Proposing SQL statement coverage metrics

14 years 11 months ago

Download collaboration.csc.ncsu.edu

An increasing number of cyber attacks are occurring at the application layer when attackers use malicious input. These input validation vulnerabilities can be exploited by (among others) SQL injection, cross site scripting, and buffer overflow attacks. Statement coverage and similar test adequacy metrics have historically been used to assess the level of functional and unit testing which has been performed on an application. However, these currently-available metrics do not highlight how well the system protects itself through validation. In this paper, we propose two SQL injection input validation testing adequacy metrics: target statement coverage and input variable coverage. A test suite which satisfies both adequacy criteria can be leveraged as a solid foundation for input validation scanning with a blacklist. To determine whether it is feasible to calculate values for our two metrics, we perform a case study on a web healthcare application and discuss some issues in implementatio...

Ben H. Smith, Yonghee Shin, Laurie Williams

Real-time Traffic

ICSE 2008 | Input Validation Testing | Input Validation Vulnerabilities | Input Variable Coverage | Software Engineering |

claim paper

Post Info
More Details (n/a)

Added	09 Dec 2009
Updated	09 Dec 2009
Type	Conference
Year	2008
Where	ICSE
Authors	Ben H. Smith, Yonghee Shin, Laurie Williams

Comments (0)

Sciweavers

Proposing SQL statement coverage metrics

ICSE 2008 | Input Validation Testing | Input Validation Vulnerabilities | Input Variable Coverage | Software Engineering |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers