摘要： 针对传统SQL注入漏洞检测方法准确率不高的问题，提出一种基于网页文档对象模型(DOM)树比对结果的检测方法。通过简化基于节点序列的网页比对方法，减少节点比对次数，加快检测效率，并设计实现一个SQL注入漏洞检测原型系统。实验结果表明，该系统具有较高的SQL注入漏洞检测效率和准确率。

关键词: 网页比对, SQL注入, 注入漏洞检测, 文档对象模型树, DOM树快速比对

Abstract: Aiming at the problem that traditional SQL injection vulnerability detection results have low accurateness, this paper presents a detection method based on the comparison results of the Webpage’s Document Object Model(DOM) tree. By simplifying the Web comparison algorithm based on node sequences, it reduces the number of node compare times, and accelerates the detection. A corresponding SQL injection vulnerability detection prototype system is designed and implied. Experimental results indicate that the system has high detection efficiency and accurateness.

Key words: Webpage comparison, SQL injection, injection vulnerability detection, Document Object Model(DOM) tree, fast DOM tree comparison

中图分类号: 

• TP391