sql injection scans

测试SQL注入的工具:通过精度选择还是向量覆盖率选择?

为了回答这个问题,我们使用了sectoolmarket.com网站提供的标准测试结果,我们先假设候选的扫描程序的测试精度和向量覆盖率有相同的重要
性。我们将GET。POST,HTTP Cookie和HTTP
Headers作为应该被支持的输入向量。当所有的参数都被支持时,这个扫描器的覆盖范围的比率为100%(4/4)。

我们建议使用下面的算术方程式,也就是说对于漏洞扫描器的得分求一个平均值。

然后从得到的检测准确率的百分比中,我们列出前14名的扫描器:

Rank Vulnerability Scanner Vendor Detection Rate Input Vector Coverage Average Score
1 Arachni Tasos Laskos 100.00% 100% 100.00%
2 Sqlmap sqlmap developers 97.06% 100% 98,53%
3 IBM AppScan IBM Security Sys Division 93.38% 100% 96,69%
4 Acunetix WVS Acunetix 89.71% 100% 94,85%
5 NTOSpider NT OBJECTives 85.29% 100% 92,64%
6 Nessus Tenable Network Security 82.35% 100% 91,17%
7 WebInspect HP Apps Security Center 75.74% 100% 87,87%
8 Burp Suite Pro PortSwigger 72.06% 100% 86,03%
9 Cenzic Pro Cenzic 63.24% 100% 81,62%
10 SkipFish Michal Zalewski – Google 50.74% 100% 75,37%
11 Wapiti OWASP 100.00% 50% 75.00%
12 Netsparker Mavituna Security 98.00% 50% 74.00%
13 Paros Pro MileSCAN Technologies 93.38% 50% 71,69%
14 ZAP OWASP 77,21% 50% 63,60%

我们可以通过对扫描器的扫描漏洞的精度和向量覆盖率取到的平均值,做出下面一个图表。

点击查看原图

下表来源:https://msdn.microsoft.com/en-us/library/ms161953%28SQL.105%29.aspx

When you can, reject input that contains the following characters.

Input character

Meaning in Transact-SQL

;

Query delimiter.

'

Character data string delimiter.

--

Comment delimiter.

/* ... */

Comment delimiters. Text between /* and */ is not evaluated by the server.

xp_

Used at the start of the name of catalog-extended stored procedures, such as xp_cmdshell.

此条目发表在article分类目录。将固定链接加入收藏夹。