DocumentCode :
1734775
Title :
Test SQL injection vulnerabilities in web applications based on structure matching
Author :
Wu, Haiyan ; Gao, Guozhu ; Miao, Chunyu
Author_Institution :
Comput. & Inf. Center, Tsinghua Univ., Beijing, China
Volume :
2
fYear :
2011
Firstpage :
935
Lastpage :
938
Abstract :
SQL injection, known as a popular attack against web applications, has become a serious security risk. However, traditional penetration test methods are insufficient to test SQL injection vulnerabilities (SQLIVs) in web applications. This paper presents a new test method called SMART, which automatically tests SQLIVs in web applications. SMART analyzes the SQL queries generated by web applications and uses a structure matching validation mechanism to determine whether SQLIVs exist. Comprehensive experiments show that SMART is effective in finding SQLIVs. Testing the web applications with SMART, the security against SQL injection can be greatly improved.
Keywords :
Internet; SQL; security of data; Web applications; penetration test method; security risk; structure matching validation mechanism; test SQL injection vulnerability; Portals; SQL injection; network security; web application;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computer Science and Network Technology (ICCSNT), 2011 International Conference on
Conference_Location :
Harbin
Print_ISBN :
978-1-4577-1586-0
Type :
conf
DOI :
10.1109/ICCSNT.2011.6182115
Filename :
6182115
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=1734775
بازگشت