Structured query language injection penetration test case generation based on formal description

被引:0
|
作者
Han, Ming [1 ]
Miao, Chang-Yun [2 ]
机构
[1] School of Mechanical Engineering, Tianjin Polytechnic University, Tianjin, China
[2] School of Electronics and Information Engineering, Tianjin Polytechnic University, Tianjin, China
来源
Journal of Donghua University (English Edition) | 2015年 / 32卷 / 03期
关键词
Application programs;
D O I
暂无
中图分类号
学科分类号
摘要
Aiming to improve the Structured Query Language (SQL) injection penetration test accuracy through the formalism-guided test case generation, an attack purpose based attack tree model of SQL injection is proposed, and then under the guidance of this model, the formal descriptions for the SQL injection vulnerability feature and SQL injection attack inputs are established. Moreover, according to new coverage criteria, these models are instantiated and the executable test cases are generated. Experiments show that compared with the random enumerated test case used in other works, the test case generated by our method can detect the SQL injection vulnerability more effectively. Therefore, the false negative is reduced and the test accuracy is improved. Copyright © 2015 by Editorial Board of Journal of Donghua University, Shanghai China.
引用
收藏
页码:446 / 452
相关论文
共 50 条
  • [1] Structured Query Language Injection Penetration Test Case Generation Based on Formal Description
    韩明
    苗长云
    JournalofDonghuaUniversity(EnglishEdition), 2015, 32 (03) : 446 - 452
  • [2] A formal description of XML tree pattern query for XQuery language
    Liao, Husheng
    Li, Xiaoqing
    Su, Hang
    International Journal of Database Theory and Application, 2014, 7 (05): : 171 - 186
  • [3] Automated test generation from specifications based on formal description techniques
    Chin, BM
    Choe, YH
    Kim, SU
    Jung, JI
    ETRI JOURNAL, 1997, 19 (04) : 363 - 388
  • [4] Improved test sequences generation method based on formal description technique
    Zhang, Lidong
    Liu, Jiren
    Li, Hualian
    Ruan Jian Xue Bao/Journal of Software, 1995, 6 (03):
  • [5] Generation of Formal Requirements from Structured Natural Language
    Giannakopoulou, Dimitra
    Pressburger, Thomas
    Mavridou, Anastasia
    Schumann, Johann
    REQUIREMENTS ENGINEERING: FOUNDATION FOR SOFTWARE QUALITY (REFSQ 2020), 2020, 12045 : 19 - 35
  • [6] DialSQL: Dialogue Based Structured Query Generation
    Gur, Izzeddin
    Yavuz, Semih
    Su, Yu
    Yan, Xifeng
    PROCEEDINGS OF THE 56TH ANNUAL MEETING OF THE ASSOCIATION FOR COMPUTATIONAL LINGUISTICS (ACL), VOL 1, 2018, : 1339 - 1349
  • [7] Automatic interoperability test case generation based on formal definitions
    Desmoulin, Alexandra
    Viho, Cesar
    FORMAL METHODS FOR INDUSTRIAL CRITICAL SYSTEMS, 2008, 4916 : 234 - 250
  • [8] Research on test case description language
    Yu, Xiang
    Wang, Hongman
    Yang, Fangchun
    2021 IEEE INTERNATIONAL CONFERENCE ON CONSUMER ELECTRONICS AND COMPUTER ENGINEERING (ICCECE), 2021, : 27 - 31
  • [9] Reducing Structured Query Language Injection Vulnerabilities Through Functional Programming Principles
    Piscatello, Michael
    SOUTHEASTCON 2023, 2023, : 425 - 432
  • [10] A formal basis for an abbreviated concept-based query language
    Owei, V
    Navathe, S
    DATA & KNOWLEDGE ENGINEERING, 2001, 36 (02) : 109 - 151
12345