Research on penetration test of the SQL injection based on the formalization model
- https://doi.org/10.2991/icence-16.2016.126How to use a DOI?
- SQL injection; penetration test; vulnerability; test case
To solve the problem of generating adequate test cases to reduce omissive report of the SQL injection vulnerability in penetration testing, this paper proposes a model-driven penetration test case generation method, which can describe the regularity of current SQL injection attacks. The experiment shows that the test cases generated by the proposed method can more effectively find the SQL injection vulnerability hidden behind the inadequate defense mechanism, and can reduce the omissive report of SQL injection.
- © 2016, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - CONF AU - Ping Chen PY - 2016/09 DA - 2016/09 TI - Research on penetration test of the SQL injection based on the formalization model BT - Proceedings of the 2nd International Conference on Electronics, Network and Computer Engineering (ICENCE 2016) PB - Atlantis Press SP - 670 EP - 673 SN - 2352-538X UR - https://doi.org/10.2991/icence-16.2016.126 DO - https://doi.org/10.2991/icence-16.2016.126 ID - Chen2016/09 ER -