Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

SQL injection test case generation method based on combinatorial variation

A test case generation and test case technology, which is applied in software testing/debugging, error detection/correction, instruments, etc., can solve the problems of combinatorial explosion and reduce element combination coverage, so as to save test space and reduce the probability of space explosion , save time and detection costs

Active Publication Date: 2020-06-09
DALIAN UNIV OF TECH
View PDF3 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method can mutate the original effective test cases to successfully bypass the filtering rules of the firewall, but with the increase in the types of mutation operators (mutation scripts used in mutation testing and mutation test cases), the number of mutated test cases will increase exponentially If the number of mutation operators is controlled, the coverage of element combinations will be reduced.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SQL injection test case generation method based on combinatorial variation
  • SQL injection test case generation method based on combinatorial variation
  • SQL injection test case generation method based on combinatorial variation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0015] The content of the present invention will be further described in detail below in conjunction with the accompanying drawings and technical solutions.

[0016] figure 1 Shown is the flow chart of the detection method for SQL injection attacks based on the combined mutation method.

[0017] Step 1: The payload of the original effective test case for SQLi vulnerability detection can be further expanded through multiple mutation methods to generate test cases that can bypass firewall filtering rules. Because the test cases generated by mutating the payload using the mutation method approximated by the mutation rule have the same detection effect when detecting SQLi vulnerabilities, a large amount of unnecessary resource consumption is caused, which should be avoided. Therefore, the present invention abstracts the combination of different mutation methods into a combination problem, reducing the number of test cases after mutation.

[0018] Step 1.1: This patent proposes t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to the technical field of software security test research, and discloses an SQL injection test case generation method based on combinatorial variation, which is used for improving the number of SQL statement injection success and the SQL vulnerability detection efficiency. A test case set is generated by using a method of combining a combination test and a mutation test, andthe method can ensure the number of test cases bypassing a filtering rule while saving a test space. The test case set is applied to a detection system, so that SQL vulnerabilities which can successfully attack a Web page are verified, and compared with an existing method, the SQL injection vulnerability detection method based on mutation test reduces the probability of space explosion, and savesmore time cost and detection cost of test cases.

Description

technical field [0001] The invention belongs to the research technical field of software safety testing, and mainly relates to a method for generating SQL injection test cases based on combination mutation. Background technique [0002] With the continuous development of science and technology in the Internet age, technologies such as big data and cloud computing have emerged as the times require. B / S mode application systems have been widely used in different fields. Due to the uneven level and experience of programmers, a considerable part of the program When the staff wrote the code, they did not judge the legality of the data input by the user, which made the application program have security risks, and SQL injection is one of them. SQL injection is a method of injecting SQL characters or commands in web-based input fields in order to manipulate the query execution of web backend SQL statements, and this type of attack belongs to the main attack targets of web servers. ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/36G06F21/57
CPCG06F11/3684G06F21/577
Inventor 赵靖董天冉王延斌李志娟
Owner DALIAN UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products