Write a Blog >>
ISSTA 2020
Sat 18 - Wed 22 July 2020
Tue 21 Jul 2020 14:10 - 14:30 at Zoom - SECURITY Chair(s): Lucas Bang

Security is unarguably the most serious concern for Web applications, to which SQL injection (SQLi) attack is one of the most devastating attacks. Automatically testing SQLi vulnerabilities is of ultimate importance, yet is unfortunately far from trivial to implement. This is because the existence of a huge, or potentially infinite, number of variants and semantic possibilities of SQL leading to SQLi attacks on various Web applications. In this paper, we propose a deep natural language processing based tool, dubbed DeepSQLi, to generate test cases for detecting SQLi vulnerabilities. Through adopting deep learning based neural language model and sequence of words prediction, DeepSQLi is equipped with the ability to learn the semantic knowledge embedded in SQLi attacks, allowing it to translate user inputs (or a test case) into a new test case, which is semantically related and potentially more sophisticated. Experiments are conducted to compare DeepSQLi with SQLmap, a state-of-the-art SQLi testing automation tool, on six real-world Web applications that are of different scales, characteristics and domains. Empirical results demonstrate the effectiveness and the remarkable superiority of DeepSQLi over SQLmap, such that more SQLi vulnerabilities can be identified by using a less number of test cases, whilst running much faster.

Tue 21 Jul
Times are displayed in time zone: Tijuana, Baja California change

13:30 - 14:30: SECURITYTechnical Papers at Zoom
Chair(s): Lucas BangHarvey Mudd College

Public Live Stream/Recording. Registered participants should join via the Zoom link distributed in Slack.

13:30 - 13:50
Talk
Technical Papers
Ismet Burak KadronUniversity of California at Santa Barbara, Nico RosnerAmazon Web Services, Tevfik BultanUniversity of California, Santa Barbara
DOI
13:50 - 14:10
Talk
Technical Papers
Mohannad Alhanahnah, Clay StevensUniversity of Nebraska-Lincoln, Hamid BagheriUniversity of Nebraska-Lincoln, USA
DOI Pre-print Media Attached
14:10 - 14:30
Talk
Technical Papers
Muyang Liu, Ke LiUniversity of Exeter, Tao ChenLoughborough University
DOI Pre-print