Paper published in a book (Scientific congresses, symposiums and conference proceedings)
Assessing the Impact of Firewalls and Database Proxies on SQL Injection Testing
APPELT, Dennis; ALSHAHWAN, Nadia; BRIAND, Lionel
2013In Springer LNCS series
Peer reviewed
 

Files


Full Text
dennisappelt-fittest2013.pdf
Author postprint (510.93 kB)
Request a copy

All documents in ORBilu are protected by a user license.

Send to



Details



Keywords :
SQL injection; blackbox testing; web service
Abstract :
[en] This paper examines the effects and potential benefits of utilising Web Application Firewalls (WAFs) and database proxies in SQL injection testing of web applications and services. We propose testing the WAF itself to refine and evaluate its security rules and prioritise fixing vulnerabilities that are not protected by the WAF. We also propose using database proxies as oracles for black-box security testing instead of relying only on the output of the application under test. The paper also presents a case study of our proposed approaches on two sets of web services. The results indicate that testing through WAFs can be used to prioritise vulnerabilities and that an oracle that uses a database proxy finds more vulnerabilities with fewer tries than an oracle that relies only on the output of the application.
Research center :
Interdisciplinary Centre for Security, Reliability and Trust
Disciplines :
Computer science
Author, co-author :
APPELT, Dennis ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
ALSHAHWAN, Nadia ;  University College London - UCL > Department of Computer Science
BRIAND, Lionel ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
External co-authors :
yes
Language :
English
Title :
Assessing the Impact of Firewalls and Database Proxies on SQL Injection Testing
Publication date :
2013
Event name :
1st International Workshop on Future Internet Testing
Event place :
Istanbul, Turkey
Event date :
12-11-2013
Audience :
International
Main work title :
Springer LNCS series
Peer reviewed :
Peer reviewed
Funders :
FNR - Fonds National de la Recherche
Available on ORBilu :
since 29 October 2013

Statistics


Number of views
327 (40 by Unilu)
Number of downloads
10 (8 by Unilu)

Scopus citations®
 
10
Scopus citations®
without self-citations
7

Bibliography


Similar publications



Contact ORBilu