Research And Implementation Of SQL Injection Vulnerability Detection System Based On Fuzzing

With the rapid development of network technology,web technology is widely used in various fields,such as,shopping online,payment fees,banking online and a variety of social networking sites.There are some security risks in these web applications bringing us convenience at the same time.As the system development programmer’s technical level is different,the web application system delveloped will inevitably exist vulnerabilities.SQL injection vulnerability is one of the most common vulnerabilities.With the method of SQL injection,hackers using these vulnerabilities will tap user information,steal sensitive data and seek great benefits.Therefore,it is very important to study the problem of detecting SQL injection vulnerability.Firstly,the grim situation of Web application in security is analyzed,and the methods of detecting SQL injection vulnerabilities at home and abroad are studied.Their advantages and disadvantages are analyzed.The causes of SQL injection vulnerabilities,the principles of SQL injection attacks and the commonly used SQL injection vulnerability detection method are studied.As the current existing SQL injection vulnerability detection systems have some problems,such as the high rate of missing alarm and false alarm.The multi-threaded crawler technology,and the MD5 algorithm are used to solve these problems.The website links are crawled and the duplicate links are filtered.The method of generating test cases based on fuzzing technology is proposed.Different feature templates are created according to the use case characteristics.These test case feature templates are random combined,and a lot of test cases are dynamically generated.Finally,the test cases are deformed using the filtering rule.The test cases generated by this method can bypass the filtering mechanism of the web application,so the accuracy of vulnerability detection is improved.An improved page comparison algorithm based on DOM tree sequence value comparison is used to detect the SQL injection vulnerabilities.The security of web application is evaluated by this method.The security level of the web application is determined.Based on this,the SQL injection vulnerability detection system based on fuzzing is designed and implemented.Through the three evaluation indexes of detectable amount,missing alarm rate and false alarm rate,the system designed in this paper is compared with other detection tools.The results show that the SQL injection vulnerability detection system can detect the vulnerabilites more accurately and can reduce the missing alarm and false alarm rate.