Test SQL Injection Vulnerabilities in Web Applications Based on Structure Matching

被引:0
|
作者
Wu, Haiyan [1 ]
Gao, Guozhu [1 ]
Miao, Chunyu [1 ]
机构
[1] Tsinghua Univ, Comp & Informat Ctr, Beijing 100084, Peoples R China
来源
2011 INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND NETWORK TECHNOLOGY (ICCSNT), VOLS 1-4 | 2012年
关键词
SQL injection; web application; network security;
D O I
暂无
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
SQL injection, known as a popular attack against web applications, has become a serious security risk. However, traditional penetration test methods are insufficient to test SQL injection vulnerabilities (SQLIVs) in web applications. This paper presents a new test method called SMART, which automatically tests SQLIVs in web applications. SMART analyzes the SQL queries generated by web applications and uses a structure matching validation mechanism to determine whether SQLIVs exist. Comprehensive experiments show that SMART is effective in finding SQLIVs. Testing the web applications with SMART, the security against SQL injection can be greatly improved.
引用
收藏
页码:935 / 938
页数:4
相关论文
共 50 条
  • [1] Formal Analysis of Vulnerabilities of Web Applications Based on SQL Injection
    De Meo, Federico
    Rocchetto, Marco
    Vigano, Luca
    SECURITY AND TRUST MANAGEMENT, STM 2016, 2016, 9871 : 179 - 195
  • [2] Fault-based testing for discovering SQL injection vulnerabilities in web applications
    Alsmadi I.
    AlEroud A.
    Saifan A.A.
    International Journal of Information and Computer Security, 2021, 16 (1-2): : 51 - 62
  • [3] A Rejection-Based Approach for Detecting SQL Injection Vulnerabilities in Web Applications
    Saoudi, Lalia
    Adi, Kamel
    Boudraa, Younes
    FOUNDATIONS AND PRACTICE OF SECURITY, FPS 2019, 2020, 12056 : 379 - 386
  • [4] Analysis and Classification of SQL Injection Vulnerabilities and Attacks on Web Applications
    Sharma, Chandershekhar
    Jain, S. C.
    2014 INTERNATIONAL CONFERENCE ON ADVANCES IN ENGINEERING AND TECHNOLOGY RESEARCH (ICAETR), 2014,
  • [5] Security Testing of Web Applications: A Search-Based Approach for Detecting SQL Injection Vulnerabilities
    Liu, Muyang
    Li, Ke
    Chen, Tao
    PROCEEDINGS OF THE 2019 GENETIC AND EVOLUTIONARY COMPUTATION CONFERENCE COMPANION (GECCCO'19 COMPANION), 2019, : 417 - 418
  • [6] Detecting SQL Injection Vulnerabilities in Web Services
    Antunes, Nuno
    Vieira, Marco
    LADC: 2009 4TH LATIN-AMERICAN SYMPOSIUM ON DEPENDABLE COMPUTING, 2009, : 17 - 24
  • [7] Effective Detection of SQL/XPath Injection Vulnerabilities in Web Services
    Antunes, Nuno
    Laranjeiro, Nuno
    Vieira, Marco
    Madeira, Henrique
    2009 IEEE INTERNATIONAL CONFERENCE ON SERVICES COMPUTING, 2009, : 260 - 267
  • [8] TPSQLi: Test Prioritization for SQL Injection Vulnerability Detection in Web Applications
    Yang, Guan-Yan
    Wang, Farn
    Gu, You-Zong
    Teng, Ya-Wen
    Yeh, Kuo-Hui
    Ho, Ping-Hsueh
    Wen, Wei-Ling
    APPLIED SCIENCES-BASEL, 2024, 14 (18):
  • [9] Encountering SQL Injection in Web Applications
    Padma, Joshi N.
    Raju, M. B.
    Ravishankar, N.
    Ravi, N. Ch
    PROCEEDINGS OF THE 2ND INTERNATIONAL CONFERENCE ON COMPUTING METHODOLOGIES AND COMMUNICATION (ICCMC 2018), 2018, : 257 - 261
  • [10] How to Prevent SQL Injection Attack Based on Web Applications
    Zheng Haiyan
    Wu Weituan
    Zhang Ruili
    PROCEEDINGS OF THE 2015 INTERNATIONAL CONFERENCE ON INDUSTRIAL TECHNOLOGY AND MANAGEMENT SCIENCE (ITMS 2015), 2015, 34 : 854 - 857
12345