An algorithm for detecting SQL injection vulnerability using black-box testing

SQL Injection Attack (SQLIA) is one of the most severe attack that can be used against web database-driven applications. Attackers use SQLIA to obtain unauthorized access and perform unauthorized data modifications due to initial improper input validation by the web application developer. Various st...

Full description

Saved in:
Bibliographic Details
Published inJournal of ambient intelligence and humanized computing Vol. 11; no. 1; pp. 249 - 266
Main Authors Aliero, Muhammad Saidu, Ghani, Imran, Qureshi, Kashif Naseer, Rohani, Mohd Fo’ad
Format Journal Article
LanguageEnglish
Published Berlin/Heidelberg Springer Berlin Heidelberg 01.01.2020
Springer Nature B.V
Subjects
Algorithms
Applications programs
Artificial Intelligence
Black boxes
Computational Intelligence
Effectiveness
Engineering
Java
Original Research
Queries
Query languages
Robotics and Automation
Scanners
Semantics
Syntax
User Interfaces and Human Computer Interaction
Black box testing
SQL injection
SQL injection vulnerability
SQLI vulnerability scanner
SQL injection attack
Online AccessGet full text

Cover

Abstract SQL Injection Attack (SQLIA) is one of the most severe attack that can be used against web database-driven applications. Attackers use SQLIA to obtain unauthorized access and perform unauthorized data modifications due to initial improper input validation by the web application developer. Various studies have shown that, on average, 64% of web applications worldwide are vulnerable to SQLIA due to improper input. To mitigate the devastating problem of SQLIA, this research proposes an automatic black box testing for SQL Injection Vulnerability (SQLIV). This acts to automate an SQLIV assessment in SQLIA. In addition, recent studies have shown that there is a need for improving the effectiveness of existing SQLIVS in order to reduce the cost of manual inspection of vulnerabilities and the risk of being attacked due to inaccurate false negative and false positive results. This research focuses on improving the effectiveness of SQLIVS by proposing an object-oriented approach in its development in order to help and minimize the incidence of false positive and false negative results, as well as to provide room for improving a proposed scanner by potential researchers. To test and validate the accuracy of research work, three vulnerable web applications were developed. Each possesses a different type of vulnerabilities and an experimental evaluation was used to validate the proposed scanner. In addition, an analytical evaluation is used to compare the proposed scanner with the existing academic scanners. The result of the experimental analysis shows significant improvement by achieving high accuracy compared to existing studies. Similarly, the analytical evaluations showed that the proposed scanner is capable of analyzing attacked page response using four different techniques.
AbstractList SQL Injection Attack (SQLIA) is one of the most severe attack that can be used against web database-driven applications. Attackers use SQLIA to obtain unauthorized access and perform unauthorized data modifications due to initial improper input validation by the web application developer. Various studies have shown that, on average, 64% of web applications worldwide are vulnerable to SQLIA due to improper input. To mitigate the devastating problem of SQLIA, this research proposes an automatic black box testing for SQL Injection Vulnerability (SQLIV). This acts to automate an SQLIV assessment in SQLIA. In addition, recent studies have shown that there is a need for improving the effectiveness of existing SQLIVS in order to reduce the cost of manual inspection of vulnerabilities and the risk of being attacked due to inaccurate false negative and false positive results. This research focuses on improving the effectiveness of SQLIVS by proposing an object-oriented approach in its development in order to help and minimize the incidence of false positive and false negative results, as well as to provide room for improving a proposed scanner by potential researchers. To test and validate the accuracy of research work, three vulnerable web applications were developed. Each possesses a different type of vulnerabilities and an experimental evaluation was used to validate the proposed scanner. In addition, an analytical evaluation is used to compare the proposed scanner with the existing academic scanners. The result of the experimental analysis shows significant improvement by achieving high accuracy compared to existing studies. Similarly, the analytical evaluations showed that the proposed scanner is capable of analyzing attacked page response using four different techniques.
