Change search
ReferencesLink to record
Permanent link

Direct link
Measuring Accurancy of Vulnerability Scanners: An Evaluation with SQL Injections
Linköping University, Department of Electrical Engineering, Information Coding. Linköping University, The Institute of Technology.
2014 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesisAlternative title
Mätning av noggrannhet bland sårbarhetsskannrar : En utvärdering med SQL injektioner (Swedish)
Abstract [en]

Web application vulnerabilities of critical are commonly found in web applications. The arguably most problematic class of web application vulnerabilities is SQL injections. SQL injection vulnerabilities can be used to execute commands on the database coupled to the web application, e.g., to extract the web application’s user and passwords data. Black box testing tools are often used (both by system owners and their adversaries) to discover vul- nerabilities in a running web application. Hence, how well they perform at discovering SQL injection vulnerabilities is of importance. This thesis describes an experiment assessing de- tection capability for different SQL injection vulnerabilities under different conditions. In the experiment the following is varied: SQL injection vulnerability (17 instances allowing tautologies, piggy-backed queries, and logically incorrect queries), scanners (four products), exploitability (three levels), input vector (POST/GET), and time investment (three levels). The number of vulnerabilities detected is largely determined by the choice of scanner (30% to 77%) and the input vector (71% or 38%). The interaction between the scanner and input vector is substantial since two scanners cannot handle the POST-vector at all. Substantial differences are also found between how well different SQL injection vulnerabilities are de- tected and the more exploitable variants are detected more often, as expected. The impact of time spent with the scan interacts with the scanner - some scanners required considerable time to configure and other did not – and as a consequence the relationship between time investments to detection capabilities is non-trivial.

Place, publisher, year, edition, pages
2014. , 58 p.
Keyword [en]
SQL Injection, Vulnerability Scanning
National Category
Computer Engineering
URN: urn:nbn:se:liu:diva-106628ISRN: LiTH-ISY-EX--14/4748--SEOAI: diva2:717493
Subject / course
Computer Engineering
2014-03-14, Systemet, Linköping, 15:00 (Swedish)
Available from: 2014-05-15 Created: 2014-05-15 Last updated: 2014-05-19Bibliographically approved

Open Access in DiVA

fulltext(432 kB)563 downloads
File information
File name FULLTEXT01.pdfFile size 432 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Norström, Alexander
By organisation
Information CodingThe Institute of Technology
Computer Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 563 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 278 hits
ReferencesLink to record
Permanent link

Direct link