Penetration test method using blind SQL injection based on second-order fragment and reassembly
How to get rid of the blindness of current SQL injection penetration test,produce the optimized attack pattern of SQL injection,enhance the effectiveness in the phase of attack generation,and improve the accuracy of vulnerability detection of SQL injection using penetration test,is a big challenge.I...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2017-10-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2017238/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539527635632128 |
|---|---|
| author | De-guang LE Sheng-rong GONG Shao-gang WU Feng XU Wen-sheng LIU |
| author_facet | De-guang LE Sheng-rong GONG Shao-gang WU Feng XU Wen-sheng LIU |
| author_sort | De-guang LE |
| collection | DOAJ |
| description | How to get rid of the blindness of current SQL injection penetration test,produce the optimized attack pattern of SQL injection,enhance the effectiveness in the phase of attack generation,and improve the accuracy of vulnerability detection of SQL injection using penetration test,is a big challenge.In order to resolve these problems,a new penetration test method using blind SQL injection was proposed based on second-order fragment and reassembly.In this method,the SQL injection attack model was built firstly and then the multiform and multi-type attack patterns of SQL injection penetration test driven by the SQL injection attack model was produced,which can reduce the blindness of SQL injection penetration test and improve the accuracy of SQL injection vulnerability detection.The experiments of SQL injection vulnerability detection was conducted through the actual Web applications by using proposed method in comparison with current methods.The analysis results of test show the proposed method is better compared with other methods,which not only proves the effectiveness of proposed method,but also improve the accuracy of SQL injection vulnerability detection by reducing false negative in the defensive environment. |
| format | Article |
| id | doaj-art-a5608d05d8284d97bc2172bf635309c7 |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2017-10-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-a5608d05d8284d97bc2172bf635309c72025-01-14T07:13:39ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2017-10-0138738259714584Penetration test method using blind SQL injection based on second-order fragment and reassemblyDe-guang LESheng-rong GONGShao-gang WUFeng XUWen-sheng LIUHow to get rid of the blindness of current SQL injection penetration test,produce the optimized attack pattern of SQL injection,enhance the effectiveness in the phase of attack generation,and improve the accuracy of vulnerability detection of SQL injection using penetration test,is a big challenge.In order to resolve these problems,a new penetration test method using blind SQL injection was proposed based on second-order fragment and reassembly.In this method,the SQL injection attack model was built firstly and then the multiform and multi-type attack patterns of SQL injection penetration test driven by the SQL injection attack model was produced,which can reduce the blindness of SQL injection penetration test and improve the accuracy of SQL injection vulnerability detection.The experiments of SQL injection vulnerability detection was conducted through the actual Web applications by using proposed method in comparison with current methods.The analysis results of test show the proposed method is better compared with other methods,which not only proves the effectiveness of proposed method,but also improve the accuracy of SQL injection vulnerability detection by reducing false negative in the defensive environment.http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2017238/SQL injectionpenetration testattack modelsecond-order fragment and reassembly |
| spellingShingle | De-guang LE Sheng-rong GONG Shao-gang WU Feng XU Wen-sheng LIU Penetration test method using blind SQL injection based on second-order fragment and reassembly Tongxin xuebao SQL injection penetration test attack model second-order fragment and reassembly |
| title | Penetration test method using blind SQL injection based on second-order fragment and reassembly |
| title_full | Penetration test method using blind SQL injection based on second-order fragment and reassembly |
| title_fullStr | Penetration test method using blind SQL injection based on second-order fragment and reassembly |
| title_full_unstemmed | Penetration test method using blind SQL injection based on second-order fragment and reassembly |
| title_short | Penetration test method using blind SQL injection based on second-order fragment and reassembly |
| title_sort | penetration test method using blind sql injection based on second order fragment and reassembly |
| topic | SQL injection penetration test attack model second-order fragment and reassembly |
| url | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2017238/ |
| work_keys_str_mv | AT deguangle penetrationtestmethodusingblindsqlinjectionbasedonsecondorderfragmentandreassembly AT shengronggong penetrationtestmethodusingblindsqlinjectionbasedonsecondorderfragmentandreassembly AT shaogangwu penetrationtestmethodusingblindsqlinjectionbasedonsecondorderfragmentandreassembly AT fengxu penetrationtestmethodusingblindsqlinjectionbasedonsecondorderfragmentandreassembly AT wenshengliu penetrationtestmethodusingblindsqlinjectionbasedonsecondorderfragmentandreassembly |