Modular Blackbox SQL Injection Vulnerability Web Scanning

Abstract

The use of web applications has increased heavily the last couple of decades. In line with this, an increasing amount of sensitive data is stored on web servers. Furthermore, SQL injections are one of the most common web application security risks. It can have devastating consequences, as it can cause confidential data to be read, modified and deleted. It could even allow an attacker to gain administrative privileges on the server database and compromise individual machines or entire networks. A popular approach to finding web vulnerabilities is using autonomous web vul nerability scanners. In order for a scanner to be successful, it needs to be good at both crawling the web and detecting vulnerabilities when presented with possible attack vectors. For the most part, these two components are integrated to some degree. Our hypothesis is that web vulnerability scanners would benefit from using a modular approach instead. By allowing for easy exchange of crawler and detection module used in a scanner, the scanner could be optimised for specific tasks, whether that be finding SQL injections or other vulnerabilities. It could also be adapted to various types of web applications as different crawlers specialize on different areas. To test the hypothesis, we have developed a modular design that can be used to combine crawlers and detection modules. We have also implemented a scanner using the modular design as a proof of concept. The results show that the modular approach benefits from the advantages of both crawler and detection module used and it outperforms state-of-the-art web vulnerability scanners in both code coverage and vulnerabilities found. Moreover, the modular scanner was the only scanner that was able to find three previously unknown vulnerabilities in the web application WSPortal.