Proceedings of the 2nd International Conference on Electronics, Network and Computer Engineering (ICENCE 2016)

Mutation Based SQL Injection Test Cases Generation for the Web Based Application Vulnerability Testing

Authors
Ilies Benikhlef, Chenghong Wang, Sangirov Gulomjon
Corresponding Author
Ilies Benikhlef
Available Online September 2016.
DOI
https://doi.org/10.2991/icence-16.2016.104How to use a DOI?
Keywords
Mutation testing, Test Cases Generation, SQL Injections, mutation Analysis, fuzz testing, vulnerability detection
Abstract

Security testing is the process of detecting the exploited defects which conduct attacks. Since SQL Injection vulnerabilities are one of the most common threats of a web-based application, testing still the most important technique in order to gain confidence that an articraft behaves as expected. This scenario occurs when untrusted inline simple inputs are accepted as a database input which can lead to some security breaches such as altering the intent of the original query and getting some privileges, leaking of private information, authentication bypassing etc. Although the awareness of SQL Injection attacks, the risk is increasing and the consequences are very severe, still many people do not have very concrete ideas on how to prevent against them. It becomes not easy to check and test the application data flaws, but since the manually testing is hard and time-consuming security testing and fuzzing test remain the tools where almost all worldwide companies focus are concentrated rather than web application scanners. In practice Software's Vulnerabilities detections mean the obtaining of adequate test cases set that contain effective queries or attacks that reveal new data flaws and define the risk, identifying the unexpected behavior by performing test cases generation based on the mutation to mitigate that risk with new attack scenarios. In this paper we applied the idea of mutation-based test cases generation to get a new set of test cases to test against SQL Injections attacks. The results can be used for web-applications penetration testing, fuzz testing, SQL injection detection and prevention, it can also be used to compare between brute force tools, web-application scanners effectiveness, enlarge the space of test cases what can reduce the time costs of testing process and finally software's quality assurance.

Copyright
© 2016, the Authors. Published by Atlantis Press.
Open Access
This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Download article (PDF)

Volume Title
Proceedings of the 2nd International Conference on Electronics, Network and Computer Engineering (ICENCE 2016)
Series
Advances in Computer Science Research
Publication Date
September 2016
ISBN
978-94-6252-229-9
ISSN
2352-538X
DOI
https://doi.org/10.2991/icence-16.2016.104How to use a DOI?
Copyright
© 2016, the Authors. Published by Atlantis Press.
Open Access
This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Cite this article

TY  - CONF
AU  - Ilies Benikhlef
AU  - Chenghong Wang
AU  - Sangirov Gulomjon
PY  - 2016/09
DA  - 2016/09
TI  - Mutation Based SQL Injection Test Cases Generation for the Web Based Application Vulnerability Testing
BT  - Proceedings of the 2nd International Conference on Electronics, Network and Computer Engineering (ICENCE 2016)
PB  - Atlantis Press
SP  - 546
EP  - 551
SN  - 2352-538X
UR  - https://doi.org/10.2991/icence-16.2016.104
DO  - https://doi.org/10.2991/icence-16.2016.104
ID  - Benikhlef2016/09
ER  -