Netinfo Security ›› 2016, Vol. 16 ›› Issue (2): 66-73.doi: 10.3969/j.issn.1671-1122.2016.02.011

• Orginal Article • Previous Articles     Next Articles

Research and Analysis on the Novel SQL Injection and Defense Technique

Xin LI1(), Weiwei ZHANG1, Zichang SUI2, Lixin ZHENG1   

  1. 1. College of Engineering, Huaqiao University, Quanzhou Fujian 362021, China
    2. Information and Computer Engineering College, Northeast Forestry University, Harbin Heilongjiang 150000,China
  • Received:2015-12-15 Online:2016-02-10 Published:2020-05-13

Abstract:

SQL injection is one of the most serious threats for Web security, and has developed new technologies in recent years. Researchers put more focus on detection and prevention of traditional SQL injection technique, rather than the novel SQL injection technique. Based on the introduction of traditional SQL injection and existing defense technologies, this paper introduces client SQL injection, detection bypass and second-order SQL injection. Finally we compare 5 traditional SQL injection technologies and 3 new SQL injection technologies through the aspects of effects and prevention. Analysis of the injection effect shows that the new SQL injection technology has the characteristics of great harm, wide influence, and relying on the manual implementation. Analysis of the defense method shows that although the new SQL injection technology can break through some of the traditional defense schemes, the existing defense technology still can effectively defend it. At the end of the analysis a suitable, Web defense scheme for each technology is proposed.

Key words: SQL injection, Web security, Web defense

CLC Number: