• DocumentCode
    2000233
  • Title

    An Approach for SQL Injection Vulnerability Detection

  • Author

    Mei Junjin

  • Author_Institution
    Huangshi Inst. ofTechnololgy, Huangshi
  • fYear
    2009
  • fDate
    27-29 April 2009
  • Firstpage
    1411
  • Lastpage
    1414
  • Abstract
    Our research objective is to facilitate the identification of true input manipulation vulnerabilities via the combination of static analysis, runtime detection, and automatic testing. We propose an approach for SQL injection vulnerability detection, automated by a prototype tool SQLInjectionGen. We performed case studies on two small Web applications for the evaluation of our approach compared to static analysis for identifying true SQL injection vulnerabilities. In our case study, SQLInjectionGen had no false positives, but had a small number of false negatives while the static analysis tool had a false positive for every vulnerability that was actually protected by a white or black list.
  • Keywords
    SQL; security of data; SQL injection vulnerability detection; SQLInjectionGen; automatic testing; input manipulation vulnerabilities; runtime detection; static analysis; Automatic testing; Databases; Information analysis; Information technology; Java; Manuals; Performance analysis; Performance evaluation; Prototypes; Runtime; SQL Injection attacks; automatic testing; input filtering; runtime detection; static analysis;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Technology: New Generations, 2009. ITNG '09. Sixth International Conference on
  • Conference_Location
    Las Vegas, NV
  • Print_ISBN
    978-1-4244-3770-2
  • Electronic_ISBN
    978-0-7695-3596-8
  • Type

    conf

  • DOI
    10.1109/ITNG.2009.34
  • Filename
    5070824
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2000233