Résumé:
Web applications vulnerabilities allow attackers to perform malicious actions that range
from gaining unauthorised access to obtaining sensitive data. Improper input validation and
sanitization are the common reason for most of them. SQL injection attack (SQLIA) is the
more famous attack based on improper input validation and sanitization. To mitigate the
problem we propose a new approach in developing a reliable automatic black box testing
scanner for detecting SQL injection vulnerability SQLIVD (SQL injection vulnerability
Detector). Our SQLiV detection approach is based on rejection page and on structural
similarity algorithms to calculate the structural similarity between rejection page and its
corresponding injection page ; our proposed approach able to minimize the false positive and
false negative detection rate. The proposed scanner proved the effectiveness of our approach
compared to the most popular web application scanners in the field.