Design and Implementation of an Automatic Scanning Tool of SQL Injection Vulnerability Based on Web Crawler
An automatic detection tool for SQL injection vulnerability based on web crawler is designed and implemented. By studying the characteristics of various web application vulnerabilities, the causes and detection methods of SQL injection vulnerabilities are analyzed in detail. In addition, functions such as URL (Uniform Resource Locator) optimization and similarity determination are added to each module’s characteristics, so that the vulnerabilities can be scanned more accurately and quickly. The tool can automatically explore the target based on web crawler framework. After testing, it is proved that the scanning tool can effectively detect potential SQL injection security vulnerabilities in a website.
KeywordsWeb crawler SQL injection Automatic scanning
This work is supported by Guangxi Colleges and Universities Key Laboratory of cloud computing and complex systems (Nos. 14103,15208) Guangxi Colleges and Universities Key Laboratory of cloud computing and complex systems (No. YD16303), Guangxi Key Lab of Trusted Software(No. kx201320), Guangxi Colleges and Universities Key Laboratory of Intelligent Processing of Computer Images and Graphics (No. GIIP201509).
- 1.Anley, C.: Advanced SQL injection in SQL server applications. An Ngs software Insight Security Research Publication (2002)Google Scholar
- 2.Zhou, L.Z., Lin, L.: Survey on the research of focused crawling technique. Comput. Appl. 09, 1965–1969 (2005)Google Scholar
- 3.Jun, M.: Research on application of Information collection engine based on regular expression technology. University of Electronic Science and Technology of China (2006)Google Scholar
- 4.Pan, H., Hai-hong, E., Song, M.: The bloom filter applies in data deduplication. Software 36(12), 166–170 (2015)Google Scholar
- 5.Huang, E.B.: A method for URL duplicate removal based on bloom Filter. Mod. Comput. 14, 7–10 (2013)Google Scholar
- 6.Gol, D., Shah, N.: Detection of web application vulnerability based on RUP model. In: Recent Advances in Electronics & Computer Engineering, pp. 96–100. IEEE (2016)Google Scholar
- 7.Yan, L., Ding, B., Yao, Z., et al.: Design and optimisation of md5 duplicate elimination tree-based network crawler. Comput. Appl. Softw. 2, 325–329 (2015)Google Scholar
- 8.Mcwhirter, P.R., Kifayat, K., Shi, Q., et al.: SQL Injection Attack classification through the feature extraction of SQL query strings using a Gap-Weighted String Subsequence Kernel. J. Inf. Secur. Appl. 40, 199–216 (2018)Google Scholar
- 9.Qiuhong, P., Zhanqi, C., Linzhang, W.: Static detection approach for SQL injection vulnerability in android applications. J. Front. Comput. Sci. Technol. (2018)Google Scholar