Detecting SQL Injection Vulnerabilities in Web Services

Web services are often deployed with critical software bugs that can be maliciously exploited Web vulnerability scanners are regarded as an easy way to test web applications against security vulnerabilities. However, previous research shows that the effectiveness of these tools in web services environments is very poor. In fact, the high number of false-positives and the low coverage observed in practice highlight the strong limitations of these tools. The goal of this paper is to demonstrate that it is possible to develop a vulnerability scanner for web services that performs much better than the commercial ones currently available. Thus, we propose an approach to detect SQL Injection vulnerabilities, one of the most common and most critical types of vulnerabilities in web environments. Experimental evaluation shows that our approach performs much better than well-known commercial tools, achieving very high detection coverage while maintaining the false positives rate quite low.