Comparing web vulnerability scanners with a new method for SQL injection vulnerabilities detection and removal EPSQLiFix
Web vulnerabilities have become a major threat to the security of information and services accessible via the internet. Dynamic analysis based Web Vulnerability Scanners (WVS) have been employed to facilitate detection of vulnerabilities, though, such scanners could not remove the detected vulnerabi...
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Science Publishing Corporation
2018
|
| Online Access: | http://psasir.upm.edu.my/id/eprint/73465/ http://psasir.upm.edu.my/id/eprint/73465/1/SQL.pdf |
| _version_ | 1848857277858054144 |
|---|---|
| author | Md Sultan, Abu Bakar Abdullah@Selimun, Mohd Taufik Admodisastro, Novia Indriaty Zulzalil, Hazura Umar, Kabir |
| author_facet | Md Sultan, Abu Bakar Abdullah@Selimun, Mohd Taufik Admodisastro, Novia Indriaty Zulzalil, Hazura Umar, Kabir |
| author_sort | Md Sultan, Abu Bakar |
| building | UPM Institutional Repository |
| collection | Online Access |
| description | Web vulnerabilities have become a major threat to the security of information and services accessible via the internet. Dynamic analysis based Web Vulnerability Scanners (WVS) have been employed to facilitate detection of vulnerabilities, though, such scanners could not remove the detected vulnerabilities. Empirical evidences show that some existing static analysis techniques targeted both detection and removal of vulnerabilities. However, these techniques are not adequately effective – they report considerably large number of false positives and do not achieve fully automatic vulnerabilities removal. Although, clear understanding of the workflow of WVSs is very essential in designing more improved scanners, current literature does not provide a comprehensive presentation on workflow of WVSs. Thus, this paper presents thorough description of generic WVS through synthesis and aggregation of knowledge. In addition, the paper presents overview of an Evolutionary Programming (EP) based static analysis method for automatic detection and removal of vulnerabilities called EPSQLiFix. Lastly, the paper compares the workflow of WVSs to that of EPSQLiFix method. |
| first_indexed | 2025-11-15T11:55:00Z |
| format | Article |
| id | upm-73465 |
| institution | Universiti Putra Malaysia |
| institution_category | Local University |
| language | English |
| last_indexed | 2025-11-15T11:55:00Z |
| publishDate | 2018 |
| publisher | Science Publishing Corporation |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | upm-734652021-01-26T19:51:00Z http://psasir.upm.edu.my/id/eprint/73465/ Comparing web vulnerability scanners with a new method for SQL injection vulnerabilities detection and removal EPSQLiFix Md Sultan, Abu Bakar Abdullah@Selimun, Mohd Taufik Admodisastro, Novia Indriaty Zulzalil, Hazura Umar, Kabir Web vulnerabilities have become a major threat to the security of information and services accessible via the internet. Dynamic analysis based Web Vulnerability Scanners (WVS) have been employed to facilitate detection of vulnerabilities, though, such scanners could not remove the detected vulnerabilities. Empirical evidences show that some existing static analysis techniques targeted both detection and removal of vulnerabilities. However, these techniques are not adequately effective – they report considerably large number of false positives and do not achieve fully automatic vulnerabilities removal. Although, clear understanding of the workflow of WVSs is very essential in designing more improved scanners, current literature does not provide a comprehensive presentation on workflow of WVSs. Thus, this paper presents thorough description of generic WVS through synthesis and aggregation of knowledge. In addition, the paper presents overview of an Evolutionary Programming (EP) based static analysis method for automatic detection and removal of vulnerabilities called EPSQLiFix. Lastly, the paper compares the workflow of WVSs to that of EPSQLiFix method. Science Publishing Corporation 2018 Article PeerReviewed text en http://psasir.upm.edu.my/id/eprint/73465/1/SQL.pdf Md Sultan, Abu Bakar and Abdullah@Selimun, Mohd Taufik and Admodisastro, Novia Indriaty and Zulzalil, Hazura and Umar, Kabir (2018) Comparing web vulnerability scanners with a new method for SQL injection vulnerabilities detection and removal EPSQLiFix. International Journal of Engineering and Technology (UAE), 7 (4.31). 40 - 45. ISSN 2227-524X https://www.sciencepubco.com/index.php/ijet/article/view/23338 10.14419/ijet.v7i4.31.23338 |
| spellingShingle | Md Sultan, Abu Bakar Abdullah@Selimun, Mohd Taufik Admodisastro, Novia Indriaty Zulzalil, Hazura Umar, Kabir Comparing web vulnerability scanners with a new method for SQL injection vulnerabilities detection and removal EPSQLiFix |
| title | Comparing web vulnerability scanners with a new method for SQL injection vulnerabilities detection and removal EPSQLiFix |
| title_full | Comparing web vulnerability scanners with a new method for SQL injection vulnerabilities detection and removal EPSQLiFix |
| title_fullStr | Comparing web vulnerability scanners with a new method for SQL injection vulnerabilities detection and removal EPSQLiFix |
| title_full_unstemmed | Comparing web vulnerability scanners with a new method for SQL injection vulnerabilities detection and removal EPSQLiFix |
| title_short | Comparing web vulnerability scanners with a new method for SQL injection vulnerabilities detection and removal EPSQLiFix |
| title_sort | comparing web vulnerability scanners with a new method for sql injection vulnerabilities detection and removal epsqlifix |
| url | http://psasir.upm.edu.my/id/eprint/73465/ http://psasir.upm.edu.my/id/eprint/73465/ http://psasir.upm.edu.my/id/eprint/73465/ http://psasir.upm.edu.my/id/eprint/73465/1/SQL.pdf |