Automated Test Input Generation for Detecting SQL Injection Vulnerability using Set Theory Concept
Nor Fatimah Awang1, Azizah Abd Manaf2, Ahmad Dahari Jarno3
1Nor Fatimah Awang, Faculty of Defence Science and Technology, National Defence University of Malaysia, Kuala Lumpur, Malaysia.
2Azizah Abd Manaf, Advanced Informatics School (UTM AIS), UTM International Campus, Kuala Lumpur, Malaysia.
3Ahmad Dahari Jarno, Cyber Security Malaysia, Level, SAPURA @MINES, Seri Kembangan , Selangor, Malaysia.
Manuscript received on 21 August 2019 | Revised Manuscript received on 11 September 2019 | Manuscript Published on 17 September 2019 | PP: 1378-1381 | Volume-8 Issue-2S8 August 2019 | Retrieval Number: B10700882S819/2019©BEIESP | DOI: 10.35940/ijrte.B1070.0882S819
Open Access | Editorial and Publishing Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: The use of web application has grown rapidly due to the change in lifestyle in doing business, daily activities and social life. E-commerce, E-banking, E-book, social applications and much more are among the examples of web applications. However, at the same time, the number of vulnerabilities existing in the web application has increased as well. SQL injection is among the most dangerous vulnerabilities in web applications that allow attackers to bypass the authentication and access the application database. Security testing is one of the techniques required to detect the existence of SQL injection vulnerability in a web application. However, inadequate test input during testing can affect the effectiveness of security testing. Therefore, the generation of test input is formulated by applying the Cartesian product in set theory concept to detect SQL injection vulnerability. The ideas obtained from our method will generate a set of test inputs automatically and able to exploit SQL injection vulnerability.
Keywords: Test Input Generation, SQL Injection Vulnerability, Security Testing.
Scope of the Article: Next Generation Internet & Web Architectures