Test SQL Injection Vulnerabilities in Web Applications Based on Structure Matching

被引:0
|
作者
Wu, Haiyan [1 ]
Gao, Guozhu [1 ]
Miao, Chunyu [1 ]
机构
[1] Tsinghua Univ, Comp & Informat Ctr, Beijing 100084, Peoples R China
来源
2011 INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND NETWORK TECHNOLOGY (ICCSNT), VOLS 1-4 | 2012年
关键词
SQL injection; web application; network security;
D O I
暂无
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
SQL injection, known as a popular attack against web applications, has become a serious security risk. However, traditional penetration test methods are insufficient to test SQL injection vulnerabilities (SQLIVs) in web applications. This paper presents a new test method called SMART, which automatically tests SQLIVs in web applications. SMART analyzes the SQL queries generated by web applications and uses a structure matching validation mechanism to determine whether SQLIVs exist. Comprehensive experiments show that SMART is effective in finding SQLIVs. Testing the web applications with SMART, the security against SQL injection can be greatly improved.
引用
收藏
页码:935 / 938
页数:4
相关论文
共 50 条
  • [21] A Search-based Testing Approach for XML Injection Vulnerabilities in Web Applications
    Jan, Sadeeq
    Nguyen, Cu D.
    Arcuri, Andrea
    Briand, Lionel
    2017 10TH IEEE INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION AND VALIDATION (ICST), 2017, : 356 - 366
  • [22] SQL Injection Detection for Web Applications Based on Elastic-Pooling CNN
    Xie, Xin
    Ren, Chunhui
    Fu, Yusheng
    Xu, Jie
    Guo, Jinhong
    IEEE ACCESS, 2019, 7 : 151475 - 151481
  • [23] Mutation Based SQL Injection Test Cases Generation for the Web Based Application Vulnerability Testing
    Ilies, Benikhlef
    Wang Chenghong
    Sangirov, Gulomjon
    Proceedings of the 2nd International Conference on Electronics, Network and Computer Engineering (ICENCE 2016), 2016, 67 : 546 - 551
  • [24] JCOMIX: A Search-Based Tool to Detect XML Injection Vulnerabilities in Web Applications
    Stallenberg, Dimitri Michel
    Panichella, Annibale
    ESEC/FSE'2019: PROCEEDINGS OF THE 2019 27TH ACM JOINT MEETING ON EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING, 2019, : 1090 - 1094
  • [25] Source Code Patterns of SQL Injection Vulnerabilities
    Schuckert, Felix
    Katt, Basel
    Langweg, Hanno
    PROCEEDINGS OF THE 12TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY (ARES 2017), 2017,
  • [26] An Improved Approach for SQL Injection Vulnerabilities Detection
    Zhang, Zongzhi
    Wen, Qiaoyan
    Zhang, Zhao
    INFORMATION TECHNOLOGY APPLICATIONS IN INDUSTRY, PTS 1-4, 2013, 263-266 : 3017 - 3020
  • [27] Fragmented Query parse tree based SQL Injection Detection System for Web Applications
    Priyaa, B. Deva
    Devi, M. Indra
    2016 INTERNATIONAL CONFERENCE ON COMPUTING TECHNOLOGIES AND INTELLIGENT DATA ENGINEERING (ICCTIDE'16), 2016,
  • [28] A Mutation Approach of Detecting SQL Injection Vulnerabilities
    Huang, Yanyu
    Fu, Chuan
    Chen, Xuan
    Guo, Hao
    He, Xiaoyu
    Li, Jin
    Liu, Zheli
    CLOUD COMPUTING AND SECURITY, PT II, 2017, 10603 : 175 - 188
  • [29] Predicting Web Vulnerabilities in Web Applications Based on Machine Learning
    Khalid, Muhammad Noman
    Farooq, Humera
    Iqbal, Muhammad
    Alam, Muhammad Talha
    Rasheed, Kamran
    INTELLIGENT TECHNOLOGIES AND APPLICATIONS, INTAP 2018, 2019, 932 : 473 - 484
  • [30] SQLIFIX: Learning Based Approach to Fix SQL Injection Vulnerabilities in Source Code
    Siddiq, Mohammed Latif
    Jahin, Md Rezwanur Rahman
    Ul Islam, Mohammad Rafid
    Shahriyar, Rifat
    Iqbal, Anindya
    2021 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE ANALYSIS, EVOLUTION AND REENGINEERING (SANER 2021), 2021, : 354 - 364
12345