an important topic. And SQL injection attack is an important offensive and defensive hotspot of network security. SQL injection attacks not only affect the normal operation of the application site, but it is possible to make the application of the site’s important data were leaked and tampered. SQL injection attacks through the network penetration, and even to obtain the control of all the LAN system. Is not only the government or enterprises, in the face of such a situation will cause serious impact and huge economic losses. So, it is very important to study the detection and defense technology of SQL injection attack.The Article is Researching SQL injection attacks, combined with the Research in China and abroad of SQL injection attack and defense technology, exploring the SQL injection attacks reason, technical characteristics, attack principle and attack Process. And then introduce the related crack technology and Trojan horse technology, and compared to some of the existing mature SQL injection attack analysis tool. After a comprehensive analysis of various research, design and implementation of a SQL injection detection scanner.The Article designs and realizes the SQL injection detection scanner, which mainly consists of ten functional modules, which are scanning website address module, SQL injection detection module, database guess and injection module, URL module, data dictionary module, database table basic information guess solution module, information guess solution module, manual expert injection module and Trojan generation module. SQL injection detection scanner can scan the site quickly, search suspicious SQL injection point, and injection detection the suspicious SQL injection point, after the injection is confirmed, It can be guess the database type, database tables, and database content. SQL injection detection scanner is also provide the artificial expert injection module which can easy to carry out manual analysis and help people find SQL injection vulnerabilities in the dynamic web site, analysis of the threat of SQL injection vulnerabilities to better protect the safety and reliability of the dynamic website. At last, combined with the Research in China and abroad of SQL injection attack and defense technology, Summarize and propose the defense technology of SQL injection attack. The research is mainly from the code layer and platform layer defense technology.