{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,19]],"date-time":"2025-10-19T05:36:42Z","timestamp":1760852202045},"publisher-location":"Berlin, Heidelberg","reference-count":20,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540317784"},{"type":"electronic","value":"9783540317791"}],"license":[{"start":{"date-parts":[[2006,1,1]],"date-time":"2006-01-01T00:00:00Z","timestamp":1136073600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2006]]},"DOI":"10.1007\/11663812_7","type":"book-chapter","created":{"date-parts":[[2006,1,20]],"date-time":"2006-01-20T07:57:08Z","timestamp":1137743828000},"page":"124-145","source":"Crossref","is-referenced-by-count":129,"title":["Defending Against Injection Attacks Through Context-Sensitive String Evaluation"],"prefix":"10.1007","author":[{"given":"Tadeusz","family":"Pietraszek","sequence":"first","affiliation":[]},{"given":"Chris Vanden","family":"Berghe","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"7_CR1","unstructured":"Anley, C.: Advanced SQL Injectio. In: SQL Server Applications. Technical report, NGSSoftware Insight Security Research (2002)"},{"key":"7_CR2","unstructured":"Anley, C. (more) Advanced SQL Injection. Technical report, NGSSoftware Insight Security Research (2002)"},{"key":"7_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"292","DOI":"10.1007\/978-3-540-24852-1_21","volume-title":"Applied Cryptography and Network Security","author":"S. Boyd","year":"2004","unstructured":"Boyd, S., Keromytis, A.: SQLrand: Preventing SQL injection attacks. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol.\u00a03089, pp. 292\u2013302. Springer, Heidelberg (2004)"},{"key":"7_CR4","volume-title":"Perl DBI","author":"A. Descartes","year":"2000","unstructured":"Descartes, A., Bunce, T.: Perl DBI. O\u2019Reilly, Sebastopol (2000)"},{"key":"7_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"220","DOI":"10.1007\/BFb0053381","volume-title":"ECOOP \u201997 - Object-Oriented Programming","author":"G. Kiczales","year":"1997","unstructured":"Kiczales, G., Lamping, J., Menhdhekar, A., Maeda, C., Lopes, C., Loingtier, J.M., Irwin, J.: Aspect-Oriented Programming. In: Aksit, M., Matsuoka, S. (eds.) ECOOP 1997. LNCS, vol.\u00a01241, pp. 220\u2013242. Springer, Heidelberg (1997)"},{"key":"7_CR6","unstructured":"Larson, E., Austin, T.: High coverage detection of input-related security faults. In: Proceedings of the 12th USENIX Security Symposium, Washington DC, USENIX, pp. 121\u2013136 (2003)"},{"key":"7_CR7","unstructured":"Lim, J.: ADOdb Database Abstraction Library for PHP (and Python) (2000\u20132004), Web page at \n \n http:\/\/adodb.sourceforge.net"},{"key":"7_CR8","unstructured":"Maor, O., Shulman, A.: SQL Injection Signatures Evasion. Technical report, Imperva Application Defense Center (2004)"},{"key":"7_CR9","unstructured":"Meijer, E., Schulte, W., Bierman, G.: Unifying tables, objects and documents. In: Workshop on Declarative Programming in the Context of OO Languages (DP-COOL 2003), Uppsala, Sweeden, pp. 145\u2013166 (2003)"},{"key":"7_CR10","unstructured":"MITRE: Common Vulnerabilites and Exposures (1999\u20132004), Web page at \n \n http:\/\/cve.mitre.org"},{"key":"7_CR11","unstructured":"NIST: ICAT Metabase (2000\u20132004), Web page at \n \n http:\/\/icat.nist.gov\/"},{"key":"7_CR12","doi-asserted-by":"crossref","unstructured":"Ollmann, G.: HTML Code Injection and Cross-site Scripting. Technical report, Gunter Ollmann (2002)","DOI":"10.1016\/S1353-4858(02)10011-0"},{"key":"7_CR13","unstructured":"Ollmann, G.: Second-order Code Injection Attacks. Technical report, NGSSoftware Insight Security Research (2004)"},{"key":"7_CR14","unstructured":"PHP Group, T.: PHP Hypertext Preprocessor (2001\u20132004), Web page at \n \n http:\/\/www.php.net"},{"key":"7_CR15","unstructured":"phpBB Group, T.: phpBB.com (2001\u20132004), Web page at \n \n http:\/\/www.phpbb.com"},{"key":"7_CR16","unstructured":"SecurityFocus: BugTraq (1998\u20132004), Web page at \n \n http:\/\/www.securityfocus.com\/bid"},{"key":"7_CR17","unstructured":"Shankar, U., Talwar, K., Foster, J.S., Wagner, D.: Detecting format string vulnerabilities with type qualifiers. In: Proceedings of the 10th USENIX Security Symposium, Washington DC, USENIX, pp. 257\u2013272 (2001)"},{"key":"7_CR18","doi-asserted-by":"crossref","unstructured":"Stamey, J.W., Saunders, B.T., Cameron, M.: Aspect Oriented PHP (AOPHP) (2004\u20132005), Web page at \n \n http:\/\/www.aophp.net","DOI":"10.1145\/1166324.1166371"},{"key":"7_CR19","unstructured":"Valgrind Developers: Valgrind (2000\u20132005), Web page at \n \n http:\/\/valgrind.org"},{"key":"7_CR20","volume-title":"Programming Perl","author":"L. Wall","year":"2000","unstructured":"Wall, L., Christiansen, T., Orwant, J.: Programming Perl. O\u2019Reilly, Sebastopol (2000)"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/11663812_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,19]],"date-time":"2019-05-19T14:16:44Z","timestamp":1558275404000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/11663812_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2006]]},"ISBN":["9783540317784","9783540317791"],"references-count":20,"URL":"https:\/\/doi.org\/10.1007\/11663812_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2006]]}}}