基于模型的Web应用二阶SQL注入测试用例集生成
作者:
基金项目:

国家自然科学基金(61672085)


Model Based Web Application Second-Order SQL Injection Test Suite Generation
Author:
  • 摘要
  • | |
  • 访问统计
  • |
  • 参考文献 [18]
  • |
  • 相似文献 [20]
  • | | |
  • 文章评论
    摘要:

    SQL注入漏洞一直以来都是威胁Web应用安全的主要问题之一, 其中二阶SQL注入漏洞相较于一阶SQL注入更加隐蔽且威胁更大, 对其检测通常依赖于测试人员的先验知识与经验. 目前, 在缺乏源码信息的黑盒测试场景下, 还没有针对该漏洞的有效检测手段. 利用基于模型的测试用例生成思想, 提出了一种基于客户端行为模型的测试用例集生成方法(CBMTG), 用于生成检测Web应用二阶SQL注入漏洞的测试用例集. 首先通过初始测试用例集的执行建立迁移与SQL语句的映射关系; 然后通过SQL语句的字段分析建立迁移之间的拓扑关系; 最后通过拓扑关系来指导最终的测试用例集生成. 实验结果表明, 本文方法优于当前主流的二阶SQL注入漏洞检测方法.

    Abstract:

    SQL injection vulnerability has been the one of the most problems that threaten Web application security. Among them, second-order SQL injection vulnerabilities are more subtle and destructive than the first-order one, and the detection usually depends on the tester’s prior knowledge and experience. At present, in the Black-Box Testing scenario, there is no effective detection method for the second-order vulnerability yet. Utilizing the idea of model-based test case generation, in this study, a Test suite Generation method based on a Client Behavior Model (CBMTG) is proposed to get a test suite capable of detecting second-order SQL injection vulnerabilities in Web applications. In the CBMTG, firstly, the mapping relationship between transitions and SQL statements is established through the execution of the initial test suite. Then, the topological relationship between transitions is established through the field analysis of the SQL statements. Finally, the final test suite is generated under the guidance of the topological relationship. The experimental results show that the method in this study performs better in most Web application than the state-of-the-art second-order SQL injection vulnerability detection methods.

    参考文献
    [1] Symantec. Internet threat report: 2012 trends, volume 18. Apr. 2013.
    [2] OWASP. OWASP top ten. https://www.owasp.org/index.php/Category:OWASP_Top_Ten_2017_Project.
    [3] CWE. 2019 CWE top 25 most dangerous software errors. http://cwe.mitre.org/top25/index.html.
    [4] Taylor C, Sakharkar S. ');DROP TABLE textbooks;--: An Argument for SQL injection coverage in database textbooks. Proceedings of the 50th ACM Technical Symposium on Computer Science Education. Minneapolis, MN, USA. 2019. 191–197.
    [5] Halfond WG, Viegas J, Orso A. A classification of SQL-injection attacks and countermeasures. Proceedings of IEEE International Symposium on Secure Software Engineering. Arlington, TX, USA. 2006. 13–15.
    [6] Sharma C, Jain SC. Analysis and classification of SQL injection vulnerabilities and attacks on web applications. Proceedings of 2014 International Conference on Advances in Engineering & Technology Research. Unnao, India. 2014. 1–6.
    [7] nccgroup. Second-order code injection attacks. https://www.nccgroup.trust/uk/our-research/second-order-code-injection-attacks/. (2013-08-23).
    [8] Bau J, Bursztein E, Gupta D, et al. State of the art: Automated black-box web application vulnerability testing. Proceedings of 2010 IEEE Symposium on Security and Privacy. Berkeley, CA, USA. 2010. 332–345.
    [9] Dahse J, Holz T. Simulation of built-in php features for precise static code analysis. Proceedings of the 21st Annual Network and Distributed System Security Symposium. San Diego, CA, USA. 2014. 23–26.
    [10] Dahse J, Holz T. Static detection of second-order vulnerabilities in web applications. Proceedings of the 23rd USENIX Security Symposium. San Diego, CA, USA. 2014. 989–1003.
    [11] Yan L, Li XH, Feng RT, et al. Detection method of the second-order SQL injection in Web applications. Proceedings of the 3rd International Workshop on Structured Object-Oriented Formal Language and Method. Queenstown, New Zealand. 2013. 154–165.
    [12] Liu M, Wang B. A Web second-order vulnerabilities detection method. IEEE Access, 2018, 6: 70983–70988. [doi: 10.1109/ACCESS.2018.2881070
    [13] Javed H, Minhas N M, Abbas A, et al. Model based testing for web applications: A literature survey presented. Journal of Software, 2016, 11(4): 347–361
    [14] Wang W, Guo J, Li Z, et al. Behavior model construction for client-side of modern Web applications. Tsinghua Science and Technology.
    [15] Buehrer G, Weide BW, Sivilotti PAG. Using parse tree validation to prevent SQL injection attacks. Proceedings of the 5th International Workshop on Software Engineering and Middleware. Lisbon, Portugal. 2005. 106–113.
    [16] A validating SQL lexer and parser with a focus on MySQL dialect. https://github.com/phpmyadmin/sql-parser.
    [17] Tian W, Yang JF, Xu J, et al. Attack model based penetration test for SQL injection vulnerability. Proceedings of the 2012 IEEE 36th Annual Computer Software and Applications Conference Workshops. Izmir, Turkey. 2012. 589–594.
    [18] Appelt D, Nguyen CD, Briand LC, et al. Automated testing for SQL injection vulnerabilities: An input mutation approach. Proceedings of 2014 International Symposium on Software Testing and Analysis. San Jose, CA, USA. 2014. 259–269.
    引证文献
引用本文

尤枫,王维扬,尚颖.基于模型的Web应用二阶SQL注入测试用例集生成.计算机系统应用,2020,29(8):144-151

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2019-12-21
  • 最后修改日期:2020-01-19
  • 在线发布日期: 2020-07-31
  • 出版日期: 2020-08-15
文章二维码
您是第11203484位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京海淀区中关村南四街4号 中科院软件园区 7号楼305房间,邮政编码:100190
电话:010-62661041 传真: Email:csa (a) iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号