基于二阶分片重组盲注的渗透测试方法

乐德广; 龚声蓉; 吴少刚; 徐锋; 刘文生

doi:10.11959/j.issn.1000-436x.2017238

您当前的位置：

首页 >

文章列表页 >

基于二阶分片重组盲注的渗透测试方法

学术论文 | 更新时间：2024-06-05

- 基于二阶分片重组盲注的渗透测试方法
- Penetration test method using blind SQL injection based on second-order fragment and reassembly
- 通信学报 2017年38卷第Z1期页码：73-82
- 作者机构：
  
  1. 常熟理工学院计算机科学与工程学院，江苏常熟 215500
  2. 苏州大学计算机科学与技术学院，江苏苏州 215006
  3. 中科梦兰电子科技有限公司，江苏常熟 215500
  4. 泉州市公安局公共信息网络安全监察支队，福建泉州 362000
- 作者简介：
  
  [ "乐德广（1975-），男，福建三明人，博士，常熟理工学院副教授，主要研究方向为信息安全与下一代互联网技术等。" ]
  [ "龚声蓉（1966-），男，湖北天门人，博士，常熟理工学院教授、博士生导师，主要研究方向为图像处理与信息安全等。" ]
  [ "吴少刚（1973-），男，安徽宿松人，博士，中科梦兰电子科技有限公司研究员，主要研究方向为计算机系统结构、并行与分布式计算等。" ]
  [ "徐锋（1981-），男，江苏常熟人，中科梦兰电子科技有限公司高级工程师，主要研究方向为计算机体系结构及自主安全。" ]
  [ "刘文生（1969-），男，福建泉州人，泉州市公安局高级工程师，主要研究方向为网络安全。" ]
- 基金信息：
  
  国家自然科学基金资助项目(61402057);江苏省产学研前瞻性联合研究基金资助项目(BY2016050-01);江苏省科技计划基金资助项目(BK20160411)
- DOI：10.11959/j.issn.1000-436x.2017238
  中图分类号： TP393
- 网络出版日期：2017-10，
  
  纸质出版日期：2017-10-25
- 稿件说明：
移动端阅览
乐德广, 龚声蓉, 吴少刚, 等. 基于二阶分片重组盲注的渗透测试方法[J]. 通信学报, 2017,38(Z1):73-82.

De-guang LE, Sheng-rong GONG, Shao-gang WU, et al. Penetration test method using blind SQL injection based on second-order fragment and reassembly[J]. Journal on communications, 2017, 38(Z1): 73-82.
乐德广, 龚声蓉, 吴少刚, 等. 基于二阶分片重组盲注的渗透测试方法[J]. 通信学报, 2017,38(Z1):73-82. DOI： 10.11959/j.issn.1000-436x.2017238.

De-guang LE, Sheng-rong GONG, Shao-gang WU, et al. Penetration test method using blind SQL injection based on second-order fragment and reassembly[J]. Journal on communications, 2017, 38(Z1): 73-82. DOI： 10.11959/j.issn.1000-436x.2017238.

摘要

针对如何克服当前SQL注入渗透测试存在的盲目性，以生成优化的SQL注入攻击模式、增强渗透测试攻击生成阶段的有效性，提高对SQL注入渗透测试的准确度问题，提出一种基于二阶分片重组的SQL盲注漏洞渗透测试方法。该方法通过对SQL注入攻击行为进行建模，并以模型驱动渗透测试多形态和多种类的攻击生成，从而降低SQL注入渗透测试盲目性，提高其准确度。通过实际的Web应用SQL注入漏洞测试实验与比较分析，不仅验证了所提方法的有效性，而且通过减少在安全防御环境下对 SQL 注入漏洞检测的漏报，提高其测试的准确度。

Abstract

How to get rid of the blindness of current SQL injection penetration test

produce the optimized attack pattern of SQL injection

enhance the effectiveness in the phase of attack generation

and improve the accuracy of vulnerability detection of SQL injection using penetration test

is a big challenge.In order to resolve these problems

a new penetration test method using blind SQL injection was proposed based on second-order fragment and reassembly.In this method

the SQL injection attack model was built firstly and then the multiform and multi-type attack patterns of SQL injection penetration test driven by the SQL injection attack model was produced

which can reduce the blindness of SQL injection penetration test and improve the accuracy of SQL injection vulnerability detection.The experiments of SQL injection vulnerability detection was conducted through the actual Web applications by using proposed method in comparison with current methods.The analysis results of test show the proposed method is better compared with other methods

which not only proves the effectiveness of proposed method

but also improve the accuracy of SQL injection vulnerability detection by reducing false negative in the defensive environment.

关键词

Keywords

references

OWASP . The ten most critical Web application security risks [S ] . OWASP Top 10 , 2017 .

ANTUNES N , VIEIRA M . Designing vulnerability testing tools for Web services:approach,components,and tools [J ] . International Journal of Information Security , 2017 , 16 ( 4 ): 435 - 457 .

ANTUNES N , VIEIRA M . Penetration testing for Web services [J ] . IEEE Computer , 2014 , 47 ( 2 ): 30 - 36 .

DEEPA G , THILAGAM P S . Securing Web applications from injection and logic vulnerabilities:approaches and challenges [J ] . Information and Software Technology , 2016 , 74 ( 6 ): 160 - 180 .

