A Rejection-Based Approach for Detecting SQL Injection Vulnerabilities in Web Applications | SpringerLink
Skip to main content
Springer Nature Link
Log in

A Rejection-Based Approach for Detecting SQL Injection Vulnerabilities in Web Applications

  • Conference paper
  • First Online:
Foundations and Practice of Security (FPS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12056))

Included in the following conference series:

Abstract

According to OWASP top10 Application Security Risks [8, 9] SQL injection (SQLi) remains the most dangerous and most commonly exploited vulnerability in web applications. Thus, a lot of attentions are devoted by the scientific community for the development of SQLi verification tools. In this paper we focus on the development of an efficient, black box, SQLi vulnerability scanner to achieve an accurate detection. Our new approach is based on the use of structural similarity between rejection pages and their corresponding injection pages. A software prototype has been implemented and showed promising results as compared to well-known web application scanners.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 5719
Price includes VAT (Japan)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 7149
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Acunetix: Acunetix scanner. https://www.acunetix.com/vulnerability-scanner. Accessed 21 June 2019

  2. Acunetix-acuart: testphp. http://testphp.vulnweb.com. Accessed 21 June 2019

  3. Aliero, M.S., Ghani, I., Qureshi, K.N., Rohani, M.F.: An algorithm for detecting SQL injection vulnerability using black-box testing. J. Ambient Intell. Humaniz. Comput. 11(1), 249–266 (2019). https://doi.org/10.1007/s12652-019-01235-z

    Article  Google Scholar 

  4. Djuric, Z.: A black-box testing tool for detecting SQL injection vulnerabilities. In: Second International Conference on Informatics Applications (ICIA), pp. 216–221, September 2013. https://doi.org/10.1109/ICoIA.2013.6650259

  5. GitHub: SQLi scanner. https://github.com/lalia-dz/SQLiScanner. Accessed 22 Oct 2019

  6. GitHub: XVWA. https://github.com/s4n7h0/xvwa. Accessed 26 Oct 2019

  7. HackThisSite. https://www.hackthissite.org/missions/realistic. Accessed 21 June 2019

  8. OWASP: OWASP\_Top10\_2017. https://www.owasp.org/index.php/Top_10-2017_Top_10. Accessed 21 June 2019

  9. OWASP: Top\_10\_2013. https://www.owasp.org/index.php/Top_10_2013-Top_10. Accessed 21 June 2019

  10. OWASP: ZAP scanner. https://www.zaproxy.org

  11. W3af: w3af framework. http://w3af.org. Accessed 21 June 2019

Download references

Author information

Authors and Affiliations

  1. Mohamed Boudiaf University, Msila, Algeria

    Lalia Saoudi & Younes Boudraa

  2. Université du Québec en Outaouais, Gatineau, Canada

    Kamel Adi

Authors
  1. Lalia Saoudi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kamel Adi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Younes Boudraa
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lalia Saoudi .

Editor information

Editors and Affiliations

  1. Université Paul Sabatier (CNRS IRIT), Toulouse, France

    Abdelmalek Benzekri

  2. Carleton University, Ottawa, ON, Canada

    Michel Barbeau

  3. University of Waterloo, Waterloo, ON, Canada

    Guang Gong

  4. Université Paul Sabatier (CNRS IRIT), Toulouse, France

    Romain Laborde

  5. Telecom SudParis, IMT, Palaiseau, France

    Joaquin Garcia-Alfaro

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Saoudi, L., Adi, K., Boudraa, Y. (2020). A Rejection-Based Approach for Detecting SQL Injection Vulnerabilities in Web Applications. In: Benzekri, A., Barbeau, M., Gong, G., Laborde, R., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2019. Lecture Notes in Computer Science(), vol 12056. Springer, Cham. https://doi.org/10.1007/978-3-030-45371-8_26

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-45371-8_26

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-45370-1

  • Online ISBN: 978-3-030-45371-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation