An algorithm for detecting SQL injection vulnerability using black-box testing

Aliero, Muhammad Saidu; Ghani, Imran; Qureshi, Kashif Naseer; Rohani, Mohd Foad

doi:10.1007/s12652-019-01235-z

Cited by 62 publications

(39 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…As it can be observed, in the previous table, the results obtained with the filter proposed in this article, based on the metrics (Precision, Recall and F-measure) are better than those obtained in the references [24 ] and [25] and similar to those obtained in RPAD [26].…”

Section: B Similar Work Comparisonsupporting

confidence: 62%

See 1 more Smart Citation

Effective Filter for Common Injection Attacks in Online Web Applications

et al. 2021

View full text Add to dashboard Cite

Section: B Similar Work Comparisonsupporting

confidence: 62%

“…Aliero et all in [25] proposes a method with the phases crawling, attacking analysis and reporting to stop SQL injections. It is tested in three web applications.…”

Section: B Similar Work Comparisonmentioning

confidence: 99%

Effective Filter for Common Injection Attacks in Online Web Applications

et al. 2021

View full text Add to dashboard Cite

“…Black box testing bukan teknik alternatif daripada white box testing (Larrea, 2017). Lebih daripada itu, merupakan pendekatan pelengkap dalam mencakup error dengan kelas yang berbeda dari metode white box testing (Aliero, Ghani, Qureshi, & Rohani, 2020). Boundary value analysis adalah suatu teknik disain test cases yang berguna untuk melakukan pengujian terhadap nilai sekitar dari pusat domain masukan (Maheshwari, 2017).…”

Section: Metode Penelitianunclassified

Pengujian Aplikasi Reservasi Lapangan Futsal dengan Metode Black Box Testing Menggunakan Teknik Boundary Value Analysis

Santiari

Rahayuda

2020

JIUP

View full text Add to dashboard Cite

The futsal court reservation application is an application that allows users and futsal court owners to more easily access without having to install additional applications that reduce the memory capacity on their smartphone. Before being used, this futsal field reservation application needs to be tested. Testing is a verification process for assessing the quality of a device software and see whether the software meets the expected processes and valid or not. The process that is not optimal can cause inequality of data to be stored in the database .. Testing is done by the Black Box Testing method. In black box testing there are several testing techniques, one of them is Boundary Value Analysis. The Boundary Value Analysis technique performs testing based on the maximum and minimum number of digits to produce valid and invalid values. The first stage carried out in this research is to identify the form functionality to be processed, ensuring the maximum and minimum number of characters entered. The results of testing the futsal field reservation application with the black box testing method with the Boundary Value Analysis technique are the quality of the software is in accordance with the function, and can be utilized properly by the user.

show abstract

“…In addition, many manual and automated testing tools are used for detecting XSS and that also helps in identifying against SQLI vulnerabilities [11,12,13]. However, the burden of high time consumption for the completing the testing a web application for testeris still persists.A lot of work in this direction focused on fuzzing [14], which deals about testing with (semi)-random values.…”

Section: Litrature Reviewmentioning

confidence: 99%

Web Vulnerability Finder (WVF): Automated Black- Box Web Vulnerability Scanner

Khalid¹,

Iqbal²,

Rasheed³

et al. 2020

IJITCS

View full text Add to dashboard Cite

Today the internet has become primary source of communication among people because it holds limitless space and pool of various web applications and resources. The internet allows us to communicate in a fraction of second with another people who is sitting in the other part of the world. At present, the internet has become part of our daily life and its usage is increasing exponentially, therefore it accumulates a number of web applications on daily basis on Web podium. Most of the web applications exist with few weaknesses and that weaknesses give room to several bad buys (hackers) to interrupt that weak part of code in web applications. Recently, SQL Injection, Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) seriously threaten the most of the web applications. In this study, we have proposed a black box testing method to detect different web vulnerabilities such as SQL Injection, XSS and CSRF and developed a detection tool i.e. Web Vulnerabilities Finder (WVF) for most of these vulnerabilities. Our proposed method can automatically analyze websites with the aim of finding web vulnerabilities. By applying the tool to some websites, we have found 45 exploitable XSS, SQL Injection 45, Directory Discloser 38 and Local/remote file inclusion 40 vulnerabilities. The experimental results show that our tool can efficiently detect XSS, SQL Injection, Directory Discloser and LFI/RFI vulnerabilities.

show abstract

An algorithm for detecting SQL injection vulnerability using black-box testing

Cited by 62 publications

References 27 publications

Effective Filter for Common Injection Attacks in Online Web Applications

Effective Filter for Common Injection Attacks in Online Web Applications

Pengujian Aplikasi Reservasi Lapangan Futsal dengan Metode Black Box Testing Menggunakan Teknik Boundary Value Analysis

Web Vulnerability Finder (WVF): Automated Black- Box Web Vulnerability Scanner

Contact Info

Product

Resources

About