The attack of SQL injection is a well-known threat to web applications, which leads to great damages of confidentiality and integrity of information in databases. Therefore, it is essential for each web applications to detect SQL injection vulnerabilities and eliminate the hidden danger. In this paper, an approach based on penetration testing named YUKIER is proposed to achieve higher effectiveness and preciseness on identifying security vulnerabilities. We compare YUKIER with SQLiX and Paros Proxy, and the experiment results demonstrate that our proposed approach has the higher performances with respect to the existing circumstance.
展开▼