Abstract
This paper examines the effects and potential benefits of utilising Web Application Firewalls (WAFs) and database proxies in SQL injection testing of web applications and services. We propose testing the WAF itself to refine and evaluate its security rules and prioritise fixing vulnerabilities that are not protected by the WAF. We also propose using database proxies as oracles for black-box security testing instead of relying only on the output of the application under test. The paper also presents a case study of our proposed approaches on two sets of web services. The results indicate that testing through WAFs can be used to prioritise vulnerabilities and that an oracle that uses a database proxy finds more vulnerabilities with fewer tries than an oracle that relies only on the output of the application. © Springer International Publishing Switzerland 2014.
Author supplied keywords
Cite
CITATION STYLE
Appelt, D., Alshahwan, N., & Briand, L. (2014). Assessing the impact of firewalls and database proxies on SQL injection testing. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8432 LNCS, pp. 32–47). Springer Verlag. https://doi.org/10.1007/978-3-319-07785-7_2
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
