Effective Detection of SQL/XPath Injection Vulnerabilities in Web Services

This paper proposes a new automatic approach for the detection of SQL Injection and XPath Injection vulnerabilities, two of the most common and most critical types of vulnerabilities in Web services. Although there are tools that allow testing Web applications against security vulnerabilities, previous research shows that the effectiveness of those tools in Web services environments is very poor. In our approach a representative workload is used to exercise the Web service and a large set of SQL/XPath injection attacks are applied to disclose vulnerabilities. Vulnerabilities are detected by comparing the structure of the SQL/XPath commands issued in the presence of attacks to the ones previously learned when running the workload in the absence of attacks. Experimental evaluation shows that our approach performs much better than known tools (including commercial ones), achieving extremely high detection coverage while maintaining the false positives rate very low.