摘要
SQL注入攻击被列为oWASP(open Web application security project)2010年和2013年十大Web应用系统安全威胁之首.SQL注入攻击检测及如何提高Web代码对SQL注入攻击的防御能力是目前常见的研究问题之一,结合词法分析及PHP语言特性,提出基于规则及特征匹配的漏洞检测架构,实现了PHP源代码的静态检测算法.测试结果表明该算法效果较好,具有较低的误报率,能够在词法分析阶段进行一定的别名分析及污染分析,从而在程序实现初期提高代码的安全性;同时漏洞检测框架可以进行拓展,实现对其他"taint-style"类型的漏洞检测.
The concept of “SQL injection” has been proposed for more than 10 years,however,SQL injection attack was still rated the number one attack on the Open Web Application Security Project (OWASP) in 2013. With the rapid development of dynamic Web applications, PHP becomes popular because it’s fast,reliable and can be combined with many different types of RDBMS,and it’s also a cheap option for developing and hosting applications on the Web. PHP is a powerful language which can access files,execute commands and open network connections on the server. However, these properties also make anything is run on a Web server insecure by default. As there are several ways of utilizing PHP,there are many configuration options controlling its behavior. A large selection of options guarantees that PHP can be utilized to a lot of purposes. With proper runtime configuration options and coding practices, PHP can provide exactly the combination of freedom and security. This paper considers the security risks related to PHP programming language, and describes different situations which will lead to website vulnerabilities. It also proposes a static lexical analysis framework for detecting SQL injections based on the matching rules, and implements the PHP sourcecode SQL injection attack detection algorithm. The experiments demonstrate that the algorithm is effective,and it can also be extended to detect other “taint-style” Web vulnerabilities.
出处
《信息安全研究》
2015年第2期140-148,共9页
Journal of Information Security Research
基金
广东省自然科学基金项目(S2013010013728)
澳门科技发展基金项目(097/2013/A3)
关键词
SQL注入
词法分析
静态分析
污染分析
规则匹配
SQL injection
lexical analysis
static analysis
taint analysis
matching rules
