Advertisement

Design and Implementation of an Automatic Scanning Tool of SQL Injection Vulnerability Based on Web Crawler

  • Xiaochun LeiEmail author
  • Jiashi Qu
  • Gang Yao
  • Junyan Chen
  • Xin Shen
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 895)

Abstract

An automatic detection tool for SQL injection vulnerability based on web crawler is designed and implemented. By studying the characteristics of various web application vulnerabilities, the causes and detection methods of SQL injection vulnerabilities are analyzed in detail. In addition, functions such as URL (Uniform Resource Locator) optimization and similarity determination are added to each module’s characteristics, so that the vulnerabilities can be scanned more accurately and quickly. The tool can automatically explore the target based on web crawler framework. After testing, it is proved that the scanning tool can effectively detect potential SQL injection security vulnerabilities in a website.

Keywords

Web crawler SQL injection Automatic scanning 

Notes

Acknowledgment

This work is supported by Guangxi Colleges and Universities Key Laboratory of cloud computing and complex systems (Nos. 14103,15208) Guangxi Colleges and Universities Key Laboratory of cloud computing and complex systems (No. YD16303), Guangxi Key Lab of Trusted Software(No. kx201320), Guangxi Colleges and Universities Key Laboratory of Intelligent Processing of Computer Images and Graphics (No. GIIP201509).

References

  1. 1.
    Anley, C.: Advanced SQL injection in SQL server applications. An Ngs software Insight Security Research Publication (2002)Google Scholar
  2. 2.
    Zhou, L.Z., Lin, L.: Survey on the research of focused crawling technique. Comput. Appl. 09, 1965–1969 (2005)Google Scholar
  3. 3.
    Jun, M.: Research on application of Information collection engine based on regular expression technology. University of Electronic Science and Technology of China (2006)Google Scholar
  4. 4.
    Pan, H., Hai-hong, E., Song, M.: The bloom filter applies in data deduplication. Software 36(12), 166–170 (2015)Google Scholar
  5. 5.
    Huang, E.B.: A method for URL duplicate removal based on bloom Filter. Mod. Comput. 14, 7–10 (2013)Google Scholar
  6. 6.
    Gol, D., Shah, N.: Detection of web application vulnerability based on RUP model. In: Recent Advances in Electronics & Computer Engineering, pp. 96–100. IEEE (2016)Google Scholar
  7. 7.
    Yan, L., Ding, B., Yao, Z., et al.: Design and optimisation of md5 duplicate elimination tree-based network crawler. Comput. Appl. Softw. 2, 325–329 (2015)Google Scholar
  8. 8.
    Mcwhirter, P.R., Kifayat, K., Shi, Q., et al.: SQL Injection Attack classification through the feature extraction of SQL query strings using a Gap-Weighted String Subsequence Kernel. J. Inf. Secur. Appl. 40, 199–216 (2018)Google Scholar
  9. 9.
    Qiuhong, P., Zhanqi, C., Linzhang, W.: Static detection approach for SQL injection vulnerability in android applications. J. Front. Comput. Sci. Technol. (2018)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Xiaochun Lei
    • 1
    Email author
  • Jiashi Qu
    • 2
  • Gang Yao
    • 3
  • Junyan Chen
    • 4
  • Xin Shen
    • 5
  1. 1.School of Computer Science and Information SecurityGuilin University of Electronic TechnologyGuilin GuangxiChina
  2. 2.Guangxi Cooperative Innovation Center of Cloud Computing and Big DataGuilin University of Electronic TechnologyGuilin GuangxiChina
  3. 3.Guangxi Colleges and Universities Key Laboratory of Cloud Computing and Complex SystemsGuilin University of Electronic TechnologyGuilin GuangxiChina
  4. 4.Guangxi Colleges and Universities Key Laboratory of Intelligent Processing of Computer Images and GraphicsGuilin University of Electronic TechnologyGuilin GuangxiChina
  5. 5.Guangxi Key Lab of Trusted SoftwareGuilin University of Electronic TechnologyGuilin GuangxiChina

Personalised recommendations