Web Application Model Based Second-order SQL Injection Test Suite Generation

Web applications are widely used in various fields of today's society.Although it brings great convenience to people's lives,it also brings many security risks.SQL injection vulnerabilities have always been one of the main problems that threaten the security of web applications.Among them,second-order SQL injection vulnerabilities are subtler and more threatening than first-order SQL injection.The detection usually depends on the prior knowledge and experience of testers.The current detection methods for second-order SQL injection vulnerabilities have problems such as limited with environment and low detection efficiency.In order to solve these problems,this paper proposes a second-order SQL injection test suite generation method based on the web application client behavior model.The main research contents are as follows:1.A detailed analysis of the structure and formation principle of second-order SQL injection vulnerabilities is given,and the definition of the client behavior model is given.The relationship between the client behavior model and the web application test cases is established to lay the foundation for subsequent research.2.Define the migration Topo graph to describe the execution sequence and relationship that should be satisfied by the migration that leads to the test suite triggering vulnerabilities,and propose a method for generating Topo graph based on runtime detection technology.This method first generates and executes an initial set of test cases to obtain the mapping relationship between transitions and SQL statements,and then generates a Topo Diagram by analyzing the dependency relationship between SQL statements.3.A test sequence generation algorithm based on Topo graph is proposed.In order to ensure the diversity of attack vectors in test cases,the automatic generation rules of attack vectors represented by the Bacos paradigm are designed,and in order to reduce the complexity of the rule,the Bacos paradigm is improved to improve the efficiency of attack vector generation.Experimental results show that the method in this paper can effectively detect vulnerabilities and is superior to the existing mainstream second-order SQL injection vulnerability detection methods.In view of the similarity between second-order SQL vulnerability and storage XSS vulnerability,this paper also applies this method to the detection of storage XSS vulnerabilities,and related experiments are carried out.The experimental results show that this method can also effectively guide the detection of storage XSS vulnerabilities.