Mutation Based SQL Injection Test Cases Generation for the Web Based Application Vulnerability Testing

Ilies Benikhlef; Chenghong Wang; Sangirov Gulomjon

doi:10.2991/icence-16.2016.104

<Previous Article In Volume

Next Article In Volume>

Mutation Based SQL Injection Test Cases Generation for the Web Based Application Vulnerability Testing

Authors

Ilies Benikhlef, Chenghong Wang, Sangirov Gulomjon

Corresponding Author

Ilies Benikhlef

Available Online September 2016.

DOI: 10.2991/icence-16.2016.104 How to use a DOI?
Keywords: Mutation testing, Test Cases Generation, SQL Injections, mutation Analysis, fuzz testing, vulnerability detection
Abstract: Security testing is the process of detecting the exploited defects which conduct attacks. Since SQL Injection vulnerabilities are one of the most common threats of a web-based application, testing still the most important technique in order to gain confidence that an articraft behaves as expected. This scenario occurs when untrusted inline simple inputs are accepted as a database input which can lead to some security breaches such as altering the intent of the original query and getting some privileges, leaking of private information, authentication bypassing etc. Although the awareness of SQL Injection attacks, the risk is increasing and the consequences are very severe, still many people do not have very concrete ideas on how to prevent against them. It becomes not easy to check and test the application data flaws, but since the manually testing is hard and time-consuming security testing and fuzzing test remain the tools where almost all worldwide companies focus are concentrated rather than web application scanners. In practice Software's Vulnerabilities detections mean the obtaining of adequate test cases set that contain effective queries or attacks that reveal new data flaws and define the risk, identifying the unexpected behavior by performing test cases generation based on the mutation to mitigate that risk with new attack scenarios. In this paper we applied the idea of mutation-based test cases generation to get a new set of test cases to test against SQL Injections attacks. The results can be used for web-applications penetration testing, fuzz testing, SQL injection detection and prevention, it can also be used to compare between brute force tools, web-application scanners effectiveness, enlarge the space of test cases what can reduce the time costs of testing process and finally software's quality assurance.
Copyright: © 2016, the Authors. Published by Atlantis Press.
Open Access: This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Download article (PDF)

<Previous Article In Volume

Next Article In Volume>

Volume Title: Proceedings of the 2nd International Conference on Electronics, Network and Computer Engineering (ICENCE 2016)
Series: Advances in Computer Science Research
Publication Date: September 2016
ISBN: 10.2991/icence-16.2016.104
ISSN: 2352-538X
DOI: 10.2991/icence-16.2016.104 How to use a DOI?
Open Access: This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Cite this article

ris enw bib

TY  - CONF
AU  - Ilies Benikhlef
AU  - Chenghong Wang
AU  - Sangirov Gulomjon
PY  - 2016/09
DA  - 2016/09
TI  - Mutation Based SQL Injection Test Cases Generation for the Web Based Application Vulnerability Testing
BT  - Proceedings of the 2nd International Conference on Electronics, Network and Computer Engineering (ICENCE 2016)
PB  - Atlantis Press
SP  - 546
EP  - 551
SN  - 2352-538X
UR  - https://doi.org/10.2991/icence-16.2016.104
DO  - 10.2991/icence-16.2016.104
ID  - Benikhlef2016/09
ER  -

download .riscopy to clipboard