UPM Institutional Repository

Comparing web vulnerability scanners with a new method for SQL injection vulnerabilities detection and removal EPSQLiFix


Md Sultan, Abu Bakar and Abdullah@Selimun, Mohd Taufik and Admodisastro, Novia Indriaty and Zulzalil, Hazura and Umar, Kabir (2018) Comparing web vulnerability scanners with a new method for SQL injection vulnerabilities detection and removal EPSQLiFix. International Journal of Engineering and Technology (UAE), 7 (4.31). 40 - 45. ISSN 2227-524X


Web vulnerabilities have become a major threat to the security of information and services accessible via the internet. Dynamic analysis based Web Vulnerability Scanners (WVS) have been employed to facilitate detection of vulnerabilities, though, such scanners could not remove the detected vulnerabilities. Empirical evidences show that some existing static analysis techniques targeted both detection and removal of vulnerabilities. However, these techniques are not adequately effective – they report considerably large number of false positives and do not achieve fully automatic vulnerabilities removal. Although, clear understanding of the workflow of WVSs is very essential in designing more improved scanners, current literature does not provide a comprehensive presentation on workflow of WVSs. Thus, this paper presents thorough description of generic WVS through synthesis and aggregation of knowledge. In addition, the paper presents overview of an Evolutionary Programming (EP) based static analysis method for automatic detection and removal of vulnerabilities called EPSQLiFix. Lastly, the paper compares the workflow of WVSs to that of EPSQLiFix method.

Download File

[img] Text (Abstract)

Download (70kB)

Additional Metadata

Item Type: Article
Divisions: Faculty of Computer Science and Information Technology
DOI Number: https://doi.org/10.14419/ijet.v7i4.31.23338
Publisher: Science Publishing Corporation
Keywords: SQL injection; Reachability analysis; Vulnerability detection and removal
Depositing User: Ms. Nuraida Ibrahim
Date Deposited: 26 Jan 2021 19:51
Last Modified: 26 Jan 2021 19:51
Altmetrics: http://www.altmetric.com/details.php?domain=psasir.upm.edu.my&doi=10.14419/ijet.v7i4.31.23338
URI: http://psasir.upm.edu.my/id/eprint/73465
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item