Abstract
In this paper we proposed a model to investigate the behaviour of websites when dealing with invalid inputs. Many vulnerabilities rise from invalid inputs. An invalid input is considered as a form of a successful attack if it is processed by the website code or back-end database. Based on this assumption, we proposed a list of indicators that tested and processed invalid inputs. A tool is developed to implement this model. We tested the model through evaluating several websites selected randomly. Our tool has no special credentials or access to any of the tested websites. We found many SQL injection vulnerabilities based on our proposed model. Upon the manual investigation of the web pages that showed such vulnerabilities, we found few instances of false positives. We believe that this can provide a systematic and automated approach to test websites for vulnerabilities related to improper input validation.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Information and Computer Security
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
