信息网络安全 ›› 2015, Vol. 15 ›› Issue (9): 129-134.doi: 10.3969/j.issn.1671-1122.2015.09.030

• 入选论文 • 上一篇    下一篇

SQL注入攻击与防御技术研究

刘文生1(), 乐德广2, 刘伟1   

  1. 1. 泉州市公安局公共信息网络安全监察支队,福建泉州 362000
    2. 常熟理工学院计算机学院,江苏苏州 215500
  • 收稿日期:2015-07-15 出版日期:2015-09-01 发布日期:2015-11-13
  • 作者简介:

    作者简介: 刘文生(1968-),男,福建,工程师,本科,主要研究方向:计算机网络安全防范;乐德广(1975-),男,福建,副教授,博士,主要研究方向:信息安全与计算机安全;刘伟(1985-),男,江苏,本科,主要研究方向:数据加密与解密。

  • 基金资助:
    国家自然科学基金[61202440,61170124]

Research on SQL Injection Attack and Defense Technology

Wen-sheng LIU1(), De-guang LE2, Wei LIU1   

  1. 1. Quanzhou Public Security Bureau Public Information Network Security Supervision Detachment, Quanzhou Fujian 362000, China
    2. Changshu Institute of technology, Suzhou Jiangsu 215500, China
  • Received:2015-07-15 Online:2015-09-01 Published:2015-11-13

摘要:

随着计算机网络技术的飞速发展,人们对无处不在的网络依赖程度越来越高,随之而来的一系列网络安全问题也越来越受到人们的重视。目前,SQL注入攻击已成为了黑客攻击的主要手段之一。文章介绍了SQL注入原理,对产生SQL注入原因以及实战中遇到的常见SQL注入攻击方式进行了深入研究,并在实际渗透测试的实践基础上提出一种新的SQL注入检测技术及工具实现,为日后测试SQL注入攻击提供有力的技术支持,为信息系统在SQL注入防御方面提供有力保障。

关键词: SQL注入攻击, 渗透测试, 防御

Abstract:

With the rapid development of computer network technology, the human is more and more reliance on the ubiquitous network, and a series of network security problem that make people pay more attention on it. At present, the SQL injection attack has become one of the primary means of hacking by hackers. This paper introduces the principle of SQL injection, depth study on the cause of SQL injection and actual combat encounter common SQL injection attack, proposed a new SQL injection detection techniques and tools to achieve in practice on the basis of actual penetration testing, and provides strong technical support for future testing SQL injection attacks or provides powerful guarantee for the information system in the SQL injection defense.

Key words: SQL injection attack, penetration testing, defense

中图分类号: