As the web applications playing an increasingly important role in people’s daily life, web security is attaching more and more public attention. SQL injection is the most common type of web vulnerability in recent years, for an attacker can obtain user privacy information, or control the server by the SQL injection. The most timeless and effective method to detect SQL injection vulnerabilities is penetration testing. This paper focuses on how to generate the penetration testing use cases. First, we studied the law of SQL injection attacks according to the different outflow channels of data in the SQL injection, and then we establish the model of the SQL injection. On this basis, we proposed the model of SQL injection to guide the generation of the use cases in penetration testing. The results show that the SQL injection use cases that generated by our model are more systematically.