摘要
为提高网页结构化查询语言(Structured Query Language,SQL)注入漏洞检测精度和检测效率,引入网络爬出技术,开展对其检测方法的设计研究。引入了一种SQL注入漏洞扫描程序,可抓取网页,并计算页面相似度;检测时模拟SQL注入漏洞攻击,对网页SQL注入漏洞扩展过程建模;利用网络爬虫技术,检测SQL可注入点,并深度挖掘漏洞。通过对比实验证明,设计的检测方法正确检测数量较多,检测耗时较短,具备极高的应用价值。
In order to improve the detection accuracy and efficiency of Web Structured Query Language(SQL)injection vulnerability,the network crawling technology was introduced to carry out the design and research of its detection method.A SQL injection vulnerability scanner was introduced to crawl web pages and calculate page similarity.When detecting,the SQL injection vulnerability attack is simulated,and the expansion process of Web SQL injection vulnerability is modeled.The web crawler technology is used to detect SQL injection points and realize the depth mining of vulnerabilities.The comparative experiments show that the new detection method has more correct detection numbers and shorter detection time,and it has high application value.
作者
程亚维
王东霞
CHENG Yawei;WANG Dongxia(Jiyuan Vocational and Technical College,Jiyuan Henan 459000,China)
出处
《信息与电脑》
2023年第4期236-238,共3页
Information & Computer
关键词
网络爬虫技术
结构化查询语言(SQL)
漏洞检测
注入漏洞
页面相似度
Web crawler technology
Structured Query Language(SQL)
vulnerability detection
injection vulnerability
page similarity
