Abstract
As web applications become increasingly popular for offering data and services among businesses and organizations they also become more susceptible to security risks. Many organizations rely today on Web Vulnerability Scanners (WVSs) to identify vulnerabilities in their web applications. However, one of the most prevalent types of web application vulnerabilities, SQL Injections (SQLi), can often go undetected by WVSs. OWASP ZAP is an open-source web vulnerability scanner that allows security professionals to develop rules to improve vulnerability detection capability. In this paper, a new method is proposed to improve the detection capability of OWASP ZAP for SQLi. We aim to accurately detect the four major types of SQLi: Error-based, Union-based, Time-based blind, and Authentication Bypass. We implemented this new method using OWASP ZAP detection policies. The method was tested against two benchmark vulnerable web applications, Mutillidae and WebGoat, and was shown to significantly improve the detection of SQL injection attacks.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
