Search-based SQL injection attacks testing using genetic programming

Research output: Chapter in Book/Report/Conference proceedingConference contribution

215 Downloads (Pure)

Abstract

Software testing is a key phase of many development methodologies as it provides a natural opportunity for integrating security early in the software development lifecycle. However despite the known importance of software testing, this phase is often overlooked as it is quite difficult and labour-intensive to obtain test datasets to effectively test an application. This lack of adequate automatic software testing renders software applications vulnerable to malicious attacks after they are deployed as detected software vulnerabilities start having an impact during the production phase. Among such attacks are SQL injection attacks. Exploitation of SQL injection vulnerabilities by malicious programs could result in severe consequences such as breaches of confidentiality and false authentication. We present in this paper a search-based software testing technique to detect SQL injection vulnerabilities in software applications. This approach uses genetic programming as a means of generating our test datasets, which are then used to test applications for SQL injection-based vulnerabilities.
Original languageEnglish
Title of host publicationProceedings of the 19th European conference on genetic programming (EuroGP 2016)
EditorsMalcom I. Heywood, James McDermott, Mauro Castelli, Ernesto Costa, Kevin Sim
PublisherSpringer
Pages183-198
ISBN (Electronic)978-3-319-30668-1
ISBN (Print)978-3-319-30667-4
DOIs
Publication statusPublished - Apr 2016
Event19th European Conference on Genetic Programming - Porto, Portugal
Duration: 30 Mar 20161 Apr 2016

Publication series

NameLecture Notes in Computer Science
Volume9594
ISSN (Print)0302-9743

Conference

Conference19th European Conference on Genetic Programming
Country/TerritoryPortugal
CityPorto
Period30/03/161/04/16

Keywords

  • Genetic Programming
  • Search-Based Testing
  • SQL Injections

Fingerprint

Dive into the research topics of 'Search-based SQL injection attacks testing using genetic programming'. Together they form a unique fingerprint.

Cite this