| The rapid development of Web technology has brought great convenience to people's life,but the security problem is becoming more and more serious in the process of design,development and deployment.There are many Web security problems which are threaten the security of Web applications.In particular,SQL injection vulnerability attacks that appear for a long time and have a wide range of hazards.At present,the research of SQL injection vulnerability detection for Web applications has two categories,static testing and dynamic testing.Static testing also can combine with other techniques like data mining,machine learning and mutation testing,while dynamic testing most use spider.Most of the researches about SQL injection focus on the first-order SQL injection,but seldomly consider the second-order SQL injection.In this paper,based on the analysis,a chopping-based method is proposed to detect the second-order SQL injection.The chopping technology is introduced into the static taint analysis.There are three steps in the analysis process.Firstly,program under test are initialized and the system dependence graph is established,then chopping on the system dependence graph is executed to get the tainted data propagation path,which was first-order SQL injection path.Secondly,the SQL statements in those paths must be used to get the second-order operation pairs,and those paths are matched to the suspected second-order SQL injection paths.Finally,the attack vector is constructed to verify the existence of the vulnerabilities that are hiding in Web applications.According to the method proposed in this paper,experiments were conducted on several Java Web applications.Experimental results show that the proposed method can effectively detect the second-order SQL injection vulnerability,and the false positive rate was lower then the compared method. |
PDF Full Text Request