| Title | Method For Generating Test Data For Detecting SQL Injection Vulnerability in Web Application |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Awang, Nor Fatimah, Jarno, Ahmad Dahari, Marzuki, Syahaneim, Jamaludin, Nor Azliana Akmal, Majid, Khairani Abd, Tajuddin, Taniza |
| Conference Name | 2019 7th International Conference on Cyber and IT Service Management (CITSM) |
| Keywords | Collaboration, Human Behavior, Metrics, policy-based governance, privacy, pubcrawl, resilience, Resiliency, security testing, SQL detection, SQL Injection, SQL Injection vulnerability, Test Data Generation |
| Abstract | SQL injection is among the most dangerous vulnerabilities in web applications that allow attackers to bypass the authentication and access the application database. Security testing is one of the techniques required to detect the existence of SQL injection vulnerability in a web application. However, inadequate test data during testing can affect the effectiveness of security testing. Therefore, in this paper, the new algorithm is designed and developed by applying the Cartesian Product technique in order to generate a set of invalid test data automatically. A total of 624 invalid test data were generated in order to increase the detection rate of SQL injection vulnerability. Finally, the ideas obtained from our method is able to detect the vulnerability of SQL injection in web application. |
| DOI | 10.1109/CITSM47753.2019.8965339 |
| Citation Key | awang_method_2019 |
Method For Generating Test Data For Detecting SQL Injection Vulnerability in Web Application