Title :
Research on mock attack testing for SQL injection vulnerability in multi-defense level web applications
Author :
Tian, Wei ; Xu, Jing ; Lian, Kun-Mei ; Zhang, Ying ; Yang, Ju-feng
Author_Institution :
College of Information technical science, NanKai University, TianJin, China
Abstract :
The testing methods for hunting vulnerabilities in web applications can be mainly classified into two categories: white box testing and black box testing. This paper focuses on the research on black box testing for the SQL injection vulnerability. Through the combination of fuzzy test and mock attack testing, a new testing method for hunting SQL injection is proposed, in which the injection parameters can be divided into several sets of equivalence classes according to the defined multi-defense levels of testee web systems. By injecting the most representative parameters selected from each equivalence classes, the mock attack testing for hunting SQL injection can be very effective and low cost. Experimental result shows that this method can achieve desirable result for SQLI mock attack testing in real web applications.
Keywords :
Databases; Encoding; Information filters; Optimization; Security; Testing; Defense level; Equivalence partition; Fuzzy test; SQL injection; Security testing; Vulnerability;
Conference_Titel :
Information Science and Engineering (ICISE), 2010 2nd International Conference on
Conference_Location :
Hangzhou, China
Print_ISBN :
978-1-4244-7616-9
DOI :
10.1109/ICISE.2010.5689924
