Mutation Based SQL Injection Test Cases Generation for the Web Based Application Vulnerability Testing
- DOI
- 10.2991/icence-16.2016.104How to use a DOI?
- Keywords
- Mutation testing, Test Cases Generation, SQL Injections, mutation Analysis, fuzz testing, vulnerability detection
- Abstract
Security testing is the process of detecting the exploited defects which conduct attacks. Since SQL Injection vulnerabilities are one of the most common threats of a web-based application, testing still the most important technique in order to gain confidence that an articraft behaves as expected. This scenario occurs when untrusted inline simple inputs are accepted as a database input which can lead to some security breaches such as altering the intent of the original query and getting some privileges, leaking of private information, authentication bypassing etc. Although the awareness of SQL Injection attacks, the risk is increasing and the consequences are very severe, still many people do not have very concrete ideas on how to prevent against them. It becomes not easy to check and test the application data flaws, but since the manually testing is hard and time-consuming security testing and fuzzing test remain the tools where almost all worldwide companies focus are concentrated rather than web application scanners. In practice Software's Vulnerabilities detections mean the obtaining of adequate test cases set that contain effective queries or attacks that reveal new data flaws and define the risk, identifying the unexpected behavior by performing test cases generation based on the mutation to mitigate that risk with new attack scenarios. In this paper we applied the idea of mutation-based test cases generation to get a new set of test cases to test against SQL Injections attacks. The results can be used for web-applications penetration testing, fuzz testing, SQL injection detection and prevention, it can also be used to compare between brute force tools, web-application scanners effectiveness, enlarge the space of test cases what can reduce the time costs of testing process and finally software's quality assurance.
- Copyright
- © 2016, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - CONF AU - Ilies Benikhlef AU - Chenghong Wang AU - Sangirov Gulomjon PY - 2016/09 DA - 2016/09 TI - Mutation Based SQL Injection Test Cases Generation for the Web Based Application Vulnerability Testing BT - Proceedings of the 2nd International Conference on Electronics, Network and Computer Engineering (ICENCE 2016) PB - Atlantis Press SP - 546 EP - 551 SN - 2352-538X UR - https://doi.org/10.2991/icence-16.2016.104 DO - 10.2991/icence-16.2016.104 ID - Benikhlef2016/09 ER -