Mutation Based SQL Injection Test Cases Generation for the Web Based Application Vulnerability Testing

Security testing is the process of detecting the exploited defects which conduct attacks. Since SQL Injection vulnerabilities are one of the most common threats of a web-based application, testing still the most important technique in order to gain confidence that an articraft behaves as expected. This scenario occurs when untrusted inline simple inputs are accepted as a database input which can lead to some security breaches such as altering the intent of the original query and getting some privileges, leaking of private information, authentication bypassing...etc. Although the awareness of SQL Injection attacks, the risk is increasing and the consequences are very severe, still many people do not have very concrete ideas on how to prevent against them. It becomes not easy to check and test the application data flaws, but since the manually testing is hard and time-consuming security testing and fuzzing test remain the tools where almost all worldwide companies focus are concentrated rather than web application scanners. In practice Software's Vulnerabilities detections mean the obtaining of adequate test cases set that contain effective queries or attacks that reveal new data flaws and define the risk, identifying the unexpected behavior by performing test cases generation based on the mutation to mitigate that risk with new attack scenarios. In this paper we applied the idea of mutation-based test cases generation to get a new set of test cases to test against SQL Injections attacks. The results can be used for web-applications penetration testing, fuzz testing, SQL injection detection and prevention, it can also be used to compare between brute force tools, web-application scanners effectiveness, enlarge the space of test cases what can reduce the time costs of testing process and finally software’s quality assurance. Introduction Since the hackers first target is web-based applications that one have been developed continuously, fundamentally and radically, in our daily life where the common thoughts say that this web applications might be secure and must do much better job than other applications. For us as society and individuals expect it to behave correctly, but unfortunately the majority of thus applications are not secure and may also contain some kinds of data flaws or bugs that can be exploited by attackers. SQL Injection still remain one of the most exploited web applications vulnerabilities, where the threat comes from the obtaining of unrestricted access to databases by inserting malicious strings to SQL queries via the web application to gain access, control and privileges of its administrator. Since web applications are complex and face a massive amount of threats and since the manual testing for security issues are hard and time-consuming, it becomes not easy to verify if they are secure against this kind of threats or not. In practice the appropriate way is to identify and remove software’s defects, by test cases generation automation which can save time and cost. In Software testing it's prominent to call for black-box testing technique however the tester will interact with system's user interface by providing inputs and inspect outputs without knowing how and where the 2nd International Conference on Electronics, Network and Computer Engineering (ICENCE 2016) © 2016. The authors Published by Atlantis Press 546 inputs are worked upon. Software Testing means the inspection of the application behavior on a finite set of test cases. In this paper a new optimal design of soccer robot control system which is based on mechanical analyses and calculations on the pressure and transmutation states of chip kick mechanics, this new control system with high precision for speed control and high dynamic quality. SQL Injection Scenario: The concept of injection attacks is to inject malicious code so as to alter the intent of original query [1-6]. Injection flaws occur when untrusted data are sent to an interpreter as a part of a command or query, then attacker's hostile data can trick the interpreter and execute unintended commands or accessing data without proper permission. SQL Injection queries are usually tested for correctness by executing them on datasets, to see if they give the desired results on each dataset. The invalid ones are often the result of small changes made by mutation. The idea behind this method is to mutate attack model either by changing parts of SQL injection statements or by changing the order of the execution. The test cases execution may be very costly and time-consuming and the analysis of test cases execution result can be more complex. Mutation testing propose automatic mechanism to get more test cases and discover more bugs at once, it sounds good because some professionals testers need to complete the check and obfuscation of test cases manually to reveal more bugs on the AUT(Application Under Test). The best way to improve the effectiveness of SQLi testing is to get more coverage, more bugs with fewer test cases in a short time [16]. In our point of view regardless of the similarity of the successful test cases between each other (e.g., encoded by the same encoding method or followed with similar prefix or suffix), but almost certainly it all disclose a significant amount of bugs. More specifically good test cases may have all combinations that help to discover flaws, so more we cover all combinations or probabilities where SQLi can take place. Mutation Operators and mutation Approach: The mutation approach describes mainly the process of generating test cases than comparing the newly generated mutants with original ones in question of quantity and quality. To achieve the requirements of best generation it should be rather built strong mutation operators using specific techniques to expand them. In this section we first propose the mutation operators to assess the quality of test cases generation. This mutants modify different features on the SQL queries. SQL attack vector is divided into the three following types of characteristics. The behavior conversion (behavior change), syntax correction (syntax repairing) and overall confusion (obfuscation). We implemented some new faults which are given bellow:  Replace apostrophe character with UTF-8 ’ = %EF%BC%87 )  Replace apostrophe with its illegal double Unicode counterpart apostrophe ' = %00%27 )  Replace UNION ALL SELECT with UNION SELECT  According to the techniques used for mutation we can define three types of mutation: 1) Value mutations: This kind of mutations tends to change the values to detect errors in the tested software. We usually change this values of constants to bigger or smaller values. 2) Decision mutation: The decisions/conditions are changed to check for design errors. Typically thus changes could be an arithmetic operator like (<, >, =, +, -, *, /) or also logic operators (AND, OR, NOT). 3) Statement mutation: Changes the statements by deleting or duplicating the line using evasion, stitching, obfuscation and replacement of the statement.

