<p>Web application vulnerabilities enable attackers to perform malicious activities that can cause huge losses to the users. Web application vulnerability scanners are automated Black-Box testing tools that identify the vulnerabilities prevailing in a web application. The scanners have gained popularity with time due to its ability to detect the application architecture weaknesses without accessing the source codes of the target web applications. However, a scanner has its own limitations as well. This paper focuses on analyzing the web application vulnerability scanners' ability to detect SQL injection and therefore we test a set of three open-source scanners against a set of custom-built test samples with various categories of SQL injection.</p>
S. Jose, Priyadarshini, K., and Abirami K., “An Analysis of Black-Box Web Application Vulnerability Scanners in SQLi Detection”, Proceedings of the International Conference on Soft Computing Systems. Springer India, New Delhi, 2016.