PSIAQOP: preventing SQL injection attacks based on query optimization process
Proceedings of the Second Kuwait Conference on e-Services and e-Systems
Mitigating program security vulnerabilities: Approaches and challenges
ACM Computing Surveys (CSUR)
idMAS-SQL: Intrusion Detection Based on MAS to Detect and Block SQL injection through data mining
Information Sciences: an International Journal
SQL injection attacks with the AMPA suite
International Journal of Electronic Security and Digital Forensics
Hi-index | 0.01 |
Our research objective is to facilitate the identification of true input manipulation vulnerabilities via the combination of static analysis, runtime detection, and automatic testing. We propose an approach for SQL injection vulnerability detection, automated by a prototype tool SQLInjectionGen. We performed case studies on two small web applications for the evaluation of our approach compared to static analysis for identifying true SQL injection vulnerabilities. In our case study, SQLInjectionGen had no false positives, but had a small number of false negatives while the static analysis tool had a false positive for every vulnerability that was actually protected by a white or black list.