关键词: 漏洞检测, 结构化查询语言(SQL), SQL注入, 分级, 模糊测试, 等价类划分

Abstract: On the basis of an in-depth analysis of characteristics of SQL (structured query language) injection attacks and defense mechanisms related to SQL injection vulnerability, this paper grades the SQL injection vulner¬ability according to the level of defense degree, and takes the vulnerability grading as the basis for the equivalence par-titioning of SQL injection fuzz testing case. After the optimized choice of SQL injection parameters, it detects the SQL injection vulnerabilities of target Web system initiatively and effectively by imitating hacker attacks, which makes the detection more target-oriented. The equivalence partition of SQL injection parameters ensures the com-pleteness and no redundancy of fuzz testing.

Key words: vulnerability detection, structured query language (SQL), SQL injection, grading, fuzz testing, equivalence partitioning