UPM Institutional Repository

Comparison of security testing approaches for detection of SQL injection vulnerabilities


Citation

Mohammed Draib, Najla’a Ateeq and Md Sultan, Abu Bakar and Abd Ghani, Abdul Azim and Zulzalil, Hazura (2018) Comparison of security testing approaches for detection of SQL injection vulnerabilities. International Journal of Engineering and Technology, 7 (4 spec.1). art. no. 19483. 14 - 17. ISSN 2227-5258; ESSN: 2227-524X

Abstract

Structured query language injection vulnerability (SQLIV) is one of the most prevalent and serious web application vulnerabilities that can be exploited by SQL injection attack (SQLIA) to gain unauthorized access to restricted data, bypass authentication mechanism, and execute unauthorized data manipulation language. Hence, testing web applications for detecting such vulnerabilities is very imperative. Recently, several security testing approaches have been proposed to detect SQL injection vulnerabilities. However, there is no up-to-date comparative study of these approaches that could be used to help security practitioners and researchers in selecting an appropriate approach for their needs. In this paper, six criteria's are identified to compare and analyze security testing approaches; vulnerability covered, testing approach, tool automation, false positive mitigation, vulnerability fixing, and test case/data generation. Using these criteria, a comparison was carried out to contrast the most prominent security testing approaches available in the literature. These criteria will aid both practitioners and researchers to select appropriate approaches according to their needs. Additionally, it will provide researchers with guidance that could help them make a preliminary decision prior to their proposal of new security testing approaches.


Download File

[img] Text
Comparison of Security Testing Approaches for Detection of.pdf
Restricted to Repository staff only

Download (432kB)

Additional Metadata

Item Type: Article
Divisions: Faculty of Computer Science and Information Technology
DOI Number: https://doi.org/10.14419/ijet.v7i4.1.19483
Publisher: Science Publishing Corporation
Keywords: SQL injection; Vulnerabilities; Detection approaches; Software security test; Web applications
Depositing User: Nurul Ainie Mokhtar
Date Deposited: 05 Feb 2020 04:36
Last Modified: 05 Feb 2020 04:36
Altmetrics: http://www.altmetric.com/details.php?domain=psasir.upm.edu.my&doi=10.14419/ijet.v7i4.1.19483
URI: http://psasir.upm.edu.my/id/eprint/72074
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item