Design And Implementation Of Android Application SOL Injection Vulnerability Scanning System

With the rapid development of the Internet,Android mobile intelligent terminals have been widely used,and smart terminals have provided great convenience in people's lives.While fully exploiting their superiority,they also exposed the drawbacks of some applications.Android applications rely on the network to access server resources to provide services to users.When accessing network resources,various problems are prone to occur.Previous penetration testing methods and tools are mostly targeted at Web system level vulnerabilities,while Android mobile terminals are also ignored.such as SQL injection,unauthorized access,XSS attacks,etc.;security testers of Android applications,more use of the method of setting up the proxy,this manual test method is inefficient and takes a long time;For the SQL injection vulnerability,the traditional detection method ignores the regularity of the test case,which leads to long time and low detection accuracy,and cannot guarantee the efficient detection of all injection.This shows that the research on SQL injection vulnerability detection on the Android side is very necessary.This paper first introduces the development background of Android application and the necessity of SQL injection vulnerability research.It summarizes the causes of SQL injection vulnerability and the traditional detection methods.Then,through analyzing the existing vulnerability detection methods,two kinds of solutionare proposed:1.According to the difference of the injection position in the SQL statement,the SQL injection test case generation model based on the attack location is proposed.2.Using the characteristics of the recurrent neural network suitable for processing the time series data,the combination of binary search and recurrent neural network is proposed.Then,for the problem of low efficiency of Android mobile manual testing,the system uses autonatic testing framework and middleman technology to optimize,and finally design and implement the Android application SQL injection vulnerability scanning system.Compared with the traditional testing method,the system is testing efficiency and The detection accuracy has been improved.The specific work of the thesis is as follows:1.By analyzing the current vulnerability detection technology,this paper describes the research background and significance of the Android application SQL injection vulnerability scanning system.Then it summarizes the research status of previous Android applications and SQL injection vulnerabilities,and finally gives the organization structure of the paper.2.Explain the causes and classification of SQL injection vulnerabilities and the key technologies used to implement the Android application vulnerability scanning system:the appium automated testing framework,the middleman technology,the RNN technology,and the MVC mode.3.Analyze and design the Android application SQL injection vulnerability scanning system,including system overall requirements analysis,overall design,and module design.Then divide the system into four major modules:request trigger module,middleman module,SQL injection vulnerability scanning module,user control module.4.According to the platform requirements analysis and design,complete the implementation of each module,and use the core code,flow chart and effect diagram to display and explain in each module.5.Perform functional testing and performance testing on the system to continuously optimize system performance and ensure system operation stability.