TPSQLi: Test Prioritization for SQL Injection Vulnerability Detection in Web Applications

被引：0

作者：

Yang, Guan-Yan ^{[1
]}

Wang, Farn ^{[1
]}

Gu, You-Zong ^{[1
,2
]}

Teng, Ya-Wen ^{[1
]}

Yeh, Kuo-Hui ^{[3
,4
]}

Ho, Ping-Hsueh ^{[1
]}

Wen, Wei-Ling ^{[1
]}

机构：

[1] Natl Taiwan Univ, Dept Elect Engn, Taipei 106319, Taiwan

[2] CyberLink Corp, New Taipei 231023, Taiwan

[3] Natl Yang Ming Chiao Tung Univ, Inst Artificial Intelligence Innovat, Hsinchu 300093, Taiwan

[4] Natl Dong Hwa Univ, Dept Informat Management, Hualien 974301, Taiwan

来源：

APPLIED SCIENCES-BASEL | 2024年 / 14卷 / 18期

关键词：

software testing; penetration testing; automatic testing; information security; SQL injection; testing priority;

D O I：

10.3390/app14188365

中图分类号：

O6 [化学];

学科分类号：

0703 ;

摘要：

The rapid proliferation of network applications has led to a significant increase in network attacks. According to the OWASP Top 10 Projects report released in 2021, injection attacks rank among the top three vulnerabilities in software projects. This growing threat landscape has increased the complexity and workload of software testing, necessitating advanced tools to support agile development cycles. This paper introduces a novel test prioritization method for SQL injection vulnerabilities to enhance testing efficiency. By leveraging previous test outcomes, our method adjusts defense strength vectors for subsequent tests, optimizing the testing workflow and tailoring defense mechanisms to specific software needs. This approach aims to improve the effectiveness and efficiency of vulnerability detection and mitigation through a flexible framework that incorporates dynamic adjustments and considers the temporal aspects of vulnerability exposure.

引用

页数：21

共 50 条

[1] Detection and Prevention of SQL Injection Attacks on Web Applications
Fouad, Yasser
Elshazly, Khaled
INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY, 2013, 13 (08): : 1 - 7
[2] Detection of SQL Injection Vulnerability in Embedded SQL
Jang, Young-Su
IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS, 2020, E103D (05): : 1173 - 1176
[3] SQL injection attack: Detection, prioritization & prevention
Paul, Alan
Sharma, Vishal
Olukoya, Oluwafemi
JOURNAL OF INFORMATION SECURITY AND APPLICATIONS, 2024, 85
[4] An approach for SQL injection vulnerability detection
Mei Junjin
PROCEEDINGS OF THE 2009 SIXTH INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY: NEW GENERATIONS, VOLS 1-3, 2009, : 1411 - 1414
[5] Test SQL Injection Vulnerabilities in Web Applications Based on Structure Matching
Wu, Haiyan
Gao, Guozhu
Miao, Chunyu
2011 INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND NETWORK TECHNOLOGY (ICCSNT), VOLS 1-4, 2012, : 935 - 938
[6] Encountering SQL Injection in Web Applications
Padma, Joshi N.
Raju, M. B.
Ravishankar, N.
Ravi, N. Ch
PROCEEDINGS OF THE 2ND INTERNATIONAL CONFERENCE ON COMPUTING METHODOLOGIES AND COMMUNICATION (ICCMC 2018), 2018, : 257 - 261
[7] Detection of SQL Injection and XSS Attacks in Three Tier Web Applications
Sonewar, Piyush A.
Thosar, Sonali D.
2016 INTERNATIONAL CONFERENCE ON COMPUTING COMMUNICATION CONTROL AND AUTOMATION (ICCUBEA), 2016,
[8] A Reusable SQL Injection Detection Method for Java']Java Web Applications
He, Chengwan
He, Yue
KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS, 2020, 14 (06) : 2576 - 2590
[9] Mutation Based SQL Injection Test Cases Generation for the Web Based Application Vulnerability Testing
Ilies, Benikhlef
Wang Chenghong
Sangirov, Gulomjon
Proceedings of the 2nd International Conference on Electronics, Network and Computer Engineering (ICENCE 2016), 2016, 67 : 546 - 551
[10] Prediction of SQL Injection Attacks in Web Applications
Arumugam, Chamundeswari
Dwarakanathan, Varsha Bhargavi
Gnanamary, S.
Neyveli, Vishalraj Natarajan
Ramesh, Rohit Kanakuppaliyalil
Kandhavel, Yeshwanthraa
Balakrishnan, Sadhanandhan
COMPUTATIONAL SCIENCE AND ITS APPLICATIONS, ICCSA 2019, PT IV, 2019, 11622 : 496 - 505

← 1 2 3 4 5 →