With the rapid development of computer network technology, the human is more and more reliance on the ubiquitous network, and a series of network security problem that make people pay more attention on it. At present, the SQL injection attack has become one of the primary means of hacking by hackers. This paper introduces the principle of SQL injection, depth study on the cause of SQL injection and actual combat encounter common SQL injection attack, proposed a new SQL injection detection techniques and tools to achieve in practice on the basis of actual penetration testing, and provides strong technical support for future testing SQL injection attacks or provides powerful guarantee for the information system in the SQL injection defense.%随着计算机网络技术的飞速发展,人们对无处不在的网络依赖程度越来越高,随之而来的一系列网络安全问题也越来越受到人们的重视.目前,SQL注入攻击已成为了黑客攻击的主要手段之一.文章介绍了SQL注入原理,对产生SQL注入原因以及实战中遇到的常见SQL注入攻击方式进行了深入研究,并在实际渗透测试的实践基础上提出一种新的SQL注入检测技术及工具实现,为日后测试SQL注入攻击提供有力的技术支持,为信息系统在SQL注入防御方面提供有力保障.
展开▼
