Reference : Black-box SQL Injection Testing
Reports : Other
Engineering, computing & technology : Computer science
http://hdl.handle.net/10993/15121
Black-box SQL Injection Testing
English
Appelt, Dennis mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Alshahwan, Nadia mailto [University College London > Department of Computer Science]
Nguyen, Duy Cu mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Briand, Lionel mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > > ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)]
28-Jan-2014
978-2-87971-121-8
TR-SnT-2014-1
[en] Mutation Testing ; Security Testing ; Test Generation
[en] Web services are increasingly adopted in various domains, from finance and e-government to social media. As they are built on top of the web technologies, they suffer also an unprecedented amount of attacks and exploitations like the Web. Among the attacks, those that target SQL injection vulnerabilities have consistently been top-ranked for the last years. Testing to detect such vulnerabilities before making web services public is crucial. We present in this report an automated testing approach, namely μ4SQLi, and its underpinning set of mutation operators. μ4SQLi can produce effective inputs that lead to executable and harmful SQL statements. Executability is key as otherwise no injection vulnerability can be exploited. Our evaluation demonstrated that the approach outperforms contemporary known attacks in terms of vulnerability detection and the ability to get through an application firewall, which is a popular configuration in real world.
Interdisciplinary Centre for Security, Reliability and Trust
Fonds National de la Recherche - FnR
Researchers ; Professionals ; Students
http://hdl.handle.net/10993/15121

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
TR-SnT-2014-1.pdfPublisher postprint478.85 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.