| With the development of the Internet,the application of Web applications is becoming more and more popular.The vulnerabilities of Web applications are facing a huge threat.Every year,thousands of attacks against Web vulnerabilities occur.As one of the most common vulnerabilities,how to discover and avoid SQL injection vulnerabilities is not only a key test object for security testers,but also gradually being taken into consideration by developers.This topic is based on the security protection of China Securities Registration and Settlement Co.,Ltd.to its website and online business system.It focuses on the detection of SQL injection vulnerabilities in Web applications.The main research contents include web crawler,vulnerability detection,export report,etc.Finally,relying on MFC platform,we developed a system to detect SQL injection vulnerabilities.This system applies a simple,efficient and non-destructive method to detect SQL injection vulnerabilities,and combines multi-threading technology and breadth-first search strategy to complete the detection of SQL injection vulnerabilities.Finally,the system can detect large-scale Web applications,and the efficiency of the system is very prominent.The system can temporarily store the HTML page files to the local area while analyzing the content of HTML pages,and then save the analysis results to the queue for multi-threading processing.In the vulnerability display function,it provides a variety of perspectives to observe data,including database view,list view,detailed vulnerability information view,and can export vulnerability information reports in Word format at any time.In short,compared with other mainstream black-box security scanning tools,this system has the characteristics of strong pertinence,fast detection speed and low false alarm rate. |
PDF Full Text Request