SQLUnitGen: SQL Injection Testing Using Static and Dynamic Analysis
نویسندگان
چکیده
This paper proposes an approach to facilitate the identification of actual input manipulation vulnerabilities via automated testing based on static analysis. We implemented a prototype of a SQL injection vulnerability detection tool, SQLUnitGen, which we compared to a static analysis tool, FindBugs. The evaluation results show that our approach can be used to locate precise vulnerable locations of source code and help to identify false positives that are caused by static analysis tools.
منابع مشابه
SQLUnitGen: Test Case Generation for SQL Injection Detection
More than half of all of the vulnerabilities reported can be classified as input manipulation, such as SQL injection, cross site scripting, and buffer overflows. Increasingly, automated static analysis tools are being used to identify input manipulation vulnerabilities. However, these tools cannot detect the presence or the effectiveness of black or white list input filters and, therefore, may ...
متن کامل1 Sound and Precise Analysis of Web Applications for Injection Vulnerabilities ∗
Web applications are popular targets of security attacks. One common type of such attacks is SQL injection, where an attacker exploits faulty application code to execute maliciously crafted database queries. Both static and dynamic approaches have been proposed to detect or prevent SQL injections; while dynamic approaches provide protection for deployed software, static approaches can detect po...
متن کاملEffect of weight transfer training on static and dynamic balance of older women
The aim of this study was to determine the effect of weight transfer training on static and dynamic balance of older women. 20 accessible subjects that met our criteria divided randomly into two experimental and control groups. The experimental group trained for 6 weeks, 3 times a week and each session 60 minutes a day. Biodex balance system used for training and testing procedures. Data analys...
متن کاملBlocking of SQL Injection Attacks by Comparing Static and Dynamic Queries
Due to internet expansion web applications have now become a part of everyday life. As a result a number of incidents which exploit web application vulnerabilities are increasing. A large number of these incidents are SQL Injection attacks which are a serious security threat to databases which contain sensitive information, the leakage of which cause a large amount of loss. SQL Injection Attack...
متن کاملWeb Application Security—Past, Present, and Future *
Web application security remains a major roadblock to universal acceptance of the Web for many kinds of online transactions, especially since the recent sharp increase in remotely exploitable vulnerabilities has been attributed to Web application bugs. In software engineering, software testing is an established and well-researched process for improving software quality. Recently formal verifica...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2006