Welcome to Journal of University of Chinese Academy of Sciences,Today is

›› 2013, Vol. 30 ›› Issue (3): 417-424.DOI: 10.7523/j.issn.1002-1175.2013.03.021

Previous Articles     Next Articles

Design and implementation of a SQL injection vulnerability detection tool on RESTful API

LUO Qi-Han, ZHANG Yu-Qing, LIU Qi-Xu   

  1. National Computer Network Intrusion Protection Center, Graduate University, Chinese Academy of Sciences, Beijing 100049, China
  • Received:2012-01-11 Revised:2012-03-28 Online:2013-05-15

Abstract:

RESTful APIs have new features in styles of parameter and calling, and typical web flaw scanners perform poorly on these APIs. We designed and implemented the first SQL injection flaw detection tool called RASIVD targeting RESTful APIs. The experiment results show that, compared to traditional tools, RASIVD detects more API SQL injection flaws and has no false positive, which indicates the efficiency of RASIVD.

Key words: RESTful API, SQL injection, vulnerability detection, Oauth

CLC Number: