SQL (Structured Query Language) injection type vulnerability detection method and system oriented to Java Web application

The invention discloses an SQL (Structured Query Language) injection type vulnerability detection method and system for Java Web application, and relates to the field of computer network security. According to the method, the expert knowledge base is used for performing taint marking on the Source point and the Sink point, and program slicing, pruning and optimizing are performed on the function call graph, so that the efficiency of a static analysis technology based on the code attribute graph is improved while the detection type range of the Java Web SQL injection vulnerability is expanded, the method adapts to the change trend of the current Java Web SQL injection vulnerability, and the detection efficiency of the Java Web SQL injection vulnerability is improved. And the security and the reliability of the current Java Web application system can be improved. 本发明公开了一种面向Java Web应用的SQL注入型漏洞检测方法及系统，涉及计算机网络安全领域。本发明使用专家知识库对Source点和Sink点进行污点标记，对函数调用图进行程序切片剪枝优化，在扩大面向Java Web SQL注入漏洞检测类型范围的同时，也提高了基于代码属性图的静态分析技术的效率，