Although a lot of researchers have been focusing on detecting SQL injection vulnerabilities in web application, still there are still open issues that need to be highlighted (Lei et al., 2013)(Bozic & Wotawa, 2014a)(Shar & Tan, 2013). As explained in the prob-lem background, because of generating the test input manually, it is often incompleteness and prone to error,. tTherefore, by generating the test input automatically, it can be used to mitigate the issue. However there hasve been littlfew approaches that allow for generating sufficient test input as well as for automated test input generation. Thus, the first issue being focused on is regarding techniques or approaches that will be applied, for generat-ing test input efficiently and accurately, in order to achieve the improvement of test coverage and efficiency of the test input generation.

Another problem thato considered in this research is the automatic creation and analysis of test results. In software testing, it is important to prepare expected test results or test output, to help determine whether the application behaves correctly. Even though testers can generate an expected test result for each specific test input but, it is tedious for testers to generate expected test outputs for a large number of test inputs. After executing the application, the analysis of test results will be per-formed for checking whether the actual outputs of the applications under the test isare equivalent to the expected output. The main objective is to analyse all test results, and the problem here is to assign all the test results with appropriate severity, based on class, whether high, moderate andor low. Although this is a task that has been done before in software testing, but this is considered are new approaches for classifying se-verity classes for SQL injection vulnerability. Thus the goal of this research is to de-velop a model for detecting vulnerabilities during testing, by improving two research efforts: a) develop a technique to automatically generate test inputs b) develop a technique to automatically analysise test results.