@inproceedings{f9b9e591e7b9486ca003711dba25ca14,
title = "Search-based SQL injection attacks testing using genetic programming",
abstract = "Software testing is a key phase of many development methodologies as it provides a natural opportunity for integrating security early in the software development lifecycle. However despite the known importance of software testing, this phase is often overlooked as it is quite difficult and labour-intensive to obtain test datasets to effectively test an application. This lack of adequate automatic software testing renders software applications vulnerable to malicious attacks after they are deployed as detected software vulnerabilities start having an impact during the production phase. Among such attacks are SQL injection attacks. Exploitation of SQL injection vulnerabilities by malicious programs could result in severe consequences such as breaches of confidentiality and false authentication. We present in this paper a search-based software testing technique to detect SQL injection vulnerabilities in software applications. This approach uses genetic programming as a means of generating our test datasets, which are then used to test applications for SQL injection-based vulnerabilities.",
keywords = "Genetic Programming, Search-Based Testing, SQL Injections",
author = "Aziz, {Benjamin Yowell Yousif} and Mohamed Bader-El-Den and Cerana Hippolyte",
year = "2016",
month = apr,
doi = "10.1007/978-3-319-30668-1_12",
language = "English",
isbn = "978-3-319-30667-4",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "183--198",
editor = "Heywood, {Malcom I.} and James McDermott and Mauro Castelli and Ernesto Costa and Kevin Sim",
booktitle = "Proceedings of the 19th European conference on genetic programming (EuroGP 2016)",
note = "19th European Conference on Genetic Programming ; Conference date: 30-03-2016 Through 01-04-2016",
}