测试SQL注入的工具:通过精度选择还是向量覆盖率选择?
为了回答这个问题,我们使用了sectoolmarket.com网站提供的标准测试结果,我们先假设候选的扫描程序的测试精度和向量覆盖率有相同的重要
性。我们将GET。POST,HTTP Cookie和HTTP
Headers作为应该被支持的输入向量。当所有的参数都被支持时,这个扫描器的覆盖范围的比率为100%(4/4)。
我们建议使用下面的算术方程式,也就是说对于漏洞扫描器的得分求一个平均值。
然后从得到的检测准确率的百分比中,我们列出前14名的扫描器:
| Rank | Vulnerability Scanner | Vendor | Detection Rate | Input Vector Coverage | Average Score |
| 1 | Arachni | Tasos Laskos | 100.00% | 100% | 100.00% |
| 2 | Sqlmap | sqlmap developers | 97.06% | 100% | 98,53% |
| 3 | IBM AppScan | IBM Security Sys Division | 93.38% | 100% | 96,69% |
| 4 | Acunetix WVS | Acunetix | 89.71% | 100% | 94,85% |
| 5 | NTOSpider | NT OBJECTives | 85.29% | 100% | 92,64% |
| 6 | Nessus | Tenable Network Security | 82.35% | 100% | 91,17% |
| 7 | WebInspect | HP Apps Security Center | 75.74% | 100% | 87,87% |
| 8 | Burp Suite Pro | PortSwigger | 72.06% | 100% | 86,03% |
| 9 | Cenzic Pro | Cenzic | 63.24% | 100% | 81,62% |
| 10 | SkipFish | Michal Zalewski – Google | 50.74% | 100% | 75,37% |
| 11 | Wapiti | OWASP | 100.00% | 50% | 75.00% |
| 12 | Netsparker | Mavituna Security | 98.00% | 50% | 74.00% |
| 13 | Paros Pro | MileSCAN Technologies | 93.38% | 50% | 71,69% |
| 14 | ZAP | OWASP | 77,21% | 50% | 63,60% |
我们可以通过对扫描器的扫描漏洞的精度和向量覆盖率取到的平均值,做出下面一个图表。
下表来源:https://msdn.microsoft.com/en-us/library/ms161953%28SQL.105%29.aspx
When you can, reject input that contains the following characters.
|
Input character |
Meaning in Transact-SQL |
|---|---|
|
; |
Query delimiter. |
|
' |
Character data string delimiter. |
|
-- |
Comment delimiter. |
|
/* ... */ |
Comment delimiters. Text between /* and */ is not evaluated by the server. |
|
xp_ |
Used at the start of the name of catalog-extended stored procedures, such as xp_cmdshell. |