| Web applications become gradually one of the mainstream of software development.What was coming is the various vulnerabilities exists in Web applications,for example,SQL attack which has caused huge losses in daily life,routine work and learning.In order to solve vulnerabilities exists in the Web,this paper released a detective and defensive system based on general protocol for SQL injection attack.This paper comes up with detective and defensive system based on general protocol for SQL injective attack under the IPS device,which rely on the analysis of SQL injection attack's traffic and combine with attacking character and attacking principle of SQL injection attack.The system create generalized and layering SQL injection attack's model,feature library of SQL injection attack's common rules,by studying character of SQL's language and basic operating language,comparing performance of common database,analyzing SQL injective detection tool's detective character and virtual attacking environment,simulating SQL injection attack and abstracting traffic,analyzing attacking point and method of bad traffic.This system takes common rules into rule-library of IPS device and simplifies SQL injection attack's rule exists in the rule-library.Finally,taking action of passing,warming or stopping to uplift internet security combine with detecting of Internet traffic bag under IPS device 's rule-library.Designing experiment to testify effectiveness of system create above,the result indicates that detective and defensive system is effective,and decrease the number of rules,memory and the non-response rates. |
PDF Full Text Request