TY  - JOUR
T1  - Security Testing of Web Applications for Detecting and Exploiting
Second-Order SQL Injection Vulnerabilities
AU - Mohammed Draib, Najla&rsquo;a Ateeq AU - Md Sultan, Abu Bakar AU - B Abd Ghani, Abdul Azim AU - Zulzalil, Hazura 
JO  - Journal of Engineering and Applied Sciences
VL  - 13
IS  - 20
SP  - 8426
EP  - 8431
PY  - 2018
DA  - 2001/08/19
SN  - 1816-949x
DO  - jeasci.2018.8426.8431
UR  - https://makhillpublications.co/view-article.php?doi=jeasci.2018.8426.8431
KW  - vulnerability detection
KW  -second-order SQL injection
KW  -static analysis
KW  -Security testing
KW  -webapplications
KW  -promising results
AB  - SQL injection is considered one of the most serious issues affecting web application&#39;s security. It
occurs when an attacker tries to access the back-end database of web applications by exploiting improper user
input validation vulnerabilities. There are two types of SQL injection, namely, first-order SQL injection and
second-order SQL injection. Most of the existing research works addressing this issue focus on detecting the
first-order SQL injection with a common assumption that preventing first-order injection attack makes web
applications secure against other SQL injection attacks. However, second-order injection attacks can occur in
applications that are secured against first-order injection attacks. This is a dangerous security problem which
can occasionally, lead to dire consequences. In this study, we present our work-in-progress that uses a static
taint analysis and symbolic execution approach for detecting second-order SQL injection vulnerabilities. We
first use static taint analysis to identify candidate vulnerabilities. Then, we use symbolic execution to generate
those input vectors that make the program execution satisfy conditions and confirm the existence of SQL
injection vulnerabilities. This is the first technique of which we are aware that generates input vectors that
expose second-order SQL injection vulnerabilities. The initial analysis of our proposed approach shows some
promising results.
ER  - 