TY  - CHAP
U1  - Konferenzveröffentlichung
A1  - Schuckert, Felix
A1  - Langweg, Hanno
A1  - Katt, Basel
T1  - Systematic Generation of XSS and SQLi Vulnerabilities in PHP as Test Cases for Static Code Analysis
T2  - 15th IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW 2022), 04-13 April 2022, Valencia, Spain
N2  - Synthetic static code analysis test suites are important to test the basic functionality of tools. We present a framework that uses different source code patterns to generate Cross Site Scripting and SQL injection test cases. A decision tree is used to determine if the test cases are vulnerable. The test cases are split into two test suites. The first test suite contains 258,432 test cases that have influence on the decision trees. The second test suite contains 20 vulnerable test cases with different data flow patterns. The test cases are scanned with two commercial static code analysis tools to show that they can be used to benchmark and identify problems of static code analysis tools. Expert interviews confirm that the decision tree is a solid way to determine the vulnerable test cases and that the test suites are relevant.
KW  - Cross Site Scripting
KW  - SQL Injection
KW  - Static Code Analysis
KW  - PHP
KW  - Test Suite
Y1  - 2022
SN  - 978-1-6654-9628-5
SB  - 978-1-6654-9628-5
SN  - 978-1-6654-9629-2
SB  - 978-1-6654-9629-2
U6  - https://doi.org/10.1109/ICSTW55395.2022.00053
DO  - https://doi.org/10.1109/ICSTW55395.2022.00053
N1  - Volltextzugriff für Angehörige der Hochschule Konstanz via Datenbank IEEE Xplore möglich
SP  - 261
EP  - 268
PB  - IEEE
ER  -