A Java Source-code SQL Injection Attack Detection Algorithm Based on Static Analysis

This paper researches the method of SQL injection attack detection and the principle of static analysis scanning, and presents a Java source-code SQL injection attack detection algorithm. The detection algorithm includes these steps: lexical analysis of source code, parsing of source code, constructing abstract syntax tree of source code, defining rules, abstract syntax tree traversal, tracking problems, detecting possible paths of SQL injection attack etc. Test results show the proposed detection algorithm in this paper performs perfectly and has higher recognition rate. Keywordsstatic analysis; SQL injection attack; abstract syntax tree.