Research Of SQL Injection Vulnerability Test Case Generation Based On Context - Free Grammar

SQL injection vulnerability is a kind of security application vulnerabilities.It is a serious threat to the security of application.The OWASP has ranked SQL injection vulnerabilities as one of the most dangerous web security vulnerabilities for ten years.Although currently SQL injection security issues have been in deep study,there are still shortcomings in the study of SQL injection vulnerability test case.Although there are a large number of SQL injection vulnerabilities,the number of vulnerabilities that can be covered by test case is small.The number of test cases that can trigger SQL injection vulnerabilities is even smaller.These problems lead to low coverage of vulnerabilities and low ability of vulnerability detection.To solve the problem of SQL injection test cases,this thesis proposes a method of generating test cases using the context-free grammar.Meanwhile in order to improve the detection rate of the test cases in the security verification mechanism,this thesis improves the test cases using the mutation method.Firstly,this thesis analyzes the characteristics of the test cases and formalizes them.According to the characteristics,this thesis uses the context-free grammar to generate test cases.Secondly,this thesis analyzes the defensive mechanism of SQL injection,and then summarizes the characteristics of the mutation method that bypasses the security mechanism.Finally,this thesis use the mutation method to optimize the test case set generated by context-free grammar and generate new test case sets?In the end,the test case set generated by the context-free grammar,the test case set collected manually and the test case library of the sqlmap scanning tool are tested in the environment without security verification mechanism.The experiment results show that the coverage ratio of the test cases generated by the context-free grammar is higher than that of the other two test cases.Secondly,the test cases generated by the context-free grammar and the test cases optimized by the mutation method are tested under the condition without security verification and with security verification.The experiment results show that the vulnerability detection ability of the test case sets after mutation is stronger and more stable than that before mutation.Finally,the validity of test cases is compared among the test case set collected manually,the test case set generated by context-free grammar,and the test case set after mutation.Experiment results show that the test case generation rule and the mutation techniques,which are context-free grammar,can generate more effective test cases for triggering vulnerabilities.