Wei Tian, Jing Xu, Kunmei Lian, Ying Zhang, Jufeng Yang
{"title":"web应用中SQL注入漏洞的模拟攻击测试研究","authors":"Wei Tian, Jing Xu, Kunmei Lian, Ying Zhang, Jufeng Yang","doi":"10.1109/ICISE.2010.5689924","DOIUrl":null,"url":null,"abstract":"The testing methods for hunting vulnerabilities in web applications can be mainly classified into two categories: white box testing and black box testing. This paper focuses on the research on black box testing for the SQL injection vulnerability. Through the combination of fuzzy test and mock attack testing, a new testing method for hunting SQL injection is proposed, in which the injection parameters can be divided into several sets of equivalence classes according to the defined multi-defense levels of testee web systems. By injecting the most representative parameters selected from each equivalence classes, the mock attack testing for hunting SQL injection can be very effective and low cost. Experimental result shows that this method can achieve desirable result for SQLI mock attack testing in real web applications.","PeriodicalId":206435,"journal":{"name":"The 2nd International Conference on Information Science and Engineering","volume":"118 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Research on mock attack testing for SQL injection vulnerability in multi-defense level web applications\",\"authors\":\"Wei Tian, Jing Xu, Kunmei Lian, Ying Zhang, Jufeng Yang\",\"doi\":\"10.1109/ICISE.2010.5689924\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The testing methods for hunting vulnerabilities in web applications can be mainly classified into two categories: white box testing and black box testing. This paper focuses on the research on black box testing for the SQL injection vulnerability. Through the combination of fuzzy test and mock attack testing, a new testing method for hunting SQL injection is proposed, in which the injection parameters can be divided into several sets of equivalence classes according to the defined multi-defense levels of testee web systems. By injecting the most representative parameters selected from each equivalence classes, the mock attack testing for hunting SQL injection can be very effective and low cost. Experimental result shows that this method can achieve desirable result for SQLI mock attack testing in real web applications.\",\"PeriodicalId\":206435,\"journal\":{\"name\":\"The 2nd International Conference on Information Science and Engineering\",\"volume\":\"118 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"The 2nd International Conference on Information Science and Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICISE.2010.5689924\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"The 2nd International Conference on Information Science and Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICISE.2010.5689924","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Research on mock attack testing for SQL injection vulnerability in multi-defense level web applications
The testing methods for hunting vulnerabilities in web applications can be mainly classified into two categories: white box testing and black box testing. This paper focuses on the research on black box testing for the SQL injection vulnerability. Through the combination of fuzzy test and mock attack testing, a new testing method for hunting SQL injection is proposed, in which the injection parameters can be divided into several sets of equivalence classes according to the defined multi-defense levels of testee web systems. By injecting the most representative parameters selected from each equivalence classes, the mock attack testing for hunting SQL injection can be very effective and low cost. Experimental result shows that this method can achieve desirable result for SQLI mock attack testing in real web applications.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
