Idea: Using System Level Testing for Revealing SQL Injection-Related Error Message Information Leaks: Difference between revisions
Jump to navigation
Jump to search
Programsam (talk | contribs) |
Programsam (talk | contribs) |
||
| Line 104: | Line 104: | ||
This section presents the results of our case study. We first observed, as shown in Table 2, that there were no intrinsic JUnit test cases that used malicious input. We conducted all of our 272 system level tests by using HtmlUnit to inject our attack list into a request parameter, or in the case of TuduLists, to conduct an AJAX request where the malicious input was injected into an asynchronous JavaScript call. Using our technique, we found no instances of SQL injection vulnerabilities at the system level. No application allowed us to issue commands to the database management system because prepared statements and Hibernate both perform strong type checking on the variables used in their hotspots. Hibernate allows developers to create persistent classes in the object-oriented paradigm that represent individual database records<sup>[12]</sup>. However, we found 17 error message information leak vulnerabilities among the four applications in our case study, summarized in Table 2. | This section presents the results of our case study. We first observed, as shown in Table 2, that there were no intrinsic JUnit test cases that used malicious input. We conducted all of our 272 system level tests by using HtmlUnit to inject our attack list into a request parameter, or in the case of TuduLists, to conduct an AJAX request where the malicious input was injected into an asynchronous JavaScript call. Using our technique, we found no instances of SQL injection vulnerabilities at the system level. No application allowed us to issue commands to the database management system because prepared statements and Hibernate both perform strong type checking on the variables used in their hotspots. Hibernate allows developers to create persistent classes in the object-oriented paradigm that represent individual database records<sup>[12]</sup>. However, we found 17 error message information leak vulnerabilities among the four applications in our case study, summarized in Table 2. | ||
<center>'''Table 2. Results for the Test Subjects''' | |||
{| class="wikitable" | |||
|- | |||
|'''Project''' | |||
|'''iTrust''' | |||
|'''Hispacta''' | |||
|'''LogicServices''' | |||
|'''TuduLists''' | |||
|- | |||
|'''Hotspots''' | |||
| 92 | |||
| 23 | |||
| 48 | |||
| 13 | |||
|- | |||
|'''Covered by Intrinsic Tests''' | |||
| 89 | |||
| 20 | |||
| 47 | |||
| 3 | |||
|- | |||
|'''Statement Coverage (EclEmma)''' | |||
| 84% | |||
| 49% | |||
| 53% | |||
| 40% | |||
|- | |||
|'''Test Cases with Malicious Input''' | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
|- | |||
|} | |||
</center> | |||
== 7. References == | == 7. References == | ||