Comparison of security testing approaches for detection of SQL injection vulnerabilities
Structured query language injection vulnerability (SQLIV) is one of the most prevalent and serious web application vulnerabilities that can be exploited by SQL injection attack (SQLIA) to gain unauthorized access to restricted data, bypass authentication mechanism, and execute unauthorized data mani...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Science Publishing Corporation
2018
|
| Online Access: | http://psasir.upm.edu.my/id/eprint/72074/1/Comparison%20of%20Security%20Testing%20Approaches%20for%20Detection%20of.pdf http://psasir.upm.edu.my/id/eprint/72074/ https://www.sciencepubco.com/index.php/ijet/article/view/19483 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Universiti Putra Malaysia |
| Language: | English |
| id |
my.upm.eprints.72074 |
|---|---|
| record_format |
eprints |
| spelling |
my.upm.eprints.720742020-02-05T04:36:47Z http://psasir.upm.edu.my/id/eprint/72074/ Comparison of security testing approaches for detection of SQL injection vulnerabilities Mohammed Draib, Najla’a Ateeq Md Sultan, Abu Bakar Abd Ghani, Abdul Azim Zulzalil, Hazura Structured query language injection vulnerability (SQLIV) is one of the most prevalent and serious web application vulnerabilities that can be exploited by SQL injection attack (SQLIA) to gain unauthorized access to restricted data, bypass authentication mechanism, and execute unauthorized data manipulation language. Hence, testing web applications for detecting such vulnerabilities is very imperative. Recently, several security testing approaches have been proposed to detect SQL injection vulnerabilities. However, there is no up-to-date comparative study of these approaches that could be used to help security practitioners and researchers in selecting an appropriate approach for their needs. In this paper, six criteria's are identified to compare and analyze security testing approaches; vulnerability covered, testing approach, tool automation, false positive mitigation, vulnerability fixing, and test case/data generation. Using these criteria, a comparison was carried out to contrast the most prominent security testing approaches available in the literature. These criteria will aid both practitioners and researchers to select appropriate approaches according to their needs. Additionally, it will provide researchers with guidance that could help them make a preliminary decision prior to their proposal of new security testing approaches. Science Publishing Corporation 2018 Article PeerReviewed text en http://psasir.upm.edu.my/id/eprint/72074/1/Comparison%20of%20Security%20Testing%20Approaches%20for%20Detection%20of.pdf Mohammed Draib, Najla’a Ateeq and Md Sultan, Abu Bakar and Abd Ghani, Abdul Azim and Zulzalil, Hazura (2018) Comparison of security testing approaches for detection of SQL injection vulnerabilities. International Journal of Engineering and Technology, 7 (4 spec.1). art. no. 19483. 14 - 17. ISSN 2227-5258; ESSN: 2227-524X https://www.sciencepubco.com/index.php/ijet/article/view/19483 10.14419/ijet.v7i4.1.19483 |
| institution |
Universiti Putra Malaysia |
| building |
UPM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Putra Malaysia |
| content_source |
UPM Institutional Repository |
| url_provider |
http://psasir.upm.edu.my/ |
| language |
English |
| description |
Structured query language injection vulnerability (SQLIV) is one of the most prevalent and serious web application vulnerabilities that can be exploited by SQL injection attack (SQLIA) to gain unauthorized access to restricted data, bypass authentication mechanism, and execute unauthorized data manipulation language. Hence, testing web applications for detecting such vulnerabilities is very imperative. Recently, several security testing approaches have been proposed to detect SQL injection vulnerabilities. However, there is no up-to-date comparative study of these approaches that could be used to help security practitioners and researchers in selecting an appropriate approach for their needs. In this paper, six criteria's are identified to compare and analyze security testing approaches; vulnerability covered, testing approach, tool automation, false positive mitigation, vulnerability fixing, and test case/data generation. Using these criteria, a comparison was carried out to contrast the most prominent security testing approaches available in the literature. These criteria will aid both practitioners and researchers to select appropriate approaches according to their needs. Additionally, it will provide researchers with guidance that could help them make a preliminary decision prior to their proposal of new security testing approaches. |
| format |
Article |
| author |
Mohammed Draib, Najla’a Ateeq Md Sultan, Abu Bakar Abd Ghani, Abdul Azim Zulzalil, Hazura |
| spellingShingle |
Mohammed Draib, Najla’a Ateeq Md Sultan, Abu Bakar Abd Ghani, Abdul Azim Zulzalil, Hazura Comparison of security testing approaches for detection of SQL injection vulnerabilities |
| author_facet |
Mohammed Draib, Najla’a Ateeq Md Sultan, Abu Bakar Abd Ghani, Abdul Azim Zulzalil, Hazura |
| author_sort |
Mohammed Draib, Najla’a Ateeq |
| title |
Comparison of security testing approaches for detection of SQL injection vulnerabilities |
| title_short |
Comparison of security testing approaches for detection of SQL injection vulnerabilities |
| title_full |
Comparison of security testing approaches for detection of SQL injection vulnerabilities |
| title_fullStr |
Comparison of security testing approaches for detection of SQL injection vulnerabilities |
| title_full_unstemmed |
Comparison of security testing approaches for detection of SQL injection vulnerabilities |
| title_sort |
comparison of security testing approaches for detection of sql injection vulnerabilities |
| publisher |
Science Publishing Corporation |
| publishDate |
2018 |
| url |
http://psasir.upm.edu.my/id/eprint/72074/1/Comparison%20of%20Security%20Testing%20Approaches%20for%20Detection%20of.pdf http://psasir.upm.edu.my/id/eprint/72074/ https://www.sciencepubco.com/index.php/ijet/article/view/19483 |
| _version_ |
1662756472238374912 |