SQLUnitGen : SQL Injection Testing Using Static and Dynamic Analysis

  title={SQLUnitGen : SQL Injection Testing Using Static and Dynamic Analysis},
  author={Yonghee Shin and Laurie Williams and Tao Xie},
This paper proposes an approach to facilitate the identification of actual input manipulation vulnerabilities via automated testing based on static analysis. We implemented a prototype of a SQL injection vulnerability detection tool, SQLUnitGen, which we compared to a static analysis tool, FindBugs. The evaluation results show that our approach can be used to locate precise vulnerable locations of source code and help to identify false positives that are caused by static analysis tools. 

From This Paper

Figures, tables, and topics from this paper.


Publications citing this paper.
Showing 1-10 of 12 extracted citations


Publications referenced by this paper.
Showing 1-4 of 4 references

Finding bugs is easy

SIGPLAN Notices • 2004
View 6 Excerpts
Highly Influenced

JCrasher: an automatic robustness tester for Java

Softw., Pract. Exper. • 2004
View 3 Excerpts
Highly Influenced

and T

Y. Shin, L. Williams
Xie, "SQLUnitGen: Test Case Generation for SQL Injection Detection," North Carolina State University, Raleigh Technical report, NCSU CSC TR 2006- 21 • 2006
View 2 Excerpts

Similar Papers

Loading similar papers…