Add to ORKGpeer reviewedThis paper examines the effects and potential benefits of utilising Web Application Firewalls (WAFs) and database proxies in SQL injection testing of web applications and services. We propose testing the WAF itself to refine and evaluate its security rules and prioritise fixing vulnerabilities that are not protected by the WAF. We also propose using database proxies as oracles for black-box security testing instead of relying only on the output of the application under test. The paper also presents a case study of our proposed approaches on two sets of web services. The results indicate that testing through WAFs can be used to prioritise vulnerabilities and that an oracle that uses a database proxy finds more vulnerabilities wi...
Internet has eased the life of human in numerous ways, but the drawbacks like the intrusions that ar...
Web security is an important area of research. This work has focused on web securing schemes. The pr...
Abstract: Every cyber attack mostly targets the Databases through the firewalls that shield it. Like...
Web application firewalls (WAF) are an indispensable mechanism to protect online systems from attack...
Web application firewalls are an indispensable layer to protect online systems from attacks. However...
International audienceInjections flaws which include SQL injection are the most prevalent security t...
Web services are increasingly adopted in various domains, from finance and e-government to social me...
Web services are increasingly adopted in various domains, from finance and e-government to social me...
A web application is a very important requirement in the information and digitalization era. With th...
Web services are increasingly adopted in various domains, from finance and e-government to social me...
Today most of us depend on Internet for our day to day activities such as financial transactions, ed...
Injection vulnerabilities, such as SQL injection (SQLi), are ranked amongst the most dangerous types...
peer reviewedTesting and fixing WAFs are two relevant and complementary challenges for security anal...
Structured query language injection vulnerability (SQLIV) is one of the most prevalent and serious w...
Context. Many applications today use databases to store user informationor other data for their appl...
Internet has eased the life of human in numerous ways, but the drawbacks like the intrusions that ar...
Web security is an important area of research. This work has focused on web securing schemes. The pr...
Abstract: Every cyber attack mostly targets the Databases through the firewalls that shield it. Like...
Web application firewalls (WAF) are an indispensable mechanism to protect online systems from attack...
Web application firewalls are an indispensable layer to protect online systems from attacks. However...
International audienceInjections flaws which include SQL injection are the most prevalent security t...
Web services are increasingly adopted in various domains, from finance and e-government to social me...
Web services are increasingly adopted in various domains, from finance and e-government to social me...
A web application is a very important requirement in the information and digitalization era. With th...
Web services are increasingly adopted in various domains, from finance and e-government to social me...
Today most of us depend on Internet for our day to day activities such as financial transactions, ed...
Injection vulnerabilities, such as SQL injection (SQLi), are ranked amongst the most dangerous types...
peer reviewedTesting and fixing WAFs are two relevant and complementary challenges for security anal...
Structured query language injection vulnerability (SQLIV) is one of the most prevalent and serious w...
Context. Many applications today use databases to store user informationor other data for their appl...
Internet has eased the life of human in numerous ways, but the drawbacks like the intrusions that ar...
Web security is an important area of research. This work has focused on web securing schemes. The pr...
Abstract: Every cyber attack mostly targets the Databases through the firewalls that shield it. Like...