An Analysis of Black-Box Web Application Security Scanners against Stored SQL Injection

@article{Khoury2011AnAO,
  title={An Analysis of Black-Box Web Application Security Scanners against Stored SQL Injection},
  author={Nidal Khoury and Pavol Zavarsky and Dale Lindskog and Ron Ruhl},
  journal={2011 IEEE Third Int'l Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third Int'l Conference on Social Computing},
  year={2011},
  pages={1095-1101}
}
Web application security scanners are a compilation of various automated tools put together and used to detect security vulnerabilities in web applications. Recent research has shown that detecting stored SQL injection, one of the most critical web application vulnerabilities, is a major challenge for black-box scanners. In this paper, we evaluate three state of art black-box scanners that support detecting stored SQL injection vulnerabilities. We developed our custom test bed that challenges… CONTINUE READING
Highly Cited
This paper has 24 citations. REVIEW CITATIONS

Citations

Publications citing this paper.
Showing 1-10 of 14 extracted citations

References

Publications referenced by this paper.
Showing 1-10 of 11 references

Advanced SQL injection to operating system full control

  • 2009
1 Excerpt

Bernardo Damele Assumpção Guimarães , " Advanced SQL injection to operating system full control " , April 2009 [ 2 ] The Open Web Application Security Project . ( 2010 ) . [ Online ]

  • Jason Bau, Elie Bursztein, Divij Gupta, John Mitchell
  • State of the Art : Automated Black - Box Web…
  • 2004

Second-order Code Injection Attacks", An NGSSoftware

  • Gunter Ollmann
  • Insight Security Research (NISR) publication,
  • 2004
2 Excerpts

Advanced SQL Injection in SQL Server Applications

  • Chris Anley
  • An NGSSoftware Insight Security Research (NISR…
  • 2002
1 Excerpt

Similar Papers

Loading similar papers…