Abstract:
The article presents the results of a scientific and methodological study of the methods of automated search for SQL
vulnerabilities in web applications. An example of an attack using a typical SQL injection is provided. The classification of
web application security assessment methods based on penetration testing is given. The results of practical studies of the
operation of the most widely used web scanners for automated vulnerability testing of web applications are given. Based on
the results, a comparison of the effectiveness of penetration testing methods has been made. The possible directions of further
research into the methods of automated search for SQL vulnerabilities in web applications are substantiated, taking into account
the results obtained, in particular the values of the Youden Index.
Description:
Berloh, Ye. Research of methods of automated search of “SQL injection” type vulnerabilities in web applications / Ye. Berloh, А. Rohovenko, Н. Dyvnych, H. // Technical sciences and technologies. - 2022. - № 4 (30). - Р. 113-120.