论文部分内容阅读
随着Web应用技术发展,技术人员愿意使用其来开发应用程序。但Web应用的安全防护知识基本不被重视,最终出现SQL注入攻击[1]。OWASP发布的最新Web应用十大关键风险中,按漏洞风险排序,注入攻击排名第一位。正是由于SQL注入漏洞的广泛存在、危害多以及黑客的攻击手法的多样性。对SQL注入的攻击原理和SQL注入检测和防范方法的研究具有重要的现实意义。正是针对这些安全关注点对多种注入攻击技术的实验分析,并同时提出几种全新的注入技巧。内容包括攻击准备阶段的检测、扫描方式,攻击实施阶段的猜解、时间延迟函数、数据库表应用和后期处理阶段的网络后门等技术分析。
As web application technology evolves, technicians are willing to use it to develop applications. However, the basic knowledge of Web application security protection is not taken seriously, and SQL injection attacks eventually occur [1]. OWASP released the latest Web application ten key risks, according to the risk ranking, injection attack ranked first. It is precisely because of the widespread existence of SQL injection vulnerabilities, endangering the diversity of attacks and hackers. The research on attack principles of SQL injection and SQL injection detection and prevention methods has important practical significance. It is against these security concerns on a variety of injection attacks on the experimental analysis, and at the same time proposed several new injection techniques. Including attack preparation phase detection, scanning methods, guessing the implementation phase of the attack, the time delay function, the database table applications and post-processing phase of the network back door and other technical analysis.