TPSQLi: Test Prioritization for SQL Injection Vulnerability Detection in Web Applications

被引:0
|
作者
Yang, Guan-Yan [1 ]
Wang, Farn [1 ]
Gu, You-Zong [1 ,2 ]
Teng, Ya-Wen [1 ]
Yeh, Kuo-Hui [3 ,4 ]
Ho, Ping-Hsueh [1 ]
Wen, Wei-Ling [1 ]
机构
[1] Natl Taiwan Univ, Dept Elect Engn, Taipei 106319, Taiwan
[2] CyberLink Corp, New Taipei 231023, Taiwan
[3] Natl Yang Ming Chiao Tung Univ, Inst Artificial Intelligence Innovat, Hsinchu 300093, Taiwan
[4] Natl Dong Hwa Univ, Dept Informat Management, Hualien 974301, Taiwan
来源
APPLIED SCIENCES-BASEL | 2024年 / 14卷 / 18期
关键词
software testing; penetration testing; automatic testing; information security; SQL injection; testing priority;
D O I
10.3390/app14188365
中图分类号
O6 [化学];
学科分类号
0703 ;
摘要
The rapid proliferation of network applications has led to a significant increase in network attacks. According to the OWASP Top 10 Projects report released in 2021, injection attacks rank among the top three vulnerabilities in software projects. This growing threat landscape has increased the complexity and workload of software testing, necessitating advanced tools to support agile development cycles. This paper introduces a novel test prioritization method for SQL injection vulnerabilities to enhance testing efficiency. By leveraging previous test outcomes, our method adjusts defense strength vectors for subsequent tests, optimizing the testing workflow and tailoring defense mechanisms to specific software needs. This approach aims to improve the effectiveness and efficiency of vulnerability detection and mitigation through a flexible framework that incorporates dynamic adjustments and considers the temporal aspects of vulnerability exposure.
引用
收藏
页数:21
相关论文
共 50 条
  • [41] Semi-Automated Verification of Defense against SQL Injection in Web Applications
    Liu, Kaiping
    Tan, Hee Beng Kuan
    Shar, Lwin Khin
    2012 19TH ASIA-PACIFIC SOFTWARE ENGINEERING CONFERENCE (APSEC), VOL 1, 2012, : 91 - 96
  • [42] A Rejection-Based Approach for Detecting SQL Injection Vulnerabilities in Web Applications
    Saoudi, Lalia
    Adi, Kamel
    Boudraa, Younes
    FOUNDATIONS AND PRACTICE OF SECURITY, FPS 2019, 2020, 12056 : 379 - 386
  • [43] Fault-based testing for discovering SQL injection vulnerabilities in web applications
    Alsmadi I.
    AlEroud A.
    Saifan A.A.
    International Journal of Information and Computer Security, 2021, 16 (1-2): : 51 - 62
  • [44] SQL-injection vulnerability scanning tool for automatic creation of SQL-injection attacks
    Ali, Abdul Bashah Mat
    Shakhatreh, Ala' Yaseen Ibrahim
    Abdullah, Mohd Syazwan
    Alostad, Jasem
    WORLD CONFERENCE ON INFORMATION TECHNOLOGY (WCIT-2010), 2011, 3
  • [45] Intelligent Platform for Automating Vulnerability Detection in Web Applications
    Moreira, Diogo
    Seara, Joao Pedro
    Pavia, Joao Pedro
    Serrao, Carlos
    ELECTRONICS, 2025, 14 (01):
  • [46] Design and Implementation of SQL Injection Vulnerability Scanning Tool
    Zhao, Juanjuan
    Liu, Changhua
    5TH ANNUAL INTERNATIONAL CONFERENCE ON INFORMATION SYSTEM AND ARTIFICIAL INTELLIGENCE (ISAI2020), 2020, 1575
  • [47] Neutralizing SQL Injection Attack Using Server Side Code Modification in Web Applications
    Dalai, Asish Kumar
    Jena, Sanjay Kumar
    SECURITY AND COMMUNICATION NETWORKS, 2017,
  • [48] Evaluating the Effectiveness of Conventional Fixes for SQL Injection Vulnerability
    Joseph, Swathy
    Jevitha, K. P.
    PROCEEDINGS OF 3RD INTERNATIONAL CONFERENCE ON ADVANCED COMPUTING, NETWORKING AND INFORMATICS, ICACNI 2015, VOL 2, 2016, 44 : 417 - 426
  • [49] Protecting Web Applications from SQL Injection Attacks by using Framework and Database Firewall
    Manikanta, Yakkala V. Naga
    Sardana, Anjali
    PROCEEDINGS OF THE 2012 INTERNATIONAL CONFERENCE ON ADVANCES IN COMPUTING, COMMUNICATIONS AND INFORMATICS (ICACCI'12), 2012, : 609 - 613
  • [50] SQL Injection Defense Mechanisms for IIS plus ASP plus MSSQL Web Applications
    Wu Beihua
    CHINA COMMUNICATIONS, 2010, 7 (06) : 145 - 147
12345