Research And Implementation About SQL Server Security Assessment Based On Windows

With the advent of big data,database technology has become more important.At present,the database security protection measures have been mature,but there are still some deficiencies,such as baseline examination and vulnerability scanning automation,the SQL injection methods facing false positives and false negatives,etc.This thesis analyzes the existing problems of database security evaluation methods and tools,do implementation on database security baseline based on application environment,improve Nessus scan strategy and propose a detection model based on parameterized queries against SQL injection attack.In order to verify the feasibility,this thesis realizes the system.The baseline examination module realize the function that examine database baseline automatically by managing target devices and scanning tasks,which makes up for the deficiency of the baseline standard according to application environment.Vulnerability scanning by using the improved scan strategy,solve the problem which Nessus lack scanning strategy for a single type of equipment.SQL injection attacks detecting and defensing module combines and modifies the user input filtering method and dynamic analysis method,proposing a new method based on parameterized queries which has higher accuracy and efficiency rate.