Title :
A black-box testing tool for detecting SQL injection vulnerabilities
Author_Institution :
Fac. of Electr. Eng., Univ. of Banja Luka Banja Luka, Banja Luka, Bosnia-Herzegovina
Abstract :
Web applications vulnerabilities allow attackers to perform malicious actions that range from gaining unauthorized account access to obtaining sensitive data. The number of web application vulnerabilities in last decade is growing constantly. Improper input validation and sanitization are reasons for most of them. The most important of these vulnerabilities based on improper input validation and sanitization is SQL injection (SQLI) vulnerability. The primary focus of our research was to develop a reliable black-box vulnerability scanner for detecting SQLI vulnerability - SQLIVDT (SQL Injection Vulnerability Detection Tool). The black-box approach is based on simulation of SQLI attacks against web applications. Thus, the scope of analysis is limited to HTTP responses and HTML pages received from the application server. In order to achieve efficient SQLI vulnerability detection, an efficient algorithm for HTML page similarity detection is used. The proposed tool showed promising results as compared to six well-known web application scanners.
Keywords :
Internet; SQL; authorisation; file servers; hypermedia; HTML page similarity detection; HTTP responses; SQL injection vulnerability detection tool; SQLIVDT; Web application scanners; Web application vulnerabilities; application server; black-box approach; black-box testing tool; black-box vulnerability scanner; malicious actions; unauthorized account access; Crawlers; Databases; HTML; Security; Servers; Testing; Web pages; SQL injection; Web application security; black-box; web page similarity;
Conference_Titel :
Informatics and Applications (ICIA),2013 Second International Conference on
Conference_Location :
Lodz
Print_ISBN :
978-1-4673-5255-0
DOI :
10.1109/ICoIA.2013.6650259
