| Due to the rapid development of web applications,SQL injection has been a serious security threat for years.Many systems used a blacklist filtering rules or filter functions in order to prevent SQL injection vulnerabilities,thus,the superposition of multiple rules will bring greater potential crisis.A penetration tester or an attacker is going to find these potential vulnerabilities,however,the existing automated SQL injection testing tools are only for some simple SQL injection vulnerabilities.When the target system has a filter function,it may need human experience to judge,select and debug,thus,the vulnerability discovery process will become very difficult.Now we present in this paper a new mutation method for SQL injection,we used the combinatorial testing method to instruct the test case mutation.It makes the mutation progress more aggressive and automated.This paper explores the causeof SQL injection vulnerability with specific attack instances.Existing SQL injection test cases mutation operators are summarized and classified.A test case generation algorithm based on mutation is proposed.As to multiple mutation and test case space expansion,an improved test case generation algorithm based on combinatorial testing is proposed.The algorithm improves the vulnerability coverage of test cases and reduces test case space.Finally,by setting up experimental simulation platform and implement simulation experiments,the statistical analysis of the experimental data reflects the superiority of the method.At last this paper points out some ideas for future work. |
PDF Full Text Request