Behind an application firewall, are we safe from SQL injection attacks?

2015 IEEE 8th International Conference on Software Testing, Verification and Validation, ICST 2015 - Proceedings

Volumn , Issue , 2015, Pages

  Appelt, Dennis ^a   Nguyen, Cu D ^a   Briand, Lionel ^a  

^a UNIVERSITY OF LUXEMBOURG   (Luxembourg)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER CRIME; NETWORK SECURITY; ONLINE SYSTEMS; SOFTWARE TESTING; VERIFICATION;

APPLICATION FIREWALLS; CYBER-ATTACKS; SQL INJECTION ATTACKS; WEB APPLICATION FIREWALLS; WEB-BASED APPLICATIONS;

COMPUTER SYSTEM FIREWALLS;

EID: 84935108505     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICST.2015.7102581     Document Type: Conference Paper

References (20)

1. E. Al-Shaer, A. El-Atawy, and T. Samak. Automated pseudo-live testing of firewall configuration enforcement. Selected Areas in Communications, IEEE Journal on, 27(3):302-314, 2009.
2. S. Anand, E. K. Burke, T. Y. Chen, J. Clark, M. B. Cohen, W. Grieskamp, M. Harman, M. J. Harrold, and P. McMinn. An orchestrated survey of methodologies for automated software test case generation. Journal of Systems and Software, 86(8):1978-2001, 2013.
3. N. Antunes, N. Laranjeiro, M. Vieira, and H. Madeira. Command injection vulnerability scanner for web services. http://eden. dei. uc. pt/ mvieira/.
4. N. Antunes, N. Laranjeiro, M. Vieira, and H. Madeira. Effective detection of SQL/XPath injection vulnerabilities in web services. In Proceedings of the 6th IEEE International Conference on Services Computing (SCC '09), pages 260-267, 2009.
5. D. Appelt, C. D. Nguyen, L. C. Briand, and N. Alshahwan. Automated testing for sql injection vulnerabilities: An input mutation approach. In Proceedings of the 2014 International Symposium on Software Testing and Analysis, ISSTA 2014, pages 259-269, New York, NY, USA, 2014. ACM.
6. W. Banzhaf, F. D. Francone, R. E. Keller, and P. Nordin. Genetic Programming: An Introduction: on the Automatic Evolution of Computer Programs and Its Applications. Morgan Kaufmann Publishers Inc., San Francisco, CA, USA, 1998.
7. T. Beery and N. Niv. Web application attack report, 2013.
8. A. D. Brucker, L. Brgger, P. Kearney, and B. Wolff. Verified firewall policy transformations for test case generation. In Software Testing, Verification and Validation (ICST), 2010 Third International Conference on, pages 345-354. IEEE, 2010.
9. J. Coffey, L. White, N. Wilde, and S. Simmons. Locating software features in a soa composite application. In Web Services (ECOWS), 2010 IEEE 8th European Conference on, pages 99-106, 2010.
10. M. Fossi and E. Johnson. Symantec global internet security threat report, volume xiv, 2009.
11. W. Halfond, J. Viegas, and A. Orso. A classification of sql-injection attacks and countermeasures. In Proceedings of the IEEE International Symposium on Secure Software Engineering, Arlington, VA, USA, pages 13-15, 2006.
12. M. Hall, E. Frank, G. Holmes, B. Pfahringer, P. Reutemann, and I. H. Witten. The weka data mining software: An update. SIGKDD Explor. Newsl., 11(1):10-18, Nov. 2009.
13. T. K. Ho. The random subspace method for constructing decision forests. Pattern Analysis and Machine Intelligence, IEEE Transactions on, 20(8):832-844, Aug 1998.
14. J. Hwang, T. Xie, F. Chen, and A. X. Liu. Systematic structural testing of firewall policies. In Reliable Distributed Systems, 2008. SRDS'08. IEEE Symposium on, pages 105-114. IEEE, 2008.
15. J. Jürjens and G. Wimmel. Specification-based testing of firewalls. In D. Bjørner, M. Broy, and A. Zamulin, editors, Perspectives of System Informatics, volume 2244 of Lecture Notes in Computer Science, pages 308-316. Springer Berlin Heidelberg, 2001.
16. H. Liu and H. B. Kuan Tan. Testing input validation in web applications through automated model recovery. Journal of Systems and Software, 81(2):222-233, 2008.
17. P. McMinn. Search-based software test data generation: a survey. Software Testing, Verification and Reliability, 14(2):105-156, 2004.
18. J. Offutt, Y. Wu, X. Du, and H. Huang. Bypass testing of web applications. In Software Reliability Engineering, 2004. ISSRE 2004. 15th International Symposium on, pages 187-197. IEEE, 2004.
19. D. Senn, D. Basin, and G. Caronni. Firewall conformance testing. In F. Khendek and R. Dssouli, editors, Testing of Communicating Systems, volume 3502 of Lecture Notes in Computer Science, pages 226-241. Springer Berlin Heidelberg, 2005.
20. S. Varrette, P. Bouvry, H. Cartiaux, and F. Georgatos. Management of an Academic HPC Cluster: The UL Experience. In Proc. of the 2014 Intl. Conf. on High Performance Computing & Simulation (HPCS 2014), pages 959-967, Bologna, Italy, July 2014. IEEE.