ART4SQLi: The ART of SQL Injection Vulnerability Discovery

SQL injection (SQLi) is one of the chief threats to the security of database-driven Web applications. It can cause serious security issues such as authentication bypassing, privacy leakage, and arbitrary code execution. Dynamic testing techniques are used in SQLi vulnerability discovery, which de-fa...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on reliability 2019-12, Vol.68 (4), p.1470-1489
Main Authors: Zhang, Long, Zhang, Donghong, Wang, Chenghong, Zhao, Jing, Zhang, Zhenyu
Format: Article
Language:English
Subjects:
Adaptive random testing (ART)
Applications programs
attack payload
Authentication
Benchmarks
Cost analysis
Dynamic tests
Feature extraction
Payloads
Query languages
Security
SQL injection (SQLi)
Subspace constraints
Task analysis
test case prioritization
Testing
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by cdi_FETCH-LOGICAL-c289t-70d665362ab2039556f391d4c01cf8eb1fe8c6859556a51f864cbb978a1f93a03
cites cdi_FETCH-LOGICAL-c289t-70d665362ab2039556f391d4c01cf8eb1fe8c6859556a51f864cbb978a1f93a03
container_end_page 1489
container_issue 4
container_start_page 1470
container_title IEEE transactions on reliability
container_volume 68
creator Zhang, Long
Zhang, Donghong
Wang, Chenghong
Zhao, Jing
Zhang, Zhenyu
description SQL injection (SQLi) is one of the chief threats to the security of database-driven Web applications. It can cause serious security issues such as authentication bypassing, privacy leakage, and arbitrary code execution. Dynamic testing techniques are used in SQLi vulnerability discovery, which de-facto approach is to maintain a collection of elaborately designed user inputs (aka. attack payloads) and based on it to compose malicious SQL queries to Web applications. Such techniques are effective to reveal SQLi threats before an application is released, thus reducing the cost of manual analysis, monitoring or postdeployment of other defensive mechanisms. However, because of the diversity of SQLi attacks and the difficulty of SQLi discovery, the process to execute payloads can be costly, time-consuming, and even risky. In this paper, we approach from a test case prioritization perspective to give a more effective SQLi discovery proposal, which is based on adaptive random testing with the aim to successfully trigger an SQLi within limited attempts. To evaluate our method, we conduct an experiment using three extensively adopted open source vulnerable benchmarks. The experiment results indicate that our method ART4SQLi can effectively improve the conventional random testing approach on three common benchmarks by more than 26% in reducing the number of SQLi attempts before accomplishing a successful injection.
doi_str_mv 10.1109/TR.2019.2910285
format article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_crossref_primary_10_1109_TR_2019_2910285</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>8716725</ieee_id><sourcerecordid>2320880764</sourcerecordid><originalsourceid>FETCH-LOGICAL-c289t-70d665362ab2039556f391d4c01cf8eb1fe8c6859556a51f864cbb978a1f93a03</originalsourceid><addsrcrecordid>eNo9kM1LAzEQxYMoWKtnD14CnnebSTbZpLdSvwoFcV29hmyaYErdrclW6H_vlhZPw5v5vXnwELoFkgMQNamrnBJQOVVAqORnaAScywxKCudoRAjITHGqLtFVSutBFoWSIzSdVXXx_rYMU1x_OTwo3Hk8LPCiXTvbh67Fn7tN66Jpwib0e_wQku1-XdxfowtvNsndnOYYfTw91vOXbPn6vJjPlpmlUvVZSVZCcCaoaShhinPhmYJVYQlYL10D3kkrJD9cDAcvRWGbRpXSgFfMEDZG98e_29j97Fzq9brbxXaI1JRRIiUpRTFQkyNlY5dSdF5vY_g2ca-B6ENBuq70oSB9Kmhw3B0dwTn3T8sSREk5-wMbBl4R</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2320880764</pqid></control><display><type>article</type><title>ART4SQLi: The ART of SQL Injection Vulnerability Discovery</title><source>IEEE Electronic Library (IEL) Journals</source><creator>Zhang, Long ; Zhang, Donghong ; Wang, Chenghong ; Zhao, Jing ; Zhang, Zhenyu</creator><creatorcontrib>Zhang, Long ; Zhang, Donghong ; Wang, Chenghong ; Zhao, Jing ; Zhang, Zhenyu</creatorcontrib><description>SQL injection (SQLi) is one of the chief threats to the security of database-driven Web applications. It can cause serious security issues such as authentication bypassing, privacy leakage, and arbitrary code execution. Dynamic testing techniques are used in SQLi vulnerability discovery, which de-facto approach is to maintain a collection of elaborately designed user inputs (aka. attack payloads) and based on it to compose malicious SQL queries to Web applications. Such techniques are effective to reveal SQLi threats before an application is released, thus reducing the cost of manual analysis, monitoring or postdeployment of other defensive mechanisms. However, because of the diversity of SQLi attacks and the difficulty of SQLi discovery, the process to execute payloads can be costly, time-consuming, and even risky. In this paper, we approach from a test case prioritization perspective to give a more effective SQLi discovery proposal, which is based on adaptive random testing with the aim to successfully trigger an SQLi within limited attempts. To evaluate our method, we conduct an experiment using three extensively adopted open source vulnerable benchmarks. The experiment results indicate that our method ART4SQLi can effectively improve the conventional random testing approach on three common benchmarks by more than 26% in reducing the number of SQLi attempts before accomplishing a successful injection.