Author Aliero, Muhammad Saidu
Rohani, Mohd Fo’ad
Ghani, Imran
Qureshi, Kashif Naseer
Author_xml – sequence: 1
  givenname: Muhammad Saidu
  surname: Aliero
  fullname: Aliero, Muhammad Saidu
  organization: School of Information Technology, Monash University
– sequence: 2
  givenname: Imran
  surname: Ghani
  fullname: Ghani, Imran
  organization: Indiana University of Pennsylvania
– sequence: 3
  givenname: Kashif Naseer
  orcidid: 0000-0003-3045-8402
  surname: Qureshi
  fullname: Qureshi, Kashif Naseer
  email: kashifnq@gmail.com
  organization: Department of Computer Science, Bahria University
– sequence: 4
  givenname: Mohd Fo’ad
  surname: Rohani
  fullname: Rohani, Mohd Fo’ad
  organization: Faculty of Computing, Universiti Teknologi
BookMark eNp9kE1PAyEQhonRxFr7BzyReF6FZVng2DR-JY3GqGfCsmylbtkKrLH99bLWaOKhk0yGCe8zA-8JOHSdMwCcYXSBEWKXAeclzTOERcqc0Gx7AEaYlzyjuKCHv2fCjsEkhCVKQQTBGI_A_dRB1S46b-PrCjadh7WJRkfrFvDpcQ6tWw5d5-BH3zrjVWVbGzewD4OiapV-y6ruE0YTBuYUHDWqDWbyU8fg5frqeXabzR9u7mbTeaZJyWLGBK9oQWuW61KgmlVaC1HlBWNIIUqUrkUtsEgXnOSYVqjhjTEFa1RZNFwgMgbnu7lr3733abdcdr13aaXME1hQirlIKr5Tad-F4E0jtY1q-E30yrYSIzkYKHcGymSg_DZQbhOa_0PX3q6U3-yHyA4KSewWxv-9ag_1BUz1hac
CitedBy_id crossref_primary_10_1109_ACCESS_2023_3266385
crossref_primary_10_1108_JSIT_07_2021_0125
crossref_primary_10_1109_ACCESS_2022_3161522
crossref_primary_10_1016_j_comnet_2020_107647
crossref_primary_10_1016_j_comcom_2022_08_018
crossref_primary_10_2139_ssrn_4057341
crossref_primary_10_47836_pjst_31_3_07
crossref_primary_10_1007_s10207_023_00791_y
crossref_primary_10_1109_ACCESS_2021_3050566
crossref_primary_10_1007_s12652_020_02020_z
crossref_primary_10_1007_s42835_023_01541_9
crossref_primary_10_3390_s22051959
crossref_primary_10_1007_s00530_021_00771_z
crossref_primary_10_1080_19393555_2021_1995537
crossref_primary_10_1016_j_scs_2020_102343
crossref_primary_10_1080_15325008_2023_2246486
crossref_primary_10_1088_1757_899X_1098_3_032105
crossref_primary_10_2139_ssrn_3915404
crossref_primary_10_1007_s13198_023_01969_2
crossref_primary_10_1016_j_apenergy_2024_122851
crossref_primary_10_3390_joitmc7010017
crossref_primary_10_1002_cta_2964
crossref_primary_10_1007_s12652_021_03316_4
crossref_primary_10_3390_su14053009
crossref_primary_10_3390_app14166929
crossref_primary_10_1007_s11227_024_06678_6
crossref_primary_10_1002_cpe_5936
Cites_doi 10.1109/TSC.2014.2310221
10.1093/comjnl/bxm021
10.1109/SP.2010.27
10.1145/1135777.1135817
10.1145/1809100.1809107
10.1109/ISSRE.2012.26
10.1109/EBISS.2010.5473561
10.1109/ICSGRC.2014.6908694
10.1145/511446.511498
10.1145/1529282.1529737
10.1109/ITNG.2012.167
10.1109/ICWS.2010.76
10.1109/SCC.2011.67
10.1109/COMPSYM.2010.5685537
10.1109/ICoIA.2013.6650259
10.1007/s12652-016-0385-0
10.1007/s12652-010-0012-4
10.1109/WMNC.2017.8248850
10.1109/ICSEA.2010.85
10.1007/s12652-015-0308-5
10.1145/2610384.2610403
10.1109/LADC.2009.21
10.1145/988672.988679
10.1007/s12652-015-0269-8
10.1371/journal.pone.0117180
10.1145/2351676.2351733
10.1016/j.comnet.2005.01.003
ContentType Journal Article
Copyright Springer-Verlag GmbH Germany, part of Springer Nature 2019
Springer-Verlag GmbH Germany, part of Springer Nature 2019.
Copyright_xml – notice: Springer-Verlag GmbH Germany, part of Springer Nature 2019
– notice: Springer-Verlag GmbH Germany, part of Springer Nature 2019.
DBID AAYXX
CITATION
8FE
8FG
AFKRA
ARAPS
AZQEC
BENPR
BGLVJ
CCPQU
DWQXO
GNUQQ
HCIFZ
JQ2
K7-
P5Z
P62
PHGZM
PHGZT
PKEHL
PQEST
PQGLB
PQQKQ
PQUKI
DOI 10.1007/s12652-019-01235-z
DatabaseName CrossRef
ProQuest SciTech Collection
ProQuest Technology Collection
ProQuest Central UK/Ireland
Advanced Technologies & Aerospace Collection
ProQuest Central Essentials
ProQuest Central
Technology Collection
ProQuest One Community College
ProQuest Central Korea
ProQuest Central Student
ProQuest SciTech Premium Collection
ProQuest Computer Science Collection
Computer Science Database
Advanced Technologies & Aerospace Database
ProQuest Advanced Technologies & Aerospace Collection
ProQuest Central Premium
ProQuest One Academic
ProQuest One Academic Middle East (New)
ProQuest One Academic Eastern Edition (DO NOT USE)
ProQuest One Applied & Life Sciences
ProQuest One Academic
ProQuest One Academic UKI Edition
DatabaseTitle CrossRef
Advanced Technologies & Aerospace Collection
Computer Science Database
ProQuest Central Student
Technology Collection
ProQuest One Academic Middle East (New)
ProQuest Advanced Technologies & Aerospace Collection
ProQuest Central Essentials
ProQuest Computer Science Collection
ProQuest One Academic Eastern Edition
SciTech Premium Collection
ProQuest One Community College
