ABSTRACT
Web applications have become increasingly essential in many domains that operate on confidential data related to business. SQL injection attack is one of the most significant web application security risks. Detecting SQL injection vulnerabilities is essential for protecting the underlying web application. However, manually enumerating test cases is extremely challenging, if not impossible, given the potentially infinite number of user inputs and the likely nonexistence of one-to-one mapping between user inputs and malicious SQL statements. This paper proposes an automatic security test case generation approach to detect SQL injection vulnerabilities for web applications, following a search-based software engineering (SBSE) paradigm. Particularly, we propose a novel fitness function that evaluates the similarity between the SQL statements produced by feeding user inputs in the system under test and a known malicious SQL statement. For the search algorithm, we exploit differential evolution, which is robust in continuous optimization but it is under-investigated in SBSE. Based on three real-world web applications, we conduct experiments on 19 configurations that are of diverse forms of SQL statements and types of attacks. Results demonstrate that our approach is more effective, with statistical significance and high effect sizes, than the state-of-the-art.
- Fred Damerau. 1964. A technique for computer detection and correction of spelling errors. Commun. ACM 7, 3 (1964), 171--176. Google ScholarDigital Library
- Saswat Anand et al. 2013. An orchestrated survey of methodologies for automated software test case generation. Journal of Systems and Software 86, 8 (2013), 1978--2001. Google ScholarDigital Library
- Halfond, William, Orso, Alex, Manolios, and Pete. 2008. WASP: Protecting web applications using positive tainting and syntax-aware evaluation. IEEE Trans. Software Engineering 34, 1 (2008), 65--81. Google ScholarDigital Library
- Mark Harman, S Afshin Mansouri, and Yuanyuan Zhang. 2012. Search-based software engineering: Trends, techniques and applications. Comput. Surveys 45, 1 (2012), 11. Google ScholarDigital Library
- Michael Howard and David LeBlanc. 2003. Writing secure code. Pearson Education.Google Scholar
- Sadeeq Jan, Annibale Panichella, Andrea Arcuri, and Lionel Briand. 2017. Automatic Generation of Tests to Exploit XML Injection Vulnerabilities in Web Applications. IEEE Trans. Software Engineering (2017).Google Scholar
Index Terms
- Security testing of web applications: a search-based approach for detecting SQL injection vulnerabilities
Recommendations
DeepSQLi: deep semantic learning for testing SQL injection
ISSTA 2020: Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and AnalysisSecurity is unarguably the most serious concern for Web applications, to which SQL injection (SQLi) attack is one of the most devastating attacks. Automatically testing SQLi vulnerabilities is of ultimate importance, yet is unfortunately far from ...
Security vulnerabilities and mitigation techniques of web applications
SIN '13: Proceedings of the 6th International Conference on Security of Information and NetworksWeb applications contain vulnerabilities, which may lead to serious security breaches such as stealing of confidential information. To protect against security breaches, it is necessary to understand the detailed steps of attacks and the pros and cons ...
Securing web applications from injection and logic vulnerabilities
Context: Web applications are trusted by billions of users for performing day-to-day activities. Accessibility, availability and omnipresence of web applications have made them a prime target for attackers. A simple implementation flaw in the ...
Comments