</description><identifier>ISSN: 0018-9529</identifier><identifier>EISSN: 1558-1721</identifier><identifier>DOI: 10.1109/TR.2019.2910285</identifier><identifier>CODEN: IERQAD</identifier><language>eng</language><publisher>New York: IEEE</publisher><subject>Adaptive random testing (ART) ; Applications programs ; attack payload ; Authentication ; Benchmarks ; Cost analysis ; Dynamic tests ; Feature extraction ; Payloads ; Query languages ; Security ; SQL injection (SQLi) ; Subspace constraints ; Task analysis ; test case prioritization ; Testing</subject><ispartof>IEEE transactions on reliability, 2019-12, Vol.68 (4), p.1470-1489</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2019</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c289t-70d665362ab2039556f391d4c01cf8eb1fe8c6859556a51f864cbb978a1f93a03</citedby><cites>FETCH-LOGICAL-c289t-70d665362ab2039556f391d4c01cf8eb1fe8c6859556a51f864cbb978a1f93a03</cites><orcidid>0000-0002-8280-8462 ; 0000-0002-8979-7014</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/8716725$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,780,784,27923,27924,54795</link.rule.ids></links><search><creatorcontrib>Zhang, Long</creatorcontrib><creatorcontrib>Zhang, Donghong</creatorcontrib><creatorcontrib>Wang, Chenghong</creatorcontrib><creatorcontrib>Zhao, Jing</creatorcontrib><creatorcontrib>Zhang, Zhenyu</creatorcontrib><title>ART4SQLi: The ART of SQL Injection Vulnerability Discovery</title><title>IEEE transactions on reliability</title><addtitle>TR</addtitle><description>SQL injection (SQLi) is one of the chief threats to the security of database-driven Web applications. It can cause serious security issues such as authentication bypassing, privacy leakage, and arbitrary code execution. Dynamic testing techniques are used in SQLi vulnerability discovery, which de-facto approach is to maintain a collection of elaborately designed user inputs (aka. attack payloads) and based on it to compose malicious SQL queries to Web applications. Such techniques are effective to reveal SQLi threats before an application is released, thus reducing the cost of manual analysis, monitoring or postdeployment of other defensive mechanisms. However, because of the diversity of SQLi attacks and the difficulty of SQLi discovery, the process to execute payloads can be costly, time-consuming, and even risky. In this paper, we approach from a test case prioritization perspective to give a more effective SQLi discovery proposal, which is based on adaptive random testing with the aim to successfully trigger an SQLi within limited attempts. To evaluate our method, we conduct an experiment using three extensively adopted open source vulnerable benchmarks. The experiment results indicate that our method ART4SQLi can effectively improve the conventional random testing approach on three common benchmarks by more than 26% in reducing the number of SQLi attempts before accomplishing a successful injection.</description><subject>Adaptive random testing (ART)</subject><subject>Applications programs</subject><subject>attack payload</subject><subject>Authentication</subject><subject>Benchmarks</subject><subject>Cost analysis</subject><subject>Dynamic tests</subject><subject>Feature extraction</subject><subject>Payloads</subject><subject>Query languages</subject><subject>Security</subject><subject>SQL injection (SQLi)</subject><subject>Subspace constraints</subject><subject>Task analysis</subject><subject>test case prioritization</subject><subject>Testing</subject><issn>0018-9529</issn><issn>1558-1721</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2019</creationdate><recordtype>article</recordtype><recordid>eNo9kM1LAzEQxYMoWKtnD14CnnebSTbZpLdSvwoFcV29hmyaYErdrclW6H_vlhZPw5v5vXnwELoFkgMQNamrnBJQOVVAqORnaAScywxKCudoRAjITHGqLtFVSutBFoWSIzSdVXXx_rYMU1x_OTwo3Hk8LPCiXTvbh67Fn7tN66Jpwib0e_wQku1-XdxfowtvNsndnOYYfTw91vOXbPn6vJjPlpmlUvVZSVZCcCaoaShhinPhmYJVYQlYL10D3kkrJD9cDAcvRWGbRpXSgFfMEDZG98e_29j97Fzq9brbxXaI1JRRIiUpRTFQkyNlY5dSdF5vY_g2ca-B6ENBuq70oSB9Kmhw3B0dwTn3T8sSREk5-wMbBl4R</recordid><startdate>201912</startdate><enddate>201912</enddate><creator>Zhang, Long</creator><creator>Zhang, Donghong</creator><creator>Wang, Chenghong</creator><creator>Zhao, Jing</creator><creator>Zhang, Zhenyu</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SP</scope><scope>8FD</scope><scope>L7M</scope><orcidid>https://orcid.org/0000-0002-8280-8462</orcidid><orcidid>https://orcid.org/0000-0002-8979-7014</orcidid></search><sort><creationdate>201912</creationdate><title>ART4SQLi: