Evaluation of SQL Injection Vulnerability Detection Tools
Najla’a Ateeq Mohammed Draib1, Abu Bakar Md Sultan2, Abdul Azim B Abd Ghani3, Hazura Zulzalil4
1Najla’a Ateeq Mohammed Draib*, Dept. of Software Engineering and Information System, Faculty of Computer Science and Information Technology Universiti Putra Malaysia, UPM Serdang, Selangor, Malaysia.
2Abu Bakar Md Sultan, Dept. of Software Engineering and Information System, Faculty of Computer Science and Information Technology Universiti Putra Malaysia, UPM Serdang, Selangor, Malaysia.
3Abdul Azim B Abd Ghani, Dept. of Software Engineering and Information System, Faculty of Computer Science and Information Technology Universiti Putra Malaysia, UPM Serdang, Selangor, Malaysia.
4Hazura Zulzalil, Dept. of Software Engineering and Information System, Faculty of Computer Science and Information Technology Universiti Putra Malaysia, UPM Serdang, Selangor, Malaysia.
Manuscript received on September 22, 2019. | Revised Manuscript received on October 20, 2019. | Manuscript published on October 30, 2019. | PP: 1747-1751 | Volume-9 Issue-1, October 2019 | Retrieval Number: A2648109119/2019©BEIESP | DOI: 10.35940/ijeat.A2648.109119
Open Access | Ethics and Policies | Cite | Mendeley
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: SQL injection vulnerabilities have been predominant on database-driven web applications since almost one decade. Exploiting such vulnerabilities enables attackers to gain unauthorized access to the back-end databases by altering the original SQL statements through manipulating user input. Testing web applications for identifying SQL injection vulnerabilities before deployment is essential to get rid of them. However, checking such vulnerabilities by hand is very tedious, difficult, and time-consuming. Web vulnerability static analysis tools are software tools for automatically identifying the root cause of SQL injection vulnerabilities in web applications source code. In this paper, we test and evaluate three free/open source static analysis tools using eight web applications with numerous known vulnerabilities, primarily for false negative rates. The evaluation results were compared and analysed, and they indicate a need to improve the tools.
Keywords: Web Application, Static Analysis Tools, SQL Injection, Vulnerabilities.