| Web应用程序中SQL注入攻防策略的研究 |
| |
| 引用本文: | 王希忠,黄俊强,周长利,方舟. Web应用程序中SQL注入攻防策略的研究[J]. 信息安全与技术, 2011, 0(9): 56-61,64 |
| |
| 作者姓名: | 王希忠 黄俊强 周长利 方舟 |
| |
| 作者单位: | [1]黑龙江省电子信息产品监督检验院,黑龙江哈尔滨150090 [2]哈尔滨工程大学计算机科学与技术学院,黑龙江哈尔滨150001 |
| |
| 基金项目: | 国家自然科学基金可信软件重大研究计划(90718003);国家自然科学基金(61073042); 北京邮电大学网络与交换技术国家重点实验室开放课题(SKLNST-2009-1-10) |
| |
| 摘 要: | 当前全球进入网络信息一体化时代,网络信息安全问题应运而生。从列举日趋高发的SQL注入攻击事件入手,阐述了SQL注入攻击概念、特点,然后通过一个实例讲解了攻击的一般过程,最后按照从程序开发到应用这个顺序,提出了We b应用程序防御SQL注入攻击的全过程安全策略。
|
| 关 键 词: | Web应用程序 SQL注入攻击 防范策略 信息安全 |
The Attack and Defense Strategy of SQL Injection in Web Applications |
| |
| Wang Xi-zhong Huang Jun-qiang Zhou Chang-li Fang Zhou. The Attack and Defense Strategy of SQL Injection in Web Applications[J]. Information Security and Technology, 2011, 0(9): 56-61,64 |
| |
| Authors: | Wang Xi-zhong Huang Jun-qiang Zhou Chang-li Fang Zhou |
| |
| Affiliation: | Wang Xi-zhong Huang Jun-qiang Zhou Chang-li Fang Zhou(1.HLJ Province Electronic & Information Products Supervision Inspection Institute Harbin 150090;2.College of Computer Science and Technology of Harbin Engineering University Harbin 150001) |
| |
| Abstract: | Currently the world gets into the information era,the network information security problems arise at the historic moment.This paper began with the worsening instances of SQL injection attack,we explained the principle and characteristics of SQL injection,then expounded the process of attack through an example.Finally,a defensive method for SQL injection called whole process security policy had been proposed for web sites |
| |
| Keywords: | web applications SQL injection defense strategy information security |
| 本文献已被 CNKI 维普 等数据库收录! |