[1]  Auri Marcelo Rizzo Vincenzi,et al.  A coevolutionary algorithm to automatic test case selection and mutant in Mutation Testing , 2013, 2013 IEEE Congress on Evolutionary Computation.

[2]  Rashmi Agrawal,et al.  Search based techniques and mutation analysis in automatic test case generation: A survey , 2015, 2015 IEEE International Advance Computing Conference (IACC).

[3]  Javier Tuya,et al.  Mutating database queries , 2007, Inf. Softw. Technol..

[4]  Anna Derezinska,et al.  An experimental case study to applying mutation analysis for SQL queries , 2009, 2009 International Multiconference on Computer Science and Information Technology.

[5]  Macario Polo,et al.  Mutation at System and Functional Levels , 2010, 2010 Third International Conference on Software Testing, Verification, and Validation Workshops.

[6]  A. J. Offutt A practical system for mutation testing: help for the common programmer , 1994, Proceedings., International Test Conference.

[7]  Lionel C. Briand,et al.  Automated testing for SQL injection vulnerabilities: an input mutation approach , 2014, ISSTA 2014.

[8]  Mohammad Zulkernine,et al.  Mutation Testing of Event Processing Queries , 2012, 2012 IEEE 23rd International Symposium on Software Reliability Engineering.

[9]  Mike Papadakis,et al.  Test Data Generation Techniques for Mutation Testing: A Systematic Mapping , 2014, CIbSE.

[10]  Y. L. Traon,et al.  Mutation analysis applied to security tests , 2007 .

[11]  Mario Piattini,et al.  Mutation Testing , 2014, IEEE Software.

[12]  M.J. Suarez-Cabal,et al.  SQLMutation: A tool to generate mutants of SQL database queries , 2006, Second Workshop on Mutation Analysis (Mutation 2006 - ISSRE Workshops 2006).

[13]  William E. Howden,et al.  Weak Mutation Testing and Completeness of Test Sets , 1982, IEEE Transactions on Software Engineering.

[14]  Mohammad Zulkernine,et al.  MUSIC: Mutation-based SQL Injection Vulnerability Checking , 2008, 2008 The Eighth International Conference on Quality Software.

[15]  M. R. Woodward,et al.  From weak to strong, dead or alive? an analysis of some mutation testing issues , 1988, [1988] Proceedings. Second Workshop on Software Testing, Verification, and Analysis.

[16]  Mike Papadakis,et al.  Mutation based test case generation via a path selection strategy , 2012, Inf. Softw. Technol..