A black-box testing tool for detecting SQL injection vulnerabilities

Web applications vulnerabilities allow attackers to perform malicious actions that range from gaining unauthorized account access to obtaining sensitive data. The number of web application vulnerabilities in last decade is growing constantly. Improper input validation and sanitization are reasons for most of them. The most important of these vulnerabilities based on improper input validation and sanitization is SQL injection (SQLI) vulnerability. The primary focus of our research was to develop a reliable black-box vulnerability scanner for detecting SQLI vulnerability - SQLIVDT (SQL Injection Vulnerability Detection Tool). The black-box approach is based on simulation of SQLI attacks against web applications. Thus, the scope of analysis is limited to HTTP responses and HTML pages received from the application server. In order to achieve efficient SQLI vulnerability detection, an efficient algorithm for HTML page similarity detection is used. The proposed tool showed promising results as compared to six well-known web application scanners.

[1]  Marco Vieira,et al.  Testing and Comparing Web Vulnerability Scanning Tools for SQL Injection and XSS Attacks , 2007 .

[2]  Zhendong Su,et al.  Sound and precise analysis of web applications for injection vulnerabilities , 2007, PLDI '07.

[3]  Monica S. Lam,et al.  Automatic Generation of XSS and SQL Injection Attacks with Goal-Directed Model Checking , 2008, USENIX Security Symposium.

[4]  D. T. Lee,et al.  Securing web application code by static analysis and runtime protection , 2004, WWW '04.

[5]  Mohammad Zulkernine,et al.  Automatic Testing of Program Security Vulnerabilities , 2009, 2009 33rd Annual IEEE International Computer Software and Applications Conference.

[6]  John C. Mitchell,et al.  State of the Art: Automated Black-Box Web Application Vulnerability Testing , 2010, 2010 IEEE Symposium on Security and Privacy.

[7]  Richard M. Karp,et al.  Efficient Randomized Pattern-Matching Algorithms , 1987, IBM J. Res. Dev..

[8]  Z. Duric,et al.  A Source Code Similarity System for Plagiarism Detection , 2013, Comput. J..

[9]  Shih-Kun Huang,et al.  Web application security assessment by fault injection and behavior monitoring , 2003, WWW '03.

[10]  Alan Bustos Kleiman Qualitative Analysis and Comparison of Plagiarism-Detection Systems in Student Programs , 2008 .

[11]  J. W. Hunt,et al.  An Algorithm for Differential File Comparison , 2008 .

[12]  Justin Clarke,et al.  SQL Injection Attacks and Defense , 2009 .

[13]  Chris Anley,et al.  Advanced SQL Injection In SQL Server Applications , 2002 .

[14]  Christopher Krügel,et al.  Pixy: a static analysis tool for detecting Web application vulnerabilities , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[15]  Toshinori Sato,et al.  Power-Performance Trade-Off of a Dependable Multicore Processor , 2007 .

[16]  Benjamin Livshits,et al.  Securing web applications with static and dynamic information flow tracking , 2008, PEPM '08.

[17]  Christopher Krügel,et al.  SecuBat: a web vulnerability scanner , 2006, WWW '06.

[18]  Alessandro Orso,et al.  AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks , 2005, ASE.

[19]  Giovanni Vigna,et al.  Why Johnny Can't Pentest: An Analysis of Black-Box Web Vulnerability Scanners , 2010, DIMVA.

[20]  Engin Kirda,et al.  Have things changed now? An empirical study on input validation vulnerabilities in web applications , 2012, Comput. Secur..

[21]  Michael D. Ernst,et al.  Automatic creation of SQL Injection and cross-site scripting attacks , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[22]  Tao Xie,et al.  Perturbation-based user-input-validation testing of web applications , 2010, J. Syst. Softw..