Analysis &amp;amp; Detection of SQL Injection Vulnerabilities via Automatic Test Case Generation of Programs

Ruse, Michelle; Sarkar, Tanmoy; Basu, Samik

doi:10.1109/saint.2010.60

Cited by 23 publications

(14 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…If a defect is detected, an attack is replayed by the tool to developers. Ruse, Sarkar & Basu (2010) detect SQL injection vulnerabilities in a similar manner. In addition, Rubyx (Chaudhuri & Foster, 2010) follows a similar approach to counter JavaScript injection attacks in applications written in Ruby.…”

Section: Symbolic Executionmentioning

confidence: 98%

Fatal injection: a survey of modern code injection attack countermeasures

Mitropoulos

Spinellis

2017

PeerJ Computer Science

View full text Add to dashboard Cite

With a code injection attack (CIA) an attacker can introduce malicious code into a computer program or system that fails to properly encode data that comes from an untrusted source. A CIA can have different forms depending on the execution context of the application and the location of the programming flaw that leads to the attack. Currently, CIAs are considered one of the most damaging classes of application attacks since they can severely affect an organisation's infrastructure and cause financial and reputational damage to it. In this paper we examine and categorize the countermeasures developed to detect the various attack forms. In particular, we identify two distinct categories. The first incorporates static program analysis tools used to eliminate flaws that can lead to such attacks during the development of the system. The second involves the use of dynamic detection safeguards that prevent code injection attacks while the system is in production mode. Our analysis is based on nonfunctional characteristics that are considered critical when creating security mechanisms. Such characteristics involve usability, overhead, implementation dependencies, false positives and false negatives. Our categorization and analysis can help both researchers and practitioners either to develop novel approaches, or use the appropriate mechanisms according to their needs. Subjects Security and Privacy

show abstract

Section: Symbolic Executionmentioning

confidence: 98%

Fatal injection: a survey of modern code injection attack countermeasures

Mitropoulos

Spinellis

2017

PeerJ Computer Science

View full text Add to dashboard Cite

show abstract

“…Case Generation of Programs" [12] Ruse et al [12] have proposed an approach that uses automatic test case generation to detect SQL injection vulnerabilities. The main idea behind this framework is based on creating a specific model that deals with SQL queries automatically.…”

Section: "Analysis and Detection Of Sql Injection Vulnerabilities Via Amentioning

confidence: 99%

“…10 Ruse et al [12] Idea behind this framework is based on creating a specific model that deals with SQL queries automatically.…”

mentioning

confidence: 99%

A Survey on the Detection of SQL Injection Attacks and Their Countermeasures

2015

J Inf Process Syst

View full text Add to dashboard Cite

The Structured Query Language (SQL) Injection continues to be one of greatest security risks in the world according to the Open Web Application Security Project's (OWASP) [1] Top 10 Security vulnerabilities 2013. The ease of exploitability and severe impact puts this attack at the top. As the countermeasures become more sophisticated, SOL Injection Attacks also continue to evolve, thus thwarting the attempt to eliminate this attack completely. The vulnerable data is a source of worry for government and financial institutions. In this paper, a detailed survey of different types of SQL Injection and proposed methods and theories are presented, along with various tools and their efficiency in intercepting and preventing SQL attacks.

show abstract

“…[23], CREST has been used by several research groups. For instance, CREST has been used to build tools for regression testing [139], for detecting SQL injection vulnerabilities [118], and for identifying infeasible code to achieve high structural coverage [12], and has been modified to run distributed on a cluster for testing a flash storage platform [81]. In the development of this research project, we also used CREST for structural coverage testing and security testing.…”

Section: Dynamic Symbolic Executionmentioning

confidence: 99%