Web Application is part and parcel of our lives. Among many vulnerabilities, SQL injection is one of the most prevalent and exploited vulnerabilities in web applications. A SQL Injection is possible using insufficient validation of user input and metacharacters that are interpreted unintentionally on the database tire. As a result, Stored Procedures (SP) need to be used to protect the database. SP are small programs on the database that execute from the web application. However, not all SP can mitigate SQL injection. Hence security team tried different tools like Veracode, Burp Suite to find SQL injection issues. This paper introduces a fuzz-testing platform for detecting and validating SP SQL injection vulnerabilities on web applications. We compare the detection techniques based on related works and improve the detection technique for stored procedure vulnerability.

Authors: Md Arif Ahmed, Aspen Olmstead

Published in: World Congress on Internet Security (WorldCIS-2021)

  • Date of Conference:  7-9 December 2021
  • DOI: 10.20533/WorldCIS.2021.0005
  • ISBN: 978-1-913572-40-2
  • Conference Location: Virtual (London, UK)