Reference : Assessing the Impact of Firewalls and Database Proxies on SQL Injection Testing
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
http://hdl.handle.net/10993/9617
Assessing the Impact of Firewalls and Database Proxies on SQL Injection Testing
English
Appelt, Dennis mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Alshahwan, Nadia mailto [University College London - UCL > Department of Computer Science]
Briand, Lionel mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > > ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)]
2013
Springer LNCS series
Yes
International
1st International Workshop on Future Internet Testing
12-11-2013
Istanbul
Turkey
[en] SQL injection ; blackbox testing ; web service
[en] This paper examines the effects and potential benefits of utilising Web Application Firewalls (WAFs) and database proxies in SQL injection testing of web applications and services. We propose testing the WAF itself to refine and evaluate its security rules and prioritise fixing vulnerabilities that are not protected by the WAF. We also propose using database proxies as oracles for black-box security testing instead of relying only on the output of the application under test. The paper also presents a case study of our proposed approaches on two sets of web services. The results indicate that testing through WAFs can be used to prioritise vulnerabilities and that an oracle that uses a database proxy finds more vulnerabilities with fewer tries than an oracle that relies only on the output of the application.
Interdisciplinary Centre for Security, Reliability and Trust
Fonds National de la Recherche - FnR
http://hdl.handle.net/10993/9617

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Limited access
dennisappelt-fittest2013.pdfAuthor postprint498.95 kBRequest a copy

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.