ProQuest Technology Collection
ProQuest SciTech Collection
ProQuest Central
Advanced Technologies & Aerospace Database
ProQuest One Applied & Life Sciences
ProQuest One Academic UKI Edition
ProQuest Central Korea
ProQuest Central (New)
ProQuest One Academic
ProQuest One Academic (New)
DatabaseTitleList Advanced Technologies & Aerospace Collection
Database_xml – sequence: 1
  dbid: 8FG
  name: ProQuest Technology Collection
  url: https://search.proquest.com/technologycollection1
  sourceTypes: Aggregation Database
DeliveryMethod fulltext_linktorsrc
Discipline Engineering
EISSN 1868-5145
EndPage 266
ExternalDocumentID 10_1007_s12652_019_01235_z
GroupedDBID -EM
06D
0R~
0VY
1N0
203
29~
2JY
2VQ
30V
4.4
406
408
409
40D
96X
AACDK
AAHNG
AAIAL
AAJBT
AAJKR
AANZL
AARHV
AARTL
AASML
AATNV
AATVU
AAUYE
AAWCG
AAYIU
AAYQN
AAYTO
AAYZH
AAZMS
ABAKF
ABBXA
ABDZT
ABECU
ABFTV
ABHQN
ABJNI
ABJOX
ABKCH
ABMQK
ABQBU
ABSXP
ABTEG
ABTHY
ABTKH
ABTMW
ABULA
ABWNU
ABXPI
ACAOD
ACDTI
ACGFS
ACHSB
ACKNC
ACMLO
ACOKC
ACPIV
ACZOJ
ADHHG
ADHIR
ADINQ
ADKNI
ADKPE
ADRFC
ADTPH
ADURQ
ADYFF
ADZKW
AEBTG
AEFQL
AEGNC
AEJHL
AEJRE
AEMSY
AENEX
AEOHA
AEPYU
AESKC
AETCA
AEVLU
AEXYK
AFBBN
AFKRA
AFLOW
AFQWF
AFWTZ
AFZKB
AGAYW
AGDGC
AGJBK
AGMZJ
AGQEE
AGQMX
AGRTI
AGWZB
AGYKE
AHAVH
AHBYD
AHKAY
AHSBF
AHYZX
AIAKS
AIGIU
AIIXL
AILAN
AITGF
AJBLW
AJRNO
AJZVZ
AKLTO
ALFXC
ALMA_UNASSIGNED_HOLDINGS
AMKLP
AMXSW
AMYLF
AMYQR
ANMIH
ARAPS
AUKKA
AXYYD
AYJHY
BENPR
BGLVJ
BGNMA
BSONS
CCPQU
CSCUP
DNIVK
DPUIP
EBLON
EBS
EIOEI
EJD
ESBYG
F5P
FERAY
FFXSO
FIGPU
FINBP
FNLPD
FRRFC
FSGXE
FYJPI
GGCAI
GGRSB
GJIRD
GQ6
GQ7
GQ8
H13
HCIFZ
HF~
HG6
HMJXF
HQYDN
HRMNR
HZ~
I0C
IKXTQ
IWAJR
IXD
IZIGR
J-C
J0Z
JBSCW
JCJTX
JZLTJ
K7-
KOV
LLZTM
M4Y
NPVJJ
NQJWS
NU0
O9-
O93
O9J
P2P
P9P
PT4
QOS
R89
R9I
RLLFE
ROL
RSV
S1Z
S27
S3B
SEG
SHX
SISQX
SJYHP
SNE
SNPRN
SNX
SOHCF
SOJ
SPISZ
SRMVM
SSLCW
STPWE
T13
TSG
U2A
UG4
UOJIU
UTJUX
UZXMN
VFIZW
W48
WK8
Z45
Z5O
Z7R
Z7X
Z83
Z88
ZMTXR
~A9
AAYXX
ABBRH
ABDBE
ABFSG
ACSTC
ADKFA
AEZWR
AFDZB
AFHIU
AFOHR
AHPBZ
AHWEU
AIXLP
ATHPR
AYFIA
CITATION
PHGZM
PHGZT
8FE
8FG
ABRTQ
AZQEC
DWQXO
GNUQQ
JQ2
P62
PKEHL
PQEST
PQGLB
PQQKQ
PQUKI
ID FETCH-LOGICAL-c367t-798b545d72c690d7bcc99b24770a053acd9d919d7b83215b0f8fee47fa64f8903
IEDL.DBID U2A
ISSN 1868-5137
IngestDate Fri Jul 25 23:27:34 EDT 2025
Thu Apr 24 22:58:58 EDT 2025
Tue Jul 01 02:25:44 EDT 2025
Fri Feb 21 02:34:29 EST 2025
IsPeerReviewed true
IsScholarly true
Issue 1
Keywords Black box testing
SQL injection
SQL injection vulnerability
SQLI vulnerability scanner
SQL injection attack
Language English
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c367t-798b545d72c690d7bcc99b24770a053acd9d919d7b83215b0f8fee47fa64f8903
Notes ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ORCID 0000-0003-3045-8402
PQID 2919455189
PQPubID 2043913
PageCount 18
ParticipantIDs proquest_journals_2919455189
crossref_citationtrail_10_1007_s12652_019_01235_z
crossref_primary_10_1007_s12652_019_01235_z
springer_journals_10_1007_s12652_019_01235_z
ProviderPackageCode CITATION
AAYXX
PublicationCentury 2000
PublicationDate 20200100
2020-1-00
20200101
PublicationDateYYYYMMDD 2020-01-01
PublicationDate_xml – month: 1
  year: 2020
  text: 20200100
PublicationDecade 2020
PublicationPlace Berlin/Heidelberg
PublicationPlace_xml – name: Berlin/Heidelberg
– name: Heidelberg
PublicationTitle Journal of ambient intelligence and humanized computing
PublicationTitleAbbrev J Ambient Intell Human Comput
PublicationYear 2020
Publisher Springer Berlin Heidelberg
Springer Nature B.V
Publisher_xml – name: Springer Berlin Heidelberg
– name: Springer Nature B.V
References KirazMSA comprehensive meta-analysis of cryptographic security mechanisms for cloud computingJ Ambient Intell Hum Comput20167573176010.1007/s12652-016-0385-0
Agosta G, Barenghi A, Parata A, Pelosi G (2012) Automated security analysis of dynamic web applications through symbolic code execution. In: Information Technology: new generations (ITNG), 2012 ninth international conference on, IEEE
Nikto (2019) Nikto. https://sectools.org/tool/nikto/. Accessed 2019
OuchaniSLenziniGGenerating attacks in SysML activity diagrams by detecting attack surfacesJ Ambient Intell Hum Comput20156336137310.1007/s12652-015-0269-8
Antunes N, Vieira M (2011) Enhancing penetration testing with attack signatures and interface monitoring for the detection of injection vulnerabilities in web services. In: Services computing (SCC), 2011 IEEE international conference on, IEEE
Bau J, Bursztein E, Gupta D, Mitchell J (2010) State of the art: automated black-box web application vulnerability testing. In: Security and privacy (SP), 2010 IEEE symposium on, IEEE
