Automated test input generation for detecting SQL injection vulnerability using set theory concept

Abstract

The use of web application has grown rapidly due to the change in lifestyle in doing business, daily activities and social life. E-commerce, E-banking, E-book, social applications and much more are among the examples of web applications. However, at the same time, the number of vulnerabilities existing in the web application has increased as well. SQL injection is among the most dangerous vulnerabilities in web applications that allow attackers to bypass the authentication and access the application database. Security testing is one of the techniques required to detect the existence of SQL injection vulnerability in a web application. However, inadequate test input during testing can affect the effectiveness of security testing. Therefore, the generation of test input is formulated by applying the Cartesian product in set theory concept to detect SQL injection vulnerability. The ideas obtained from our method will generate a set of test inputs automatically and able to exploit SQL injection vulnerability.