Research of methods of automated search of “SQL injection” type vulnerabilities in web applications

Abstract

The article presents the results of a scientific and methodological study of the methods of automated search for SQL vulnerabilities in web applications. An example of an attack using a typical SQL injection is provided. The classification of web application security assessment methods based on penetration testing is given. The results of practical studies of the operation of the most widely used web scanners for automated vulnerability testing of web applications are given. Based on the results, a comparison of the effectiveness of penetration testing methods has been made. The possible directions of further research into the methods of automated search for SQL vulnerabilities in web applications are substantiated, taking into account the results obtained, in particular the values of the Youden Index.