As Internet is increasingly prosperous, Web services become more common in our social life. As users can access pages on the Web directly, Web application plays a vital role in various domains such as e-finance and public-services. Inevitably, it will be followed by unprecedented amount of attacks and exploitations. Amongst all of those attacks, SQL injection attacks have consistently high rank in last years due to corresponding vulnerabilities. It is crucial to checking this vulnerabilities before web services being public. In our paper we present an effective approach for testing, MOSA, and mutation operators set to its underpinning. Using this approach we can produce test inputs that cause executable and malignant SQL statement efficiently. Besides that, we do numerous experiments and the results demonstrate that the mutation approach can detect SQL injection vulnerabilities and generate inputs that bypass web application firewalls.
展开▼