Abstract: On the basis of an in-depth analysis of characteristics of SQL (structured query language) injection attacks and defense mechanisms related to SQL injection vulnerability, this paper grades the SQL injection vulner¬ability according to the level of defense degree, and takes the vulnerability grading as the basis for the equivalence par-titioning of SQL injection fuzz testing case. After the optimized choice of SQL injection parameters, it detects the SQL injection vulnerabilities of target Web system initiatively and effectively by imitating hacker attacks, which makes the detection more target-oriented. The equivalence partition of SQL injection parameters ensures the com-pleteness and no redundancy of fuzz testing.

Key words: vulnerability detection, structured query language (SQL), SQL injection, grading, fuzz testing, equivalence partitioning

摘要： 在深入分析SQL(structured query language)注入攻击特点、攻击方式及SQL注入漏洞相关防御机制的基础上, 依据防御度的高低对SQL注入漏洞进行分级。将漏洞分级作为SQL注入模糊测试用例等价类划分的依据, 对SQL注入参数进行优化选择后, 模拟黑客攻击的方式主动地、有针对性地进行检测。SQL注入参数的等价类划分保证了模糊测试过程的完备性和无冗余性。

关键词: 漏洞检测, 结构化查询语言(SQL), SQL注入, 分级, 模糊测试, 等价类划分