An Inferential Metamorphic Testing Approach to Eliminating False Positives in SQLIV Penetration Test
SQL Injection Vulnerability (SQLIV) has been the top-ranked threat to the Web security consistently for many years. Penetration tests, which are a most widely adopted technique to detect SQLIV, are usually affected by testing inaccuracy. This problem is even worse in inference based, blind penetration tests for online Web sites, where Web page variations (such as those caused by inbuilt dynamic modules or user interactions) may lead to a large number of False Positives (FP).
Liu, L., Su, G., Xu, J., Zhang, B., Kang, J., Xu, S., Li, P. & Si, G. (2017). An Inferential Metamorphic Testing Approach to Eliminating False Positives in SQLIV Penetration Test. IEEE Computers, Software, and Applications Conference (COMPSAC 2017) (pp. 675-680). United States: IEEE.