TY  - JOUR
T1  - Test Input Generation for Detecting SQL Injection Vulnerability in Web Application
AU - Awang, Nor Fatimah AU - Manaf, AzizahAbd AU - Abidin, Siti Fatimah 
JO  - International Journal of Soft Computing
VL  - 11
IS  - 2
SP  - 103
EP  - 106
PY  - 2016
DA  - 2001/08/19
SN  - 1816-9503
DO  - ijscomp.2016.103.106
UR  - https://makhillpublications.co/view-article.php?doi=ijscomp.2016.103.106
KW  - Security testing
KW  -penetration testing
KW  -test input generation
KW  -web
KW  -SQL
AB  - In software testing, one of the critical issues is the selection of adequate test input. In this study, we formulate a method to generate test input by using permutation and combination algorithm technique in order to generate a set of test input automatically. We also develop a tool called an input generator that automatically generates the test input. The tool is a text list generator based on permutation algorithm on combination of pattern. The text list is generated based on the pattern given in a file template and combination of pattern is generated from the files to form list of text or statement. This attack pattern is formulated based on SQL attack type such as tautology, illegal and piggy-backed type. This tool is able to generate a large number of test inputs based on pattern given by tester at a lesser time. Finally, we show how ideas derived from our method will generate a set of test inputs and able to perform an attack and produce the results.
ER  -