An Agent Based Intelligent Dynamic Vulnerability Analysis Framework for Critical SQLIA Attacks
This article describes how software vulnerability analysis and testing for web applications should detect not only the common attacks but also dynamic vulnerability attacks. These are the attacks such as structured query language injection attacks (SQLIAs) which will extract the most crucial user information from the targeted database. In this proposed approach, an intelligent agent namely intelligent vulnerability analyzer agent (IVA) is proposed in which the external attacks due to dynamic user inputs are identified using a heuristic-guided intelligent graph searching and then a pre and post condition based analysis is performed to identify the dynamic vulnerabilities. Further, the proposed approach is compared with some of the existing works based on the number of false positives and false negatives of attacks detection and confirmed that the proposed work is a novel and effective one in finding out SQLIAs.