Zhang X-h, Wang Z-j (2010) Notice of retraction a static analysis tool for detecting web application injection vulnerabilities for asp program. In: e-Business and information system security (EBISS), 2010 2nd international conference on, IEEE
Liban A, Hilles SM (2014) Enhancing Mysql Injector vulnerability checker tool (Mysql Injector) using inference binary search algorithm for blind timing-based attack. In: Control and system graduate research Colloquium (ICSGRC), 2014 IEEE 5th, IEEE
Qureshi KN, Bashir F, Abdullah AH (2017a) Real time traffic density aware road based forwarding method for vehicular ad hoc networks. In: Wireless and mobile networking conference (WMNC), 2017 10th IFIP, IEEE
Antunes N, Vieira M (2012) Evaluating and improving penetration testing in web services. In: Software reliability engineering (ISSRE), 2012 IEEE 23rd international symposium on, IEEE
AntunesNVieiraMAssessing and comparing vulnerability detection tools for web services: Benchmarking approach and examplesIEEE Trans Serv Comput20158226928310.1109/TSC.2014.2310221
Liu A, Yuan Y, Wijesekera D, Stavrou A (2009) SQLProb: a proxy-based architecture towards preventing SQL injection attacks. In: Proceedings of the 2009 ACM symposium on applied computing, ACM
Vega Subgraph (2019) https://subgraph.com/vega/. Accessed 2019
Hassan M, Sarker K, Biswas S, Sharif M (2017) Detection of Wordpress content injection vulnerability. arXiv:1711.02447
LanginCRahimiSSoft computing in intrusion detection: the state of the artJ Ambient Intell Hum Comput20101213314510.1007/s12652-010-0012-4
YangQLiJJWeissDMA survey of coverage-based testing toolsComput J200952558959710.1093/comjnl/bxm021
Antunes N, Vieira M (2009) Detecting SQL injection vulnerabilities in web services. In: Dependable computing, 2009. LADC’09. Fourth Latin-American symposium on, IEEE
AlieroMSGhaniIZainuddenSKhanMMBelloMReview on SQL injection protection methods and toolsJurnal Teknologi201577134966
PlantevinVBouzouaneABouchardBGabourySTowards a more reliable and scalable architecture for smart home environmentsJ Ambient Intell Hum Comput20182018112
Kumar P, Pateriya R (2013) DWVP: detection of web application vulnerabilities using parameters of web form. In; Proceedings of joint international conferences on CIIT
ChoY-CPanJ-YDesign and implementation of website information disclosure assessment systemPloS One2015103e011718010.1371/journal.pone.0117180
QureshiKNAbdullahAHKaiwartyaOIqbalSButtRABashirFA dynamic congestion control scheme for safety applications in vehicular ad hoc networksComput Electr Eng201772774788
Livshits VB, Lam MS (2005) Finding security vulnerabilities in java applications with static analysis. In: USENIX security symposium
Acunetix (2013) Accunetix vulnerability scanner
Djuric Z (2013) A black-box testing tool for detecting SQL injection vulnerabilities. In: Informatics and applications (ICIA), 2013 second international conference on, IEEE
TillmannNDe HalleuxJPex–white box test generation for. net. International conference on tests and proofs2008BerlinSpringer
IBM (2013) IBM web application scanner
Chen J-M, Wu C-L (2010) An automated vulnerability scanner for injection attack based on injection point. In: Computer symposium (ICS), 2010 international, IEEE
Ciampa A, Visaggio CA, Di Penta M (2010) A heuristic-based approach for detecting SQL-injection vulnerabilities in Web applications. In: Proceedings of the 2010 ICSE workshop on software engineering for secure systems, ACM
HuangY-WTsaiC-HLinT-PHuangS-KLeeDKuoS-YA testing framework for Web application security assessmentComput Netw200548573976110.1016/j.comnet.2005.01.003
QureshiKNAbdullahAHLocalization-based system challenges in vehicular ad hoc networks: surveySmartCR201446515528
Shar LK, Tan HBK (2012) Predicting common web application vulnerabilities from input validation and sanitization code patterns. In: Automated software engineering (ASE), 2012 proceedings of the 27th IEEE/ACM international conference on, IEEE
Van Rijsbergen C (1979) Information retrieval. Dept. of computer science, University of Glasgow. citeseer.ist.psu.edu/vanrijsbergen79information.html. Accessed 2019
ShakhatrehAYISQL-injection vulnerability scanner using automatic creation of SQL-injection attacks (MySqlinjector)2010ChanglunUniversiti Utara Malaysia
Web Application Security Consortium (2019) http://www.webappsec.org. Accessed 2019
Antunes N, Vieira M (2010) Benchmarking vulnerability detection tools for web services. In: Web services (ICWS), 2010 IEEE international conference on, IEEE
Wapiti (2019) http://wapiti.sourceforge.net/. Accessed 2019
Shin Y, Williams L, Xie T (2006) Sqlunitgen: Sql injection testing using static and dynamic analysis. In: Supplemental proc. 17th IEEE international conference on software reliability engineering