The ART of SQL Injection Vulnerability Discovery</title><author>Zhang, Long ; Zhang, Donghong ; Wang, Chenghong ; Zhao, Jing ; Zhang, Zhenyu</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c289t-70d665362ab2039556f391d4c01cf8eb1fe8c6859556a51f864cbb978a1f93a03</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2019</creationdate><topic>Adaptive random testing (ART)</topic><topic>Applications programs</topic><topic>attack payload</topic><topic>Authentication</topic><topic>Benchmarks</topic><topic>Cost analysis</topic><topic>Dynamic tests</topic><topic>Feature extraction</topic><topic>Payloads</topic><topic>Query languages</topic><topic>Security</topic><topic>SQL injection (SQLi)</topic><topic>Subspace constraints</topic><topic>Task analysis</topic><topic>test case prioritization</topic><topic>Testing</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Zhang, Long</creatorcontrib><creatorcontrib>Zhang, Donghong</creatorcontrib><creatorcontrib>Wang, Chenghong</creatorcontrib><creatorcontrib>Zhao, Jing</creatorcontrib><creatorcontrib>Zhang, Zhenyu</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Technology Research Database</collection><collection>Advanced Technologies Database with Aerospace</collection><jtitle>IEEE transactions on reliability</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Zhang, Long</au><au>Zhang, Donghong</au><au>Wang, Chenghong</au><au>Zhao, Jing</au><au>Zhang, Zhenyu</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>ART4SQLi: The ART of SQL Injection Vulnerability Discovery</atitle><jtitle>IEEE transactions on reliability</jtitle><stitle>TR</stitle><date>2019-12</date><risdate>2019</risdate><volume>68</volume><issue>4</issue><spage>1470</spage><epage>1489</epage><pages>1470-1489</pages><issn>0018-9529</issn><eissn>1558-1721</eissn><coden>IERQAD</coden><abstract>SQL injection (SQLi) is one of the chief threats to the security of database-driven Web applications. It can cause serious security issues such as authentication bypassing, privacy leakage, and arbitrary code execution. Dynamic testing techniques are used in SQLi vulnerability discovery, which de-facto approach is to maintain a collection of elaborately designed user inputs (aka. attack payloads) and based on it to compose malicious SQL queries to Web applications. Such techniques are effective to reveal SQLi threats before an application is released, thus reducing the cost of manual analysis, monitoring or postdeployment of other defensive mechanisms. However, because of the diversity of SQLi attacks and the difficulty of SQLi discovery, the process to execute payloads can be costly, time-consuming, and even risky. In this paper, we approach from a test case prioritization perspective to give a more effective SQLi discovery proposal, which is based on adaptive random testing with the aim to successfully trigger an SQLi within limited attempts. To evaluate our method, we conduct an experiment using three extensively adopted open source vulnerable benchmarks. The experiment results indicate that our method ART4SQLi can effectively improve the conventional random testing approach on three common benchmarks by more than 26% in reducing the number of SQLi attempts before accomplishing a successful injection.</abstract><cop>New York</cop><pub>IEEE</pub><doi>10.1109/TR.2019.2910285</doi><tpages>20</tpages><orcidid>https://orcid.org/0000-0002-8280-8462</orcidid><orcidid>https://orcid.org/0000-0002-8979-7014</orcidid></addata></record>
fulltext fulltext
identifier ISSN: 0018-9529
ispartof IEEE transactions on reliability, 2019-12, Vol.68 (4), p.1470-1489
issn 0018-9529
1558-1721
language eng
recordid cdi_crossref_primary_10_1109_TR_2019_2910285
source IEEE Electronic Library (IEL) Journals
subjects Adaptive random testing (ART)
Applications programs
attack payload
Authentication
Benchmarks
Cost analysis
Dynamic tests
Feature extraction
Payloads
Query languages
Security
SQL injection (SQLi)
Subspace constraints
Task analysis
test case prioritization
Testing
title ART4SQLi: The ART of SQL Injection Vulnerability Discovery
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-08T16%3A12%3A46IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=ART4SQLi:%20The%20ART%20of%20SQL%20Injection%20Vulnerability%20Discovery&rft.jtitle=IEEE%20transactions%20on%20reliability&rft.au=Zhang,%20Long&rft.date=2019-12&rft.volume=68&rft.issue=4&rft.spage=1470&rft.epage=1489&rft.pages=1470-1489&rft.issn=0018-9529&rft.eissn=1558-1721&rft.coden=IERQAD&rft_id=info:doi/10.1109/TR.2019.2910285&rft_dat=%3Cproquest_cross%3E2320880764%3C/proquest_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c289t-70d665362ab2039556f391d4c01cf8eb1fe8c6859556a51f864cbb978a1f93a03%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2320880764&rft_id=info:pmid/&rft_ieee_id=8716725&rfr_iscdi=true