• DocumentCode
    1734775
  • Title

    Test SQL injection vulnerabilities in web applications based on structure matching

  • Author

    Wu, Haiyan ; Gao, Guozhu ; Miao, Chunyu

  • Author_Institution
    Comput. & Inf. Center, Tsinghua Univ., Beijing, China
  • Volume
    2
  • fYear
    2011
  • Firstpage
    935
  • Lastpage
    938
  • Abstract
    SQL injection, known as a popular attack against web applications, has become a serious security risk. However, traditional penetration test methods are insufficient to test SQL injection vulnerabilities (SQLIVs) in web applications. This paper presents a new test method called SMART, which automatically tests SQLIVs in web applications. SMART analyzes the SQL queries generated by web applications and uses a structure matching validation mechanism to determine whether SQLIVs exist. Comprehensive experiments show that SMART is effective in finding SQLIVs. Testing the web applications with SMART, the security against SQL injection can be greatly improved.
  • Keywords
    Internet; SQL; security of data; Web applications; penetration test method; security risk; structure matching validation mechanism; test SQL injection vulnerability; Portals; SQL injection; network security; web application;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Science and Network Technology (ICCSNT), 2011 International Conference on
  • Conference_Location
    Harbin
  • Print_ISBN
    978-1-4577-1586-0
  • Type

    conf

  • DOI
    10.1109/ICCSNT.2011.6182115
  • Filename
    6182115
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1734775