Research On The Rapid SQL Injection Vulnerability Detection Technology

With the rapid development of Internet,the Web applications are becoming more and more mature and complex.Due to the rich functions of the Web applications and easy to compare,process and propagate the information through Internet,this makes the Web applications become the popular attack targets.Hence,in order to protect the security of Web applications,it is necessary to detect the Web applications vulnerabilities beforehand.According to the Top 10 Web applications vulnerabilities that announced by OWSAP in 2013,the injection vulnerability(Particularly,the SQL injection vulnerability)is the top one vulnerable vulnerability.So,the research of SQL injection vulnerability detection technique has very practical significance.This paper first introduces the background and significance of SQL injection vulnerability research,and then gives an overview on both domestic and overseas' SQL injection vulnerability research respectively.We find that these researches mainly focus on the adequacy and accuracy of the payloads,and without the researches on the relevance and uniqueness of the large amount of the payloads.Furthermore,during the process of SQL injection vulnerability detection,the test cases are randomly chosen from the payloads,without notice the regularity of the payloads.In this paper,we first give a basic introduction to the SQL injection vulnerability,and then introduce some advanced detection techniques on blind SQL injection.Finally,for the existing flaws of the detection techniques,we propose some optimizations and improvements from the perspective of SQL injection vulnerabilities' payloads.The details are as follows:(1)Letter frequency based optimization.In some circumstances,the existing of SQL injection vulnerability is certain.When the guess of the plaintext keywords are needed,we include the frequency of letters in the words,and propose letter frequency based guess to improve the efficiency of detection.Furthermore,we also propose two letters frequency based guess to reduce the queries.(2)The combination of letter frequency and binary-tree searching based optimization.Sometimes,we cannot make sure if the keywords have been encrypted,or there may be some special characters in the keywords.For this situation,we propose the combination of letter frequency and binary-tree searching based guess.This first needs to conduct a letter frequency based guess,and then leverage the binary-tree searching.Compared with the search on the whole alphabet,this greatly improve the efficiency of detection.(3)Auto expansion based optimization.For the relevance of the test cases,this paper proposes auto expansion methods to automatically choose a payload which could potentially be used for SQL injection vulnerability detection.This paper mainly focuses on the five aspects of auto expansion:case sensitivity expansion,transcoding expansion,SQL note expansion,null byte expansion,separation and balance expansion.(4)Cache weighting based optimization.For the flaw of the random choose in the test cases,this paper proposes a method to choose the test cases in sequence.We first need to sort the payloads,and then set up a cache mechanism under every classification,put the high weighted test cases in the cache.This cache mechanism also has the feature of dynamic substitution.In the process of SQL injection vulnerability detection,we first choose a payload from the cache mechanism,if it does not succeed,then we choose the payloads outside the cache mechanism in sequence.Moreover,for these proposed optimized methods in this paper,they do improve the efficiency of the detection process through many experiments,and the advantages are more distinct in the detection of large-scale projects.