Singh AK, Roy S (2012) A network based vulnerability scanner for detecting sqli attacks in web applications. In: Recent advances in information technology (RAIT), 2012 1st international conference on, IEEE
Zhang L, Gu Q, Peng S, Chen X, Zhao H, Chen D (2010) D-WAV: a web application vulnerabilities detection tool using Characteristics of Web Forms. In: Software engineering advances (ICSEA), 2010 fifth international conference on, IEEE
Huang Y-W, Yu F, Hang C, Tsai C-H, Lee D-T, Kuo S-Y (2004) Securing web application code by static analysis and runtime protection. In: Proceedings of the 13th international conference on World Wide Web, ACM
Imperva (2014) Web application attack report #5
Michael C (2005) Black box security testing tools
Scott D, Sharp R (2002) Abstracting application-level web security. In: Proceedings of the 11th international conference on World Wide Web, ACM
Appelt D, Nguyen CD, Briand LC, Alshahwan N (2014) Automated testing for SQL injection vulnerabilities: an input mutation approach. In: Proceedings of the 2014 international symposium on software testing and analysis, ACM
Zap by Open web application security project(OWASP) (2019) https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project. Accessed 2019
CheonEHHuangZLeeYSPreventing SQL injection attack based on machine learningInt J Adv Comput Technol201359967974
AlShahwanFFaisalMAnsaGSecurity framework for RESTful mobile cloud computing Web servicesJ Ambient Intell Hum Comput20167564965910.1007/s12652-015-0308-5
Kals S, Kirda E, Kruegel C, Jovanovic N (2006) Secubat: a web vulnerability scanner. In: Proceedings of the 15th international conference on World Wide Web, ACM
1235_CR8
1235_CR7
1235_CR6
1235_CR5
1235_CR2
1235_CR1
AYI Shakhatreh (1235_CR37) 2010
1235_CR49
1235_CR45
1235_CR48
V Plantevin (1235_CR32) 2018; 2018
1235_CR47
1235_CR42
1235_CR44
1235_CR43
1235_CR40
MS Kiraz (1235_CR23) 2016; 7
Y-C Cho (1235_CR14) 2015; 10
Q Yang (1235_CR46) 2009; 52
Y-W Huang (1235_CR19) 2005; 48
1235_CR39
1235_CR38
1235_CR34
1235_CR36
1235_CR30
N Tillmann (1235_CR41) 2008
MS Aliero (1235_CR3) 2015; 77
1235_CR28
C Langin (1235_CR25) 2010; 1
1235_CR27
EH Cheon (1235_CR13) 2013; 5
1235_CR29
1235_CR24
1235_CR26
1235_CR20
N Antunes (1235_CR9) 2015; 8
1235_CR22
1235_CR21
S Ouchani (1235_CR31) 2015; 6
F AlShahwan (1235_CR4) 2016; 7
1235_CR17
1235_CR16
1235_CR18
1235_CR12
1235_CR15
KN Qureshi (1235_CR33) 2014; 4
KN Qureshi (1235_CR35) 2017; 72
1235_CR11
1235_CR10
References_xml – reference: Kumar P, Pateriya R (2013) DWVP: detection of web application vulnerabilities using parameters of web form. In; Proceedings of joint international conferences on CIIT
– reference: Shin Y, Williams L, Xie T (2006) Sqlunitgen: Sql injection testing using static and dynamic analysis. In: Supplemental proc. 17th IEEE international conference on software reliability engineering
– reference: OuchaniSLenziniGGenerating attacks in SysML activity diagrams by detecting attack surfacesJ Ambient Intell Hum Comput20156336137310.1007/s12652-015-0269-8
– reference: Hassan M, Sarker K, Biswas S, Sharif M (2017) Detection of Wordpress content injection vulnerability. arXiv:1711.02447
– reference: Imperva (2014) Web application attack report #5
– reference: Web Application Security Consortium (2019) http://www.webappsec.org. Accessed 2019
– reference: Zap by Open web application security project(OWASP) (2019) https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project. Accessed 2019
– reference: Scott D, Sharp R (2002) Abstracting application-level web security. In: Proceedings of the 11th international conference on World Wide Web, ACM
– reference: Zhang L, Gu Q, Peng S, Chen X, Zhao H, Chen D (2010) D-WAV: a web application vulnerabilities detection tool using Characteristics of Web Forms. In: Software engineering advances (ICSEA), 2010 fifth international conference on, IEEE
– reference: Bau J, Bursztein E, Gupta D, Mitchell J (2010) State of the art: automated black-box web application vulnerability testing. In: Security and privacy (SP), 2010 IEEE symposium on, IEEE
– reference: AlieroMSGhaniIZainuddenSKhanMMBelloMReview on SQL injection protection methods and toolsJurnal Teknologi201577134966
– reference: Liban A, Hilles SM (2014) Enhancing Mysql Injector vulnerability checker tool (Mysql Injector) using inference binary search algorithm for blind timing-based attack. In: Control and system graduate research Colloquium (ICSGRC), 2014 IEEE 5th, IEEE
– reference: PlantevinVBouzouaneABouchardBGabourySTowards a more reliable and scalable architecture for smart home environmentsJ Ambient Intell Hum Comput20182018112
