A research team has introduced ART4SQLi, a new adaptive random testing method designed to improve SQL injection (SQLi) vulnerability detection efficiency in penetration testing. ART4SQLi prioritizes promising SQLi payloads by decomposing them into tokens, converting them into feature vectors, and selecting the most dissimilar ones for testing. Evaluations on benchmarks like Web for Pentester, DVWA 2014, and MCIR-SQLol showed ART4SQLi reduced the number of payloads needed to detect vulnerabilities by up to 28.38%, with only a modest 3.94% increase in computational overhead. The approach also revealed that successful SQLi payloads cluster sparsely, supporting its adaptive strategy. Despite these advancements, the researchers acknowledged some limitations, emphasizing ART4SQLi's potential for practical penetration testing. Continue here.
