| SQL注入攻击与防范实验的设计与实现 |
| |
| 引用本文: | 王德高,徐王楚,王立明,刘向东.SQL注入攻击与防范实验的设计与实现[J].大连民族学院学报,2020,21(5):441-444. |
| |
| 作者姓名: | 王德高 徐王楚 王立明 刘向东 |
| |
| 作者单位: | 大连民族大学 计算机科学与工程学院,辽宁 大连 116650 |
| |
| 基金项目: | 辽宁省本科教育教学改革项目(2015-667);辽宁省应用型转型发展试点专业建设项目(2016-70);大连民族大学教育教学改革项目(ZB201902,ZD201910) |
| |
| 摘 要: | 介绍了SQL注入的原理、攻击和防范技术,并通过设计具体实验方案演示了SQL注入攻击与防范的全过程及细节。通过搭建存在SQL注入漏洞的Web网站并对其进行SQL注入攻击,观察被攻击的效果,进行漏洞修复。对漏洞修复后的系统进行攻击,并对比修复漏洞前后的现象,以此得出SQL注入漏洞的原理、产生原因、对应攻击原理及如何防范漏洞,加深对SQL注入的理解。
|
| 关 键 词: | SQL注入 Web攻击 漏洞修复 网络安全 |
Design and Implementation of Experiments for SQL Inject Attack and Prevention |
| |
| WANG De-gao,XU Wang-chu,WANG Li-ming,LIU Xiang-dong.Design and Implementation of Experiments for SQL Inject Attack and Prevention[J].Journal of Dalian Nationalities University,2020,21(5):441-444. |
| |
| Authors: | WANG De-gao XU Wang-chu WANG Li-ming LIU Xiang-dong |
| |
| Institution: | School of Computer Science and Engineering, Dalian Minzu University, Dalian Liaoning 116650, China |
| |
| Abstract: | This paper introduces the principle, attack and prevention technology of SQL injection, and demonstrates the whole process and details of SQL injection attack and prevention by designing a concrete experimental scheme. By building a web site with SQL injection vulnerabilities and using SQL injection attacks, we observe the effects of the attack, and then repair the vulnerabilities. The system after bug fixes is also attacked, and is compared with the phenomena before the repair of the loophole. This shows the principles and causes of SQL injection vulnerabilities, the principles of corresponding attacks and how to prevent loopholes, so as to enhance the understanding of SQL injection. |
| |
| Keywords: | SQL inject Web attack bug fixes network security |
|
| 点击此处可从《大连民族学院学报》浏览原始摘要信息 |
| 点击此处可从《大连民族学院学报》下载免费的PDF全文 |
|