DALAI A K , JENA S K . Neutralizing SQL injection attack using server side code modification in Web applications [J ] . Security ＆Communication Networks , 2017 , 2017 ( 2 ): 1 - 12 .

乐德广 , 李鑫 , 龚声蓉 , 等 . 新型二阶 SQL 注入技术研究 [J ] . 通信学报 , 2015 , 36 ( Z1 ): 85 - 93 .

LE D G , LI X , GONG S R , et al . Research on second-order SQL injection techniques [J ] . Journal on Communications , 2015 , 36 ( Z1 ): 85 - 93 .

HALFOND W G J , CHOUDHARY S R , ORSO A . Improving penetration testing through static and dynamic analysis [J ] . Software Testing Verification ＆ Reliability , 2011 , 21 ( 3 ): 195 - 214 .

SALAS M I P , MARTINS E . A black-box approach to detect vulnerabilities in Web services using penetration testing [J ] . IEEE Latin America Transactions , 2015 , 13 ( 3 ): 707 - 712 .

CHEN J M , WU C L . An automated vulnerability scanner for injection attack based on injection point [C ] // IEEE International Computer Symposium (ICS) . 2010 : 113 - 118 .

ALENEZI M , JAVED Y . Open source Web application security:a static analysis approach [C ] // IEEE International Conference on Engineering ＆ MIS (ICEMIS) . 2016 : 1 - 5 .

KIM M Y , LEE D H . Data-mining based SQL injection attack detection using internal query trees [J ] . Expert Systems with Applications , 2014 , 41 ( 11 ): 5416 - 5430 .

JANG Y S , CHOI J Y . Detecting SQL injection attacks using query result size [J ] . Computers ＆ Security , 2014 , 44 ( 2 ): 104 - 118 .

KAR D , PANIGRAHI S , SUNDARARAJAN S . SQLiGoT:detecting SQL injection attacks using graph of tokens and SVM [J ] . Computers＆ Security , 2016 , 60 ( 3 ): 206 - 225 .

KIEZUN A , GUO P J , JAYARAMAN K , et al . Automatic creation of SQL Injection and cross-site scripting attacks [C ] // 31st IEEE International Conference on Software Engineering . 2009 : 199 - 209 .

HUANG H C , ZHANG Z K , CHENG H W , et al . Web application security:threats,counter measures,and pitfalls [J ] . IEEE Computer , 2017 , 50 ( 6 ): 81 - 85 .

DAHSE J , HOLZ T . Static detection of second-order vulnerabilities in Web applications [C ] // 23rd USENIX conference on Security Symposium (USENIX) . 2014 : 989 - 1003 .

YAN L , LI X H , FENG R T , et al . Detection method of the second-order SQL injection in Web applications [J ] . Lecture Notes in Computer Science , 2014 , 8332 ( 1 ): 154 - 165 .

MARBACK A , DO H , HE K , et al . A threat model-based approach to security testing [J ] . Software-Practice ＆ Experience , 2013 , 43 ( 2 ): 241 - 258 .

XIONG P L . A model-driven penetration test framework for Web applications [D ] . University of Ottawa , 2012 .

KAUR N , KAUR P . Modeling a SQL injection attack [C ] // 3rd IEEE International Conference on Computing for Sustainable Global Development (INDIACom) . 2016 : 77 - 82 .

BYERS D , SHAHMEHRI N . Unified modeling of attacks,vulnerabilities [C ] // ICSE Workshop on Software Engineering for Secure Systems (SESS) . 2010 : 36 - 42 .

田伟 , 许静 , 杨巨峰 , 等 . 模型驱动的Web应用SQL注入渗透测试 [J ] . 高技术通讯 , 2012 , 22 ( 11 ): 1161 - 1168 .

TIAN W , XU J , YANG J F , et al . Model-driven penetration test of the SQL injection in Web applications [J ] . Chinese High Technology Letters , 2012 , 22 ( 11 ): 1161 - 1168 .

VIBHANDIK R , BOSE A K . Vulnerability assessment of Web applications - a testing approach [C ] // 4th IEEE International Conference on e-Technologies and Networks for Development (ICeND) . 2015 : 1 - 6 .

LIBAN A , HILLES S M . Enhancing MySQL injector vulnerability checker tool (mysql injector) using inference binary search algorithm for blind timing-based attack [C ] // IEEE 5th Control and System Graduate Research Colloquium . 2014 : 47 - 52 .

DABAS A , SHARMA A K . Understanding advanced blind SQLI attack [J ] . International Journal of Engineering Research and General Science , 2015 , 3 ( 3 ): 1548 - 1552 .

HALFOND W , VIEGAS J , ORSO A . A Classification of SQLinjection attacks and countermeasures [C ] // International Symposium on Secure Software Engineering (ISSSE) . 2006 : 12 - 23 .

ANTUNES N , VIEIRA M . Defending against Web application vulnerabilities [J ] . IEEE Computer , 2012 , 45 ( 2 ): 66 - 72 .

浏览量

833

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于滤波原理的时间序列差分隐私保护强度评估

面向网络环境的SQL注入行为检测方法

差分隐私保护参数ε的选取研究