– reference: CheonEHHuangZLeeYSPreventing SQL injection attack based on machine learningInt J Adv Comput Technol201359967974
– reference: KirazMSA comprehensive meta-analysis of cryptographic security mechanisms for cloud computingJ Ambient Intell Hum Comput20167573176010.1007/s12652-016-0385-0
– reference: Antunes N, Vieira M (2011) Enhancing penetration testing with attack signatures and interface monitoring for the detection of injection vulnerabilities in web services. In: Services computing (SCC), 2011 IEEE international conference on, IEEE
– reference: QureshiKNAbdullahAHKaiwartyaOIqbalSButtRABashirFA dynamic congestion control scheme for safety applications in vehicular ad hoc networksComput Electr Eng201772774788
– reference: QureshiKNAbdullahAHLocalization-based system challenges in vehicular ad hoc networks: surveySmartCR201446515528
– reference: Antunes N, Vieira M (2012) Evaluating and improving penetration testing in web services. In: Software reliability engineering (ISSRE), 2012 IEEE 23rd international symposium on, IEEE
– reference: Appelt D, Nguyen CD, Briand LC, Alshahwan N (2014) Automated testing for SQL injection vulnerabilities: an input mutation approach. In: Proceedings of the 2014 international symposium on software testing and analysis, ACM
– reference: Agosta G, Barenghi A, Parata A, Pelosi G (2012) Automated security analysis of dynamic web applications through symbolic code execution. In: Information Technology: new generations (ITNG), 2012 ninth international conference on, IEEE
– reference: Wapiti (2019) http://wapiti.sourceforge.net/. Accessed 2019
– reference: Nikto (2019) Nikto. https://sectools.org/tool/nikto/. Accessed 2019
– reference: Shar LK, Tan HBK (2012) Predicting common web application vulnerabilities from input validation and sanitization code patterns. In: Automated software engineering (ASE), 2012 proceedings of the 27th IEEE/ACM international conference on, IEEE
– reference: LanginCRahimiSSoft computing in intrusion detection: the state of the artJ Ambient Intell Hum Comput20101213314510.1007/s12652-010-0012-4
– reference: Vega Subgraph (2019) https://subgraph.com/vega/. Accessed 2019
– reference: TillmannNDe HalleuxJPex–white box test generation for. net. International conference on tests and proofs2008BerlinSpringer
– reference: YangQLiJJWeissDMA survey of coverage-based testing toolsComput J200952558959710.1093/comjnl/bxm021
– reference: HuangY-WTsaiC-HLinT-PHuangS-KLeeDKuoS-YA testing framework for Web application security assessmentComput Netw200548573976110.1016/j.comnet.2005.01.003
– reference: Singh AK, Roy S (2012) A network based vulnerability scanner for detecting sqli attacks in web applications. In: Recent advances in information technology (RAIT), 2012 1st international conference on, IEEE
– reference: Antunes N, Vieira M (2010) Benchmarking vulnerability detection tools for web services. In: Web services (ICWS), 2010 IEEE international conference on, IEEE
– reference: Chen J-M, Wu C-L (2010) An automated vulnerability scanner for injection attack based on injection point. In: Computer symposium (ICS), 2010 international, IEEE
– reference: Van Rijsbergen C (1979) Information retrieval. Dept. of computer science, University of Glasgow. citeseer.ist.psu.edu/vanrijsbergen79information.html. Accessed 2019
– reference: AlShahwanFFaisalMAnsaGSecurity framework for RESTful mobile cloud computing Web servicesJ Ambient Intell Hum Comput20167564965910.1007/s12652-015-0308-5
– reference: AntunesNVieiraMAssessing and comparing vulnerability detection tools for web services: Benchmarking approach and examplesIEEE Trans Serv Comput20158226928310.1109/TSC.2014.2310221
– reference: Acunetix (2013) Accunetix vulnerability scanner
– reference: Huang Y-W, Yu F, Hang C, Tsai C-H, Lee D-T, Kuo S-Y (2004) Securing web application code by static analysis and runtime protection. In: Proceedings of the 13th international conference on World Wide Web, ACM
– reference: Kals S, Kirda E, Kruegel C, Jovanovic N (2006) Secubat: a web vulnerability scanner. In: Proceedings of the 15th international conference on World Wide Web, ACM
– reference: Michael C (2005) Black box security testing tools
– reference: ChoY-CPanJ-YDesign and implementation of website information disclosure assessment systemPloS One2015103e011718010.1371/journal.pone.0117180
– reference: Qureshi KN, Bashir F, Abdullah AH (2017a) Real time traffic density aware road based forwarding method for vehicular ad hoc networks. In: Wireless and mobile networking conference (WMNC), 2017 10th IFIP, IEEE
– reference: Liu A, Yuan Y, Wijesekera D, Stavrou A (2009) SQLProb: a proxy-based architecture towards preventing SQL injection attacks. In: Proceedings of the 2009 ACM symposium on applied computing, ACM
