Research on Threat Detection of SQL Injection Attacks in Large Scale Web Applications

Research on Threat Detection of SQL Injection Attacks in Large Scale Web Applications

연구 분야: Databases

학회: 2024 International Seminar on Artificial Intelligence, Computer Technology and Control Engineering (ACTCE)

Web applications are susceptible to SQL conventional injection, second-order injection, or blind injection attacks during operation, bring security threats to web system data, user privacy, or sensitive data. To reduce the impact of SQL injection on system vulnerability attacks, a fuzzy testing vulnerability detection technology for web applications and servers is proposed. A fuzzy testing SQL injection vulnerability detection model framework is established. The information collection module and fuzzy detection mod ule of the vulnerability detection framework are used, and keyword encoding, mixed case encoding, and structured query language (SQL) statement annotations are used to complete parameter queries and hierarchical detection of level 0, level 1, and level 2 vulner abilities through detection processes such as restructuring and bypassing. Finally, an experimental environment is built using soft ware and hardware such as ASP. NET, Microsoft Visual Studio, and IIS server to demonstrate the SQL injection vulnerability detection model based on fuzzy testing technology. The simulation results show that the SQL injection vulnerability detection model based on fuzzy testing method, compared to the SQL injection attack detection method of web application source code based on pro gram slicing technology, is validated in different levels of vulnerability detection. The detection effect is better (reaching over 90%).