Proposing SQL statement coverage metrics

@inproceedings{Smith2008ProposingSS,
  title={Proposing SQL statement coverage metrics},
  author={Ben H. Smith and Yonghee Shin and Laurie A. Williams},
  booktitle={SESS},
  year={2008}
}
An increasing number of cyber attacks are occurring at the application layer when attackers use malicious input. These input validation vulnerabilities can be exploited by (among others) SQL injection, cross site scripting, and buffer overflow attacks. Statement coverage and similar test adequacy metrics have historically been used to assess the level of functional and unit testing which has been performed on an application. However, these currently-available metrics do not highlight how well… CONTINUE READING

Figures, Tables, Results, and Topics from this paper.

Key Quantitative Results

  • We find that the web healthcare application scored 96.7% target statement coverage and 98.5% input variable coverage.
  • We find that the web healthcare application scored 96.7% target statement coverage and 98.5% input variable coverage.

Similar Papers

Citations

Publications citing this paper.
SHOWING 1-6 OF 6 CITATIONS

Coverage Metrics and Detection of Injection Vulnerabilities: An Experimental Study

  • 2016 12th European Dependable Computing Conference (EDCC)
  • 2016
VIEW 4 EXCERPTS
CITES BACKGROUND & METHODS
HIGHLY INFLUENCED

Experimenting Machine Learning Techniques to Predict Vulnerabilities

  • 2016 Seventh Latin-American Symposium on Dependable Computing (LADC)
  • 2016
VIEW 1 EXCERPT
CITES METHODS

Using SQL Hotspots in a Prioritization Heuristic for Detecting All Types of Web Application Vulnerabilities

  • 2011 Fourth IEEE International Conference on Software Testing, Verification and Validation
  • 2011
VIEW 1 EXCERPT
CITES BACKGROUND

Automating Coverage Metrics for Dynamic Web Applications

  • 2010 14th European Conference on Software Maintenance and Reengineering
  • 2010
VIEW 1 EXCERPT
CITES BACKGROUND

References

Publications referenced by this paper.
SHOWING 1-2 OF 2 REFERENCES

Command-Form Coverage for Testing Database Applications

  • 21st IEEE/ACM International Conference on Automated Software Engineering (ASE'06)
  • 2006
VIEW 8 EXCERPTS
HIGHLY INFLUENTIAL