New Approach for Detecting SQL Injection Vulnerability in Web application
Loading...
Date
2019
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
UNIVERSITY MOHAMED BOUDIAF - M’SILA FACULTY OF MATHEMATICS AND COMPUTER SCIENCE COMPUTER SCIENCE DEPARTMENT - Specialty: networks and information and communication technology
Abstract
Web applications vulnerabilities allow attackers to perform malicious actions that range
from gaining unauthorised access to obtaining sensitive data. Improper input validation and
sanitization are the common reason for most of them. SQL injection attack (SQLIA) is the
more famous attack based on improper input validation and sanitization. To mitigate the
problem we propose a new approach in developing a reliable automatic black box testing
scanner for detecting SQL injection vulnerability SQLIVD (SQL injection vulnerability
Detector). Our SQLiV detection approach is based on rejection page and on structural
similarity algorithms to calculate the structural similarity between rejection page and its
corresponding injection page ; our proposed approach able to minimize the false positive and
false negative detection rate. The proposed scanner proved the effectiveness of our approach
compared to the most popular web application scanners in the field.
Description
Keywords
black box testing, SQL injection, structural similarity algorithm, false positive, false negative