{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,4]],"date-time":"2024-09-04T20:32:16Z","timestamp":1725481936675},"publisher-location":"Boston, MA","reference-count":25,"publisher":"Springer US","isbn-type":[{"type":"print","value":"9780387327204"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1007\/978-0-387-44599-1_5","type":"book-chapter","created":{"date-parts":[[2007,3,4]],"date-time":"2007-03-04T10:35:08Z","timestamp":1173004508000},"page":"85-109","source":"Crossref","is-referenced-by-count":8,"title":["Detection and Prevention of SQL Injection Attacks"],"prefix":"10.1007","author":[{"given":"William G. J.","family":"Halfond","sequence":"first","affiliation":[]},{"given":"Alessandro","family":"Orso","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"5_CR1","unstructured":"C. Anley. Advanced SQL Injection In SQL Server Applications. White paper, Next Generation Security Software Ltd., 2002."},{"key":"5_CR2","unstructured":"C. Anley. (more) Advanced SQL Injection. White paper, Next Generation Security Software Ltd., 2002."},{"key":"5_CR3","unstructured":"D. Aucsrnith. Creating and maintaining software that resists malicious attack. http:\/\/www.gtisc.gatech.edu\/aucsmith-bio.htm, September 2004. Distinguished Lecture Series."},{"key":"5_CR4","doi-asserted-by":"crossref","first-page":"292","DOI":"10.1007\/978-3-540-24852-1_21","volume-title":"Applied Cryptography and Network Security","author":"Stephen W. Boyd","year":"2004","unstructured":"S. W. Boyd and A. D. Keromytis. SQLrand: Preventing SQL injection attacks. In Proceedings of the 2nd Applied Cryptography and Network Security (ACNS) Conference, pages 292\u2013302, June 2004."},{"key":"5_CR5","first-page":"1","volume-title":"Static Analysis","author":"Aske Simon Christensen","year":"2003","unstructured":"A. S. Christensen, A. Mdler, and M. I. Schwartzbach. Precise analysis of string expressions. In Proc. 10th International Static Analysis Symposium, SAS\u2019 03, volume 2694 of LNCS, pages 1\u201318. Springer-Verlag, June 2003. Available from http:\/\/www.brics.dk\/JSA\/."},{"key":"5_CR6","doi-asserted-by":"crossref","unstructured":"W. R. Cook and S. Rai. Safe Query Objects: Statically Typed Objects as Remotely Executable Queries. In Proceedings of the 27th International Conference on Soffware Engineering (ICSE 2005), 2005.","DOI":"10.1145\/1062455.1062488"},{"key":"5_CR7","unstructured":"T. 0. Foundation. Top ten most critical web application vulnerabilities, 2005. http:\/\/www.owasp.org\/documentation\/topten.html."},{"key":"5_CR8","doi-asserted-by":"crossref","unstructured":"C. Gould, Z. Su, and P. Devanbu. Static Checking of Dynamically Generated Queries in Database Applications. In Proceedings of the 26th International Conference on Software Engineering (ICSE 04), pages 645\u2013654,2004.","DOI":"10.1109\/ICSE.2004.1317486"},{"key":"5_CR9","doi-asserted-by":"crossref","unstructured":"W. G. Halfond and A. Orso. AMNESIA: Analysis and Monitoring for NEutralizing SQLInjection Attacks. In Proceedings of the IEEE and ACM International Conference on Automated Software Engineering (ASE 2005), Long Beach, CA, USA, Nov 2005.","DOI":"10.1145\/1101908.1101935"},{"key":"5_CR10","unstructured":"W. G. Halfond, J. Viegas, and A. Orso. A Classification of SQL-Injection Attacks and Counter Techniques. Technical report, Georgia Institute of Technology, August 2005."},{"key":"5_CR11","volume-title":"Writing Secure Code","author":"M. Howard","year":"2003","unstructured":"M. Howard and D. LeBlanc. Writing Secure Code. Microsoft Press, Redmond, Washington, second edition, 2003.","edition":"second edition"},{"key":"5_CR12","doi-asserted-by":"crossref","unstructured":"Y. Huang, S. Huang, T. Lin, and C. Tsai. Web Application Security Assessment by Fault Injection and Behavior Monitoring. In Proceedings of the 11th International World Wide Web Conference (WWW O3), May 2003.","DOI":"10.1145\/775152.775174"},{"key":"5_CR13","doi-asserted-by":"crossref","unstructured":"Y. Huang, E Yu, C. Hang, C. H. Tsai, D. T. Lee, and S. Y. Kuo. Securing Web Application Code by Static Analysis and Runtime Protection. In Proceedings of the 12th International World Wide Web Conference (WWW 04), May 2004.","DOI":"10.1145\/988672.988679"},{"key":"5_CR14","unstructured":"V. B. Livshits and M. S. Lam. Finding Security Vulnerabilities in Java Applications with Static Analysis. In Usenix Security Symposium, August 2005."},{"key":"5_CR15","unstructured":"0. Maor and A. Shulman. SQL Injection Signatures Evasion. White paper, Imperva, April 2004. http:\/\/www.imperva.com\/application_defense_center\/ whiteqapers\/sql