SQL Injection Vulnerability Detection And Counter Based On Penetration Test

At present, there are security vulnerabilities in many Web applications. This situation brings great security threats to personal privacy and other sensitive data for Web systems.SQL injection vulnerability is one of the most serious security risks. It has universality?multiplicity of hazard and characteristics of a variety of attacks and affects the normal operation of the Web application system. On the basis of SQL injection attack principle and the method to detect and prevent SQL injection, the research in this paper presents SQL injection vulnerabilities detection framework which is based on a SQL injection vulnerability classification and fuzzy test and SQL injection attack layered defense model.This paper firstly introduces the SQL injection attack and penetration testing technique for Web systems and analyzes the SQL injection attack detection and prevention methods.Secondary, the SQL injection vulnerability classification and penetration testing of SQL injection vulnerabilities detection framework is proposed, meanwhile, a SQL injection attacks layered defense model is put forward which combines the defense method in client and server, the security strategy of database and system. Then the SQL injection attack detection model and QL injection attacks layered defense model is designed and implemented. Finally, demonstrating the two models which is constructed in this paper by the experiment.The experimental environment set up in this paper uses ASP.NET and IIS server and Visual Studio development. Combining with the actual development of the experiment, the operation and test environment, demonstrating the built SQL injection vulnerabilities based on classification and fuzzy test of SQL injection vulnerabilities detection framework and the SQL injection attacks layered defense model, to prove the feasibility of the SQL injection attack detection method proposed and the effectiveness of the method to prevent SQL injection attacks. At the same time,compared with the current several SQL injection attack detection tools and SQL injection attacks defense method, to verify the method in the detection and defense efficiency and detection which are puts forward in this paper have the Characteristics of the accuracy is superior to existing methods or models.