The Research Of SQL Injection Vulnerability Detection Method Based On Static Analysis

With the popularity and the rapid development of the Internet,especially the emergence of Web2.0 technology,the Web application has made great progress.The functions of Web application include instant messaging,data storage,online shopping,and online payment nowadays.The users of Web application has become a very large and stable groups.Therefore,once the Web application suffer from security problems,users will be directly affected,what's worse,somebody may experience economic losses.Among Web security problems,Web vulnerabilities are the most serious problems with great influence.SQL injection is the most popular vulnerability and it is damaging.Therefore,detecting SQL injection vulnerability rapidly and accurately is of great significance for ensuring the security of Web applications and the following fixing.Some commercial and open source detection tools used today generally have long detection time,some of these tools have low correct rate.In order to solve the problems above,this paper proposes an improved detection method of SQL injection.This method is based on the static analysis.Static analysis is an effective method of SQL injection vulnerability detection,lexical analysis,type inference,data flow analysis and symbolic execution are the methods often used by static analysis,they view the properties of program variables and functions without actually execution of the programs.We use lexical analysis,data flow analysis and the rank algorithm based on program spectrum to detect the vulnerabilities.In this paper,we accomplish a SQL injection detection system called QSA_scanner.The system is written by PHP language,it can detect SQL injection vulnerability in PHP programs.The system is composed of marked module,analysis module and output module.Marking module is used for dividing the code and markup,analysis module is used for data flow analysis,and it update the vulnerabilities functions library to avoid duplication of analysis;output module is used for output the results.Experiment shows that,this system did a good job in false positive rate and false negative rate,and compared to other detection tools,it consumes less detection time.