Static-Based Test Case Dynamic Generation for SQLIVs Detection

Abstract

We proposed a novel approach to generate test cases for detecting SQLIVs (SQL Injection vulnerabilities), one of the most foremost threats to Web applications. Dynamic testing procedures need to construct an appropriate test to launch a simulated attack on the target system, so test case generation is a crucial step, which directly affects the efficiency of detection. The traditional test case generation technologies have many flaws, for example, blind injection would create a lot of invalid test cases that fail to reach the sink point of vulnerability after filtered out. On the other hand, the test structure far from comprehensive would lead to blind test spots, giving rise to inefficiency and high false alarm rate. Therefore, we propose to use static analysis results to guide test case dynamic generation. A sequence of injection points and filter missing information of SQL vulnerabilities obtained in the static analysis can be passed as parameters to the dynamic detection module to generate more targeted test parameters. In order to generate more accurate test set, we parse the test parameters into two parts: the parameter basic structure and the parameter control information, which will help eliminate a lot of unnecessary redundancy attacks. This kind of joint test case generation is just the innovative point of our paper, practically making for more efficient and accurate dynamic detection.