Abstract:SQL injection vulnerability has been the one of the most problems that threaten Web application security. Among them, second-order SQL injection vulnerabilities are more subtle and destructive than the first-order one, and the detection usually depends on the tester’s prior knowledge and experience. At present, in the Black-Box Testing scenario, there is no effective detection method for the second-order vulnerability yet. Utilizing the idea of model-based test case generation, in this study, a Test suite Generation method based on a Client Behavior Model (CBMTG) is proposed to get a test suite capable of detecting second-order SQL injection vulnerabilities in Web applications. In the CBMTG, firstly, the mapping relationship between transitions and SQL statements is established through the execution of the initial test suite. Then, the topological relationship between transitions is established through the field analysis of the SQL statements. Finally, the final test suite is generated under the guidance of the topological relationship. The experimental results show that the method in this study performs better in most Web application than the state-of-the-art second-order SQL injection vulnerability detection methods.