Applied Sciences (Sep 2024)

TPSQLi: Test Prioritization for SQL Injection Vulnerability Detection in Web Applications

  • Guan-Yan Yang,
  • Farn Wang,
  • You-Zong Gu,
  • Ya-Wen Teng,
  • Kuo-Hui Yeh,
  • Ping-Hsueh Ho,
  • Wei-Ling Wen

DOI
https://doi.org/10.3390/app14188365
Journal volume & issue
Vol. 14, no. 18
p. 8365

Abstract

Read online

The rapid proliferation of network applications has led to a significant increase in network attacks. According to the OWASP Top 10 Projects report released in 2021, injection attacks rank among the top three vulnerabilities in software projects. This growing threat landscape has increased the complexity and workload of software testing, necessitating advanced tools to support agile development cycles. This paper introduces a novel test prioritization method for SQL injection vulnerabilities to enhance testing efficiency. By leveraging previous test outcomes, our method adjusts defense strength vectors for subsequent tests, optimizing the testing workflow and tailoring defense mechanisms to specific software needs. This approach aims to improve the effectiveness and efficiency of vulnerability detection and mitigation through a flexible framework that incorporates dynamic adjustments and considers the temporal aspects of vulnerability exposure.

Keywords