@inproceedings{4151da900b1e479d88d062326cc8e788,
title = "Automated testing for SQL injection vulnerabilities: An input mutation approach",
abstract = "Web services are increasingly adopted in various domains, from finance and e-government to social media. As they are built on top of the web technologies, they suffer also an unprecedented amount of attacks and exploitations like the Web. Among the attacks, those that target SQL injection vulnerabilities have consistently been top-ranked for the last years. Testing to detect such vulnerabilities before making web services public is crucial. We present in this paper an automated testing approach, namely μ4SQLi, and its underpinning set of mutation operators. μ4SQLi can produce effective inputs that lead to executable and harmful SQL statements. Executability is key as otherwise no injection vulnerability can be exploited. Our evaluation demonstrated that the approach is effective to detect SQL injection vulnerabilities and to produce inputs that bypass application firewalls, which is a common configuration in real world.",
keywords = "Mutation testing, SQL injection, Test generation",
author = "Dennis Appelt and Nguyen, {Cu Duy} and Briand, {Lionel C.} and Nadia Alshahwan",
note = "Publisher Copyright: Copyright 2014 ACM.; 23rd International Symposium on Software Testing and Analysis, ISSTA 2014 ; Conference date: 21-07-2014 Through 25-07-2014",
year = "2014",
month = jul,
day = "21",
doi = "10.1145/2610384.2610403",
language = "English",
series = "2014 International Symposium on Software Testing and Analysis, ISSTA 2014 - Proceedings",
publisher = "Association for Computing Machinery, Inc",
pages = "259--269",
booktitle = "2014 International Symposium on Software Testing and Analysis, ISSTA 2014 - Proceedings",
}