Abstract
An automatic detection tool for SQL injection vulnerability based on web crawler is designed and implemented. By studying the characteristics of various web application vulnerabilities, the causes and detection methods of SQL injection vulnerabilities are analyzed in detail. In addition, functions such as URL (Uniform Resource Locator) optimization and similarity determination are added to each module’s characteristics, so that the vulnerabilities can be scanned more accurately and quickly. The tool can automatically explore the target based on web crawler framework. After testing, it is proved that the scanning tool can effectively detect potential SQL injection security vulnerabilities in a website.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Anley, C.: Advanced SQL injection in SQL server applications. An Ngs software Insight Security Research Publication (2002)
Zhou, L.Z., Lin, L.: Survey on the research of focused crawling technique. Comput. Appl. 09, 1965–1969 (2005)
Jun, M.: Research on application of Information collection engine based on regular expression technology. University of Electronic Science and Technology of China (2006)
Pan, H., Hai-hong, E., Song, M.: The bloom filter applies in data deduplication. Software 36(12), 166–170 (2015)
Huang, E.B.: A method for URL duplicate removal based on bloom Filter. Mod. Comput. 14, 7–10 (2013)
Gol, D., Shah, N.: Detection of web application vulnerability based on RUP model. In: Recent Advances in Electronics & Computer Engineering, pp. 96–100. IEEE (2016)
Yan, L., Ding, B., Yao, Z., et al.: Design and optimisation of md5 duplicate elimination tree-based network crawler. Comput. Appl. Softw. 2, 325–329 (2015)
Mcwhirter, P.R., Kifayat, K., Shi, Q., et al.: SQL Injection Attack classification through the feature extraction of SQL query strings using a Gap-Weighted String Subsequence Kernel. J. Inf. Secur. Appl. 40, 199–216 (2018)
Qiuhong, P., Zhanqi, C., Linzhang, W.: Static detection approach for SQL injection vulnerability in android applications. J. Front. Comput. Sci. Technol. (2018)
Acknowledgment
This work is supported by Guangxi Colleges and Universities Key Laboratory of cloud computing and complex systems (Nos. 14103,15208) Guangxi Colleges and Universities Key Laboratory of cloud computing and complex systems (No. YD16303), Guangxi Key Lab of Trusted Software(No. kx201320), Guangxi Colleges and Universities Key Laboratory of Intelligent Processing of Computer Images and Graphics (No. GIIP201509).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Lei, X., Qu, J., Yao, G., Chen, J., Shen, X. (2020). Design and Implementation of an Automatic Scanning Tool of SQL Injection Vulnerability Based on Web Crawler. In: Yang, CN., Peng, SL., Jain, L. (eds) Security with Intelligent Computing and Big-data Services. SICBS 2018. Advances in Intelligent Systems and Computing, vol 895. Springer, Cham. https://doi.org/10.1007/978-3-030-16946-6_38
Download citation
DOI: https://doi.org/10.1007/978-3-030-16946-6_38
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-16945-9
Online ISBN: 978-3-030-16946-6
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)