Detecting SQL Vulnerability Attack Based on the Dynamic and Static Analysis Technology

Targeting at PHP program, this paper proposes an SQL vulnerability detection method based on the injection analysis technology. This method makes a detailed analysis on the one-time injection in the aspects of data flow and program behavior, on the basis of the combination of dynamic and static analysis technique. Then it implements the SQL vulnerability determination algorithm which is based on lexical feature comparison. At last, this paper combines alias analysis technology, behavior model and SQL which is based on lexical feature comparison to design and establish a prototype system for SQL vulnerability detection. The experiment shows that our system has a good strong ability of SQL vulnerability detection and very low time cost.