Assessing the impact of firewalls and database proxies on SQL injection testing

Dennis Appelt, Nadia Alshahwan, Lionel Briand

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

This paper examines the effects and potential benefits of utilising Web Application Firewalls (WAFs) and database proxies in SQL injection testing of web applications and services. We propose testing the WAF itself to refine and evaluate its security rules and prioritise fixing vulnerabilities that are not protected by the WAF. We also propose using database proxies as oracles for black-box security testing instead of relying only on the output of the application under test. The paper also presents a case study of our proposed approaches on two sets of web services. The results indicate that testing through WAFs can be used to prioritise vulnerabilities and that an oracle that uses a database proxy finds more vulnerabilities with fewer tries than an oracle that relies only on the output of the application.

Original languageEnglish
Title of host publicationFuture Internet Testing - First International Workshop, FITTEST 2013, Revised Selected Papers
PublisherSpringer Verlag
Pages32-47
Number of pages16
ISBN (Print)9783319077840
DOIs
Publication statusPublished - 2014
Externally publishedYes
Event1st International Workshop on Future Internet Testing, FITTEST 2013 - Istanbul, Turkey
Duration: 12 Nov 201312 Nov 2013

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume8432 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference1st International Workshop on Future Internet Testing, FITTEST 2013
Country/TerritoryTurkey
CityIstanbul
Period12/11/1312/11/13

Keywords

  • Blackbox testing
  • SQL injections
  • Web services

Fingerprint

Dive into the research topics of 'Assessing the impact of firewalls and database proxies on SQL injection testing'. Together they form a unique fingerprint.

Cite this