– reference: Livshits VB, Lam MS (2005) Finding security vulnerabilities in java applications with static analysis. In: USENIX security symposium
– reference: Djuric Z (2013) A black-box testing tool for detecting SQL injection vulnerabilities. In: Informatics and applications (ICIA), 2013 second international conference on, IEEE
– reference: Zhang X-h, Wang Z-j (2010) Notice of retraction a static analysis tool for detecting web application injection vulnerabilities for asp program. In: e-Business and information system security (EBISS), 2010 2nd international conference on, IEEE
– reference: Antunes N, Vieira M (2009) Detecting SQL injection vulnerabilities in web services. In: Dependable computing, 2009. LADC’09. Fourth Latin-American symposium on, IEEE
– reference: ShakhatrehAYISQL-injection vulnerability scanner using automatic creation of SQL-injection attacks (MySqlinjector)2010ChanglunUniversiti Utara Malaysia
– reference: IBM (2013) IBM web application scanner
– reference: Ciampa A, Visaggio CA, Di Penta M (2010) A heuristic-based approach for detecting SQL-injection vulnerabilities in Web applications. In: Proceedings of the 2010 ICSE workshop on software engineering for secure systems, ACM
– volume: 8
  start-page: 269
  issue: 2
  year: 2015
  ident: 1235_CR9
  publication-title: IEEE Trans Serv Comput
  doi: 10.1109/TSC.2014.2310221
– ident: 1235_CR17
– ident: 1235_CR42
– volume: 52
  start-page: 589
  issue: 5
  year: 2009
  ident: 1235_CR46
  publication-title: Comput J
  doi: 10.1093/comjnl/bxm021
– ident: 1235_CR11
  doi: 10.1109/SP.2010.27
– ident: 1235_CR22
  doi: 10.1145/1135777.1135817
– ident: 1235_CR15
  doi: 10.1145/1809100.1809107
– volume: 72
  start-page: 774788
  year: 2017
  ident: 1235_CR35
  publication-title: Comput Electr Eng
– ident: 1235_CR8
  doi: 10.1109/ISSRE.2012.26
– ident: 1235_CR48
  doi: 10.1109/EBISS.2010.5473561
– ident: 1235_CR26
  doi: 10.1109/ICSGRC.2014.6908694
– volume: 2018
  start-page: 1
  year: 2018
  ident: 1235_CR32
  publication-title: J Ambient Intell Hum Comput
– ident: 1235_CR47
– ident: 1235_CR36
  doi: 10.1145/511446.511498
– ident: 1235_CR27
  doi: 10.1145/1529282.1529737
– volume-title: Pex–white box test generation for. net. International conference on tests and proofs
  year: 2008
  ident: 1235_CR41
– ident: 1235_CR2
  doi: 10.1109/ITNG.2012.167
– volume: 77
  start-page: 49
  issue: 13
  year: 2015
  ident: 1235_CR3
  publication-title: Jurnal Teknologi
– ident: 1235_CR6
  doi: 10.1109/ICWS.2010.76
– ident: 1235_CR43
– ident: 1235_CR7
  doi: 10.1109/SCC.2011.67
– ident: 1235_CR40
– volume-title: SQL-injection vulnerability scanner using automatic creation of SQL-injection attacks (MySqlinjector)
  year: 2010
  ident: 1235_CR37
– ident: 1235_CR12
  doi: 10.1109/COMPSYM.2010.5685537
– volume: 5
  start-page: 967
  issue: 9
  year: 2013
  ident: 1235_CR13
  publication-title: Int J Adv Comput Technol
– ident: 1235_CR30
– ident: 1235_CR16
  doi: 10.1109/ICoIA.2013.6650259
– volume: 7
  start-page: 731
  issue: 5
  year: 2016
  ident: 1235_CR23
  publication-title: J Ambient Intell Hum Comput
  doi: 10.1007/s12652-016-0385-0
– ident: 1235_CR1
– volume: 1
  start-page: 133
  issue: 2
  year: 2010
  ident: 1235_CR25
  publication-title: J Ambient Intell Hum Comput
  doi: 10.1007/s12652-010-0012-4
– ident: 1235_CR34
  doi: 10.1109/WMNC.2017.8248850
– ident: 1235_CR29
– ident: 1235_CR21
– ident: 1235_CR49
  doi: 10.1109/ICSEA.2010.85
– volume: 7
  start-page: 649
  issue: 5
  year: 2016
  ident: 1235_CR4
  publication-title: J Ambient Intell Hum Comput
  doi: 10.1007/s12652-015-0308-5
– ident: 1235_CR44
– ident: 1235_CR10
  doi: 10.1145/2610384.2610403
– ident: 1235_CR39
– volume: 4
  start-page: 515
  issue: 6
  year: 2014
  ident: 1235_CR33
  publication-title: SmartCR
– ident: 1235_CR5
  doi: 10.1109/LADC.2009.21
– ident: 1235_CR18
  doi: 10.1145/988672.988679
– volume: 6
  start-page: 361
  issue: 3
  year: 2015
  ident: 1235_CR31
  publication-title: J Ambient Intell Hum Comput
  doi: 10.1007/s12652-015-0269-8
– volume: 10
  start-page: e0117180
  issue: 3
  year: 2015
  ident: 1235_CR14
  publication-title: PloS One
  doi: 10.1371/journal.pone.0117180
– ident: 1235_CR28
– ident: 1235_CR45
– ident: 1235_CR24
– ident: 1235_CR20
– ident: 1235_CR38
  doi: 10.1145/2351676.2351733
– volume: 48
  start-page: 739
  issue: 5
  year: 2005
  ident: 1235_CR19
  publication-title: Comput Netw
  doi: 10.1016/j.comnet.2005.01.003
SSID ssj0000393111
Score 2.3283582
Snippet SQL Injection Attack (SQLIA) is one of the most severe attack that can be used against web database-driven applications. Attackers use SQLIA to obtain...
