• DocumentCode
    3658503
  • Title

    Detecting SQL Vulnerability Attack Based on the Dynamic and Static Analysis Technology

  • Author

    Yaohui Wang;Dan Wang;Wenbing Zhao;Yuan Liu

  • Author_Institution
    Beijing Univ. of Technol., Beijing, China
  • Volume
    3
  • fYear
    2015
  • fDate
    7/1/2015 12:00:00 AM
  • Firstpage
    604
  • Lastpage
    607
  • Abstract
    Targeting at PHP program, this paper proposes an SQL vulnerability detection method based on the injection analysis technology. This method makes a detailed analysis on the one-time injection in the aspects of data flow and program behavior, on the basis of the combination of dynamic and static analysis technique. Then it implements the SQL vulnerability determination algorithm which is based on lexical feature comparison. At last, this paper combines alias analysis technology, behavior model and SQL which is based on lexical feature comparison to design and establish a prototype system for SQL vulnerability detection. The experiment shows that our system has a good strong ability of SQL vulnerability detection and very low time cost.
  • Keywords
    "Algorithm design and analysis","Computer bugs","Testing","Analytical models","Arrays","Feature extraction","Prototypes"
  • Publisher
    ieee
  • Conference_Titel
    Computer Software and Applications Conference (COMPSAC), 2015 IEEE 39th Annual
  • Electronic_ISBN
    0730-3157
  • Type

    conf

  • DOI
    10.1109/COMPSAC.2015.277
  • Filename
    7273432
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3658503