ISBN: 978-981-11-3671-9 DOI: 10.18178/wcse.2017.06.098
A SQL Injection Vulnerability Penetration Test Approach Based on Response-Driven Attacking Model
Abstract— Penetration Test is one of the most important test techniques for exposing the top-ranked web
vulnerability SQL Injection Vulnerability (SQLIV). However, the insufficiency of testing accuracy and
efficiency has become increasingly severe since the continual emerging of many new kinds of SQLIV types
with different response analyzing methods. To solve this problem, this paper proposes a Response-Driven
Attacking Model (RDAM), which is based on systematic response analyzing and attacking tree model. The
empirical study shows the effectiveness of the proposed approach.
Index Terms— response analyzing, attacking tree, model based, SQL injection vulnerability, penetration test
Lei Liu, Jing Xu, Biao Zhang, Jiehui Kang, Chenkai Guo, Sihan Xu
College of Computer and Control Engineering, Nankai University, CHINA
School of Information Science and Electrical Engineering, Shandong Jiaotong University, CHINA
Cite: 作者, "A SQL Injection Vulnerability Penetration Test Approach Based on Response-Driven Attacking Model," Proceedings of 2017 the 7th International Workshop on Computer Science and Engineering, pp. 569-573, Beijing, 25-27 June, 2017.