SQL injection vulnerability detection based on taint analysis
SQL injection vulnerability brings huge potential risks to the database system of Web program.The loss can be immeasurable once this vulnerability is attacked.Therefore,a detection approach of SQL injection vulnerability based on stain analysis is proposed.The approach takes the three-address code as the intermediate representation,and according to the characteristics of SQL injection vulnerability,the ap-proach designs the taint data flow value and taint propagation rules for forward analysis,and then the data flow algorithm is analyzed iteratively on the control flow graph of program.Meanwhile,the security check is performed simultaneously during the calculation process,so as to obtain all sink points containing tainted data.Finally,the location of SQL injection vulnerability is reported by traversing the sink point set,and the effectiveness of the approach is verified by comparative experiments.
万方数据
维普
