Abstract: This paper studies the code injection vulnerabilities of Web application, modifies and expands the definition of this kind of vulnerabilities with summarizing and analyzing the features of them, and transforms the causes of vulnerabilities into two kinds of coding errors to present a new test method based on testing the two kinds of coding errors. Experimental result shows that the test method can test all the code injection vulnerabilities of Web application effectively with less test workload.

Key words: Web application, code injection, vulnerability test

摘要： 研究Web应用中的代码注入漏洞，总结分析该类漏洞的特征，修正并扩展其定义，把漏洞的产生原因归纳为2类编码错误。提出一套通过识别2类编码错误发现Web应用中代码注入漏洞的测试方法。实验结果证明，该方法可减少测试工作量，能全面有效地测试Web应用中的代码注入漏洞和潜在的风险点。

关键词: Web应用, 代码注入, 漏洞测试

CLC Number: 

• TP309