Appendix to Combinatorial Methods for Dynamic Gray-Box SQL Injection Testing

This appendix contains the detailed results of our case study performed in the context of our article "Combinatorial Methods for Dynamic Gray-Box SQL Injection Testing", published in the Journal of Software Testing, Verification and Reliability. For each web application investigated, one table exists, provided as a separate PDF file. In each of these tables, the results are grouped by endpoint. For each investigated approach, we list the total number of submitted vectors, the number of injected vectors and the injection rate, the amount of executed vectors and the execution rate, and the total time required to submit the attack vectors and evaluate the responses. Please note that no false positive endpoints are listed for WAVSEP. Furthermore, some entries for the execution rate may be displayed as 0.00 despite some vectors having been executed; this is merely a consequence of rounding.