首页 | 本学科首页   官方微博 | 高级检索  
     

SQL注入攻击与防范实验的设计与实现
引用本文:王德高,徐王楚,王立明,刘向东. SQL注入攻击与防范实验的设计与实现[J]. 大连民族学院学报, 2020, 21(5): 441-444
作者姓名:王德高  徐王楚  王立明  刘向东
作者单位:大连民族大学 计算机科学与工程学院,辽宁 大连 116650
基金项目:辽宁省本科教育教学改革项目(2015-667);辽宁省应用型转型发展试点专业建设项目(2016-70);大连民族大学教育教学改革项目(ZB201902,ZD201910)
摘    要:介绍了SQL注入的原理、攻击和防范技术,并通过设计具体实验方案演示了SQL注入攻击与防范的全过程及细节。通过搭建存在SQL注入漏洞的Web网站并对其进行SQL注入攻击,观察被攻击的效果,进行漏洞修复。对漏洞修复后的系统进行攻击,并对比修复漏洞前后的现象,以此得出SQL注入漏洞的原理、产生原因、对应攻击原理及如何防范漏洞,加深对SQL注入的理解。

关 键 词:SQL注入  Web攻击  漏洞修复  网络安全  

Design and Implementation of Experiments for SQL Inject Attack and Prevention
WANG De-gao,XU Wang-chu,WANG Li-ming,LIU Xiang-dong. Design and Implementation of Experiments for SQL Inject Attack and Prevention[J]. Journal of Dalian Nationalities University, 2020, 21(5): 441-444
Authors:WANG De-gao  XU Wang-chu  WANG Li-ming  LIU Xiang-dong
Affiliation:School of Computer Science and Engineering, Dalian Minzu University, Dalian Liaoning 116650, China
Abstract:This paper introduces the principle, attack and prevention technology of SQL injection, and demonstrates the whole process and details of SQL injection attack and prevention by designing a concrete experimental scheme. By building a web site with SQL injection vulnerabilities and using SQL injection attacks, we observe the effects of the attack, and then repair the vulnerabilities. The system after bug fixes is also attacked, and is compared with the phenomena before the repair of the loophole. This shows the principles and causes of SQL injection vulnerabilities, the principles of corresponding attacks and how to prevent loopholes, so as to enhance the understanding of SQL injection.
Keywords:SQL inject  Web attack  bug fixes  network security  
点击此处可从《大连民族学院学报》浏览原始摘要信息
点击此处可从《大连民族学院学报》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号