Search-Based SQL Injection Attacks Testing Using Genetic Programming

  • Benjamin AzizEmail author
  • Mohamed Bader
  • Cerana Hippolyte
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9594)


Software testing is a key phase of many development methodologies as it provides a natural opportunity for integrating security early in the software development lifecycle. However despite the known importance of software testing, this phase is often overlooked as it is quite difficult and labour-intensive to obtain test datasets to effectively test an application. This lack of adequate automatic software testing renders software applications vulnerable to malicious attacks after they are deployed as detected software vulnerabilities start having an impact during the production phase. Among such attacks are SQL injection attacks. Exploitation of SQL injection vulnerabilities by malicious programs could result in severe consequences such as breaches of confidentiality and false authentication. We present in this paper a search-based software testing technique to detect SQL injection vulnerabilities in software applications. This approach uses genetic programming as a means of generating our test datasets, which are then used to test applications for SQL injection-based vulnerabilities.


Genetic programming Search-based testing SQL injections 


  1. 1.
    Appelt, D., Alshahwan, N., Nguyen, C.D., Briand, L.C.: Black-box SQL injection testing. Technical report, University of Luxembourg and University College London (2014)Google Scholar
  2. 2.
    Boyd, S.W., Keromytis, A.D.: SQLrand: preventing SQL injection attacks. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 292–302. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. 3.
    Chan, W., Cheung, S., Tse, T.: Fault-based testing of database application programs with conceptual data model. In: Fifth International Conference on Quality Software, (QSIC ), pp. 187–196, September 2005Google Scholar
  4. 4.
    Ciampa, A., Visaggio, C.A., Di Penta, M.: A heuristic-based approach for detecting sql-injection vulnerabilities in web applications. In: Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems, SESS 2010, pp. 43–49. ACM, New York (2010)Google Scholar
  5. 5.
    Fossi, M., Turner, D., Mack, E.J.T., Adams, T., Blackbird, J., Entwisle, S., Graveland, B., McKinney, D., Mulcahy, J., Wueest, C.: Symantec global internet security threat report: trends for 2009. Technical report XV, Symantec, April 2010Google Scholar
  6. 6.
    Gudu Software: GSP: general SQL parser. (Accessed 14 October 2015)
  7. 7.
    Halfond, W.G.J., Orso, A.: AMNESIA: analysis and monitoring for neutralizing sql-injection attacks. In: Proceedings of the 20th IEEE/ACM International Conference on Automated Software Engineering, ASE 2005, pp. 174–183. ACM, New York (2005)Google Scholar
  8. 8.
    Forristal, J.: NT web technology vulnerabilities. Phrack Mag. 8(54), December 1998Google Scholar
  9. 9.
    Kosuga, Y., Kernel, K., Hanaoka, M., Hishiyama, M., Takahama, Y.: Sania: syntactic and semantic analysis for automated testing against SQL injection. In: Twenty-Third Annual Computer Security Applications Conference, ACSAC 2007, pp. 107–117, December 2007Google Scholar
  10. 10.
    Luke, S., Panait, L., Balan, G., Paus, S., Skolicki, Z., Bassett, J., Hubley, R., Chircop, A.: ECJ: a java-based evolutionary computation research system. eclab/projects/ecj/ (Accessed 14 October 2015)
  11. 11.
    McClure, R., Kruger, I.: SQL DOM: compile time checking of dynamic SQL statements. In: Proceedings of 27th International Conference on Software Engineering, ICSE 2005, pp. 88–96, May 2005Google Scholar
  12. 12.
    NIST: National vulnerability database: automating vulnerability management, security measurement and compliance checking. (Accessed 14 October 2015)
  13. 13.
    NIST: Structured Query Language (SQL) test suite. (Accessed 14 October 2015)
  14. 14.
    OWASP: OWASP Top 10–2010-the ten most critical web application security risks. the open web application security project (2010).
  15. 15.
    Shahriar, H., Zulkernine, M.: MUSIC: mutation-based SQL injection vulnerability checking. In: The Eighth International Conference on Quality Software, QSIC 2008, pp. 77–86, August 2008Google Scholar
  16. 16.
    Shin, Y., Williams, L., Xie, T.: Sqlunitgen: test case generation for SQL injection detection. Technical report NCSU CSC TR, 21:2006, North Carolina State University (2016)Google Scholar
  17. 17.
    Su, Z., Wassermann, G.: The essence of command injection attacks in web applications. In: Conference Record of the 33rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2006, pp. 372–382. ACM, New York (2006)Google Scholar
  18. 18.
    SugarCRM: SugarCRM. (Accessed 14 October 2015)
  19. 19.
    SuiteCRM: SuiteCRM – CRM for the world. (Accessed 14 October 2015)
  20. 20.
    Thomas, S., Williams, L., Xie, T.: On automated prepared statement generation to remove SQL injection vulnerabilities. Inf. Softw. Technol. 51(3), 589–598 (2009)CrossRefGoogle Scholar
  21. 21.
    Tuya, J., Suárez-Cabal, M.J., De La Riva, C.: Mutating database queries. Inf. Softw. Technol. 49(4), 398–417 (2007)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Benjamin Aziz
    • 1
    Email author
  • Mohamed Bader
    • 1
  • Cerana Hippolyte
    • 1
  1. 1.School of ComputingUniversity of PortsmouthPortsmouthUK

Personalised recommendations