350 rub
Journal Dynamics of Complex Systems - XXI century №4 for 2025 г.
Article in number:
Approaches to developing a model of system for testing websites for vulnerabilities «malicious code injection»
Type of article: scientific article
DOI: 10.18127/j19997493-202504-05
UDC: 004.056.53
Keywords: Web application SQL injection vulnerability automation testing vulnerability detection
Authors:

N.V. Shishkin1, А.А. Kamenskiy2

1,2 Federal State Budgetary Educational Institution of Higher Education «MIREA – Russian Technological University» (Moscow, Russia)
1 shishkin_nv@mail.ru, 2 kamenskijaleksej@gmail.com

Abstract:

With the growing number of Internet users, the volume of possible leaks of confidential information due to cyber attacks on web applications is also growing. In this regard, the development of more advanced methods of preventive protection against this type of threat remains an urgent problem.

Goal. To develop a generalized representation of the automated website testing system for SQL injection vulnerabilities.

A comparative analysis of SQL injection detection methods has been carried out and their disadvantages have been identified. Possible actions of an attacker are presented in a generalized form, as well as informative signs of attacks are identified and systematized. An approach to formalizing the testing system model is proposed, which is based on a generalized representation of a web application.

The results of the study can be used in the development of SQL injection testing algorithms that take into account various types of injections, validation mechanisms, and web application features. Based on the model proposed in the study, it is possible to develop effective testing strategies that optimize the ratio between the completeness of vulnerability coverage and the computational complexity of the testing process.

Pages: 44-51
For citation

Shishkin N.V., Kamenskiy А.А. Approaches to developing a model of system for testing websites for vulnerabilities «malicious code injection». Dynamics of complex systems. 2025. V. 19. № 4. P. 44−51. DOI: 10.18127/j19997493-202504-05 (in Russian).

References
  1. Putyato M.M., Makaryan A.S., Leshhenko V.V., Nemchinova V.O. Analiz tipovy`x uyazvimostej pri postroenii veb-prilozhenij / A.V. Sidorov. Vestnik informacionnoj bezopasnosti. 2020. № 3. S. 45–52.
  2. Alekperov Z.A. Analiz ugroz bezopasnosti veb-prilozhenij / I.N. Petrov, S.A. Ivanov. Alleya nauki. 2019. T. 2. № 5. S. 123–130.
  3. Open Web Application Security Project (OWASP). Oficial`ny`j sajt OWASP. URL: https://owasp.org (data obrashheniya: 17.03.2025).
  4. Uyazvimosti veb-prilozhenij: statistika 2023. Positive Technologies. 2023. URL: https://www.ptsecurity.com/ru-ru/research/ analytics/web-vulnerabilities-2023/ (data obrashheniya: 15.03.2024).
  5. OWASP Top Ten Project. OWASP Foundation. 2021. URL: https://owasp.org/www-project-top-ten/ (data obrashheniya: 15.03.2024).
  6. State of Open Source Security Report 2023. Snyk. 2023. URL: https://snyk.io/reports/open-source-security/ (data obrashheniya: 14.03.2024).
  7. Dokuchaev V.A., Maklachkova A.S., Stat`ev V.V. Metod avtomatiziro-vannogo testirovaniya zashhishhennosti veb-prilozhenij ot SQL-in``ekcij. Telekommunikacii i informacionny`e texnologii. 2019. T. 6. № 1. S. 35–43.
  8. Sadeghian A., Zamani M., Abd Manaf A. SQL Injection Vulnerability De-tection Using Machine Learning Methods. Journal of Systems and Software. 2017. V. 132. P. 21–36. DOI: 10.1016/j.jss.2017.06.067
Date of receipt: 30.07.2025
Approved after review: 14.08.2025
Accepted for publication: 10.09.2025