Injection Point Extraction Approach in SQL Injection Vulnerability under Web2.0 Environment

To solve the SQL injection vulnerability detection in website under Web2.0 environment,proposed an injection point extraction approach.According to the characteristics of Web2.0 websites,by analyzing HTML markup,parsing and executing web client script,this approach got comprehensive data entry points of the website.Depending on the type of data entry points and arguments,built test case and established the rule to determine injection points,thereby enhancing the SQL injection vulnerability detection.Experimental results showed that,after adding script analysis and data entry point extraction,the approach of SQL injection vulnerability detection under Web2.0 environment increased test coverage and reduced the rate of missing.This approach that used to detect SQL injection vulnerability in website which used traditional and Web2.0 technologies,had some applicability,could gain a more comprehensive test results.