SourceID proquest
crossref
springer
SourceType Aggregation Database
Enrichment Source
Index Database
Publisher
StartPage 249
SubjectTerms Algorithms
Applications programs
Artificial Intelligence
Black boxes
Computational Intelligence
Effectiveness
Engineering
Java
Original Research
Queries
Query languages
Robotics and Automation
Scanners
Semantics
Syntax
User Interfaces and Human Computer Interaction
SummonAdditionalLinks – databaseName: ProQuest Central
  dbid: BENPR
  link: http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwfV3PS8MwFA66XbyIouJ0Sg7eNLimbdKcZMrGEBn-GngrzY9OZXbTdaL7683r0hUFd04byntN8t7L974PoRNoQdOpMURLykmQeoYIahgxTLIoTAKQTgO0RZ_1BsH1U_jkCm5TB6ss98Rio9ZjBTXycypsug30YeJi8k5ANQpuV52Exjqq2y04imqoftnp394vqyzQeeoVIrxAC09Cz-euc2bRP0dZCMgEgAxRPyTz36dTFXL-uSUtDp_uFtp0USNuL9y8jdZMtoP67Qwno6H9yPz5DdvgE2sDVwJ2Bvxwd4NfstcCZ5Xhz9kIyKULHOw3Bqj7EEuo3BE5_sI5EG1kw1006HYer3rEySMQ5TOeEy4iaeMfzamyKa7mUikhJA04byV2aSVKC22NZgdAjSiUrTSyTgl4mrAgjUTL30O1bJyZfYR1JIUdt7lbwgPJUun79jGqvEgnoQ55A3mlWWLluMNBwmIUV6zHYMrYmjIuTBnPG-h0-c5kwZyx8ulmae3YraJpXPm8gc5KD1TD_892sHq2Q7RBIW0uKilNVMs_ZubIxha5PHY_0A_Mocqh
  priority: 102
  providerName: ProQuest
Title An algorithm for detecting SQL injection vulnerability using black-box testing
URI https://link.springer.com/article/10.1007/s12652-019-01235-z
https://www.proquest.com/docview/2919455189
Volume 11
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LT8MwDLZ4XOCAeIrxmHLgBpHWtGmaY0EbCNDEaxKcqqZJB2h0iHUI9uuJS0sBARKnHuxGlZM0tvP5M8AOlqDp1BiqFRPUSx1DJTM-Nb7yAx572DoN0RZd_6jnHV_z67IobFSh3asryeJPXRe7MZ8jjADxPczldDINs9zG7gjk6rHwI7OC1aZO0XgXqeApd1xRVsv8PMzXE6l2M7_djBYHTmcRFkpPkYTvU7sEUyZbhvlP_IEr0A0zEg_6Qxvg3z4Q634SbfBSwArJ5fkpucvuC6RVRp7HA6SXLpCwrwTB7n2iMHdH1fCF5Ei1kfVXoddpXx0c0bJBAk1cX-RUyEBZD0gLltggVwuVJFIq5gnRiu3mihMttXSkFWA_Iq5aaWCnxRNp7HtpIFvuGsxkw8ysA9GBklZuo7dYeMpPletaNZY4gY655qIBTmWkKCnZw7GJxSCqeY_RsJE1bFQYNpo0YPfjncd37ow_tbcq20flPhpFzH6-h6RxsgF71XzU4t9H2_if-ibMMQyki9zKFszkT2Ozbb2NXDVhOugcNmE2PLw5advnfrt7dtEsltwbSG3PMQ
linkProvider Springer Nature
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV1Lb9NAEB6FcIBLVQSo6QP2QE9l1Xj9WO8BVREQUhIiIRopN9frXaeg4ATiFJIf1d_YGcdOBFJzy3nXY3l2vDszO_N9AG-oBc2k1nKjheRe6liuhA24DXQQ-rFH1GlUbdEPOgPv89Af1uCu6oWhsspqTyw2ajNJKEd-LhSG2wQfpi6mvzixRtHtakWhsTKLrl38wZBt9u7yA67vqRDtj1fvO7xkFeCJG8icSxVqdBuMFAlGhkbqJFFKC0_KZowWGSdGGXwXDhCJj6-baYjf4sk0Drw0VE0X5T6Cx56LJzl1prc_rXM61OfqFJS_BELPfceVZZ_OqltPBD7VQVCBknB9vvz3LNw4uP_dyRZHXXsf9koflbVWRvUMajZ7Dv1WxuLxCFWS3_xk6OoyY-kCAiWwb1977Hv2o6jqytjtfExQ1kXV7YJRYf2IacoTcj35y3KC9chGL2CwE7W9hHo2yewBMBNqheMYKcbS00GqXRenicQJTewbXzbAqdQSJSVSORFmjKMNxjKpMkJVRoUqo2UDztbPTFc4HVtnH1fajsp_dhZtLKwBb6sV2Aw_LO1wu7TX8KRz9aUX9S773SN4KihgL3I4x1DPf8_tCXo1uX5VmBKD613b7j302wXg
linkToPdf http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3fS8MwEA46QfRB_InTqXnwTcPWNG2ax6GOqWMoOthbaJp0KrMb2onurzfXdesUFXy-ayiXhNwl3_cdQsdAQdOxMUQrygmLHUMENT4xvvIDL2TQOg3QFm2_2WFXXa87x-LP0O7TJ8kJpwFUmpK0OtRxtSC-Ud8DSAFgfajrkfEiWmLABrYrukPrs1sWYJ46WRNekIUnnuPynDnz8zBfT6ci5fz2SpodPo11tJZnjbg-meYNtGCSTbQ6pyW4hdr1BIf93sAW-w_P2KaiWBt4ILBGfHfbwo_JU4a6SvDbqA9S0xkq9gMD8L2HFdzjETV4xynIbiS9bdRpXNyfNUneLIFErs9TwkWgbDakOY1swau5iiIhFGWc10K70cJICy0cYQ3Qm8hTtTiwU8R4HPosDkTN3UGlZJCYXYR1oIS120ou5Ez5sXJd60YjJ9Chpz1eRs40SDLKlcShoUVfFhrIEFhpAyuzwMpxGZ3MvhlOdDT-9K5MYy_zPfUqqf19BgJyooxOp_NRmH8fbe9_7kdo-ea8IVuX7et9tEKhvs6uXCqolL6MzIFNQlJ1mK2zT3Bi0kM
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=An+algorithm+for+detecting+SQL+injection+vulnerability+using+black-box+testing&rft.jtitle=Journal+of+ambient+intelligence+and+humanized+computing&rft.au=Aliero%2C+Muhammad+Saidu&rft.au=Ghani%2C+Imran&rft.au=Qureshi%2C+Kashif+Naseer&rft.au=Rohani%2C+Mohd+Fo%E2%80%99ad&rft.date=2020-01-01&rft.pub=Springer+Berlin+Heidelberg&rft.issn=1868-5137&rft.eissn=1868-5145&rft.volume=11&rft.issue=1&rft.spage=249&rft.epage=266&rft_id=info:doi/10.1007%2Fs12652-019-01235-z&rft.externalDocID=10_1007_s12652_019_01235_z
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1868-5137&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1868-5137&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1868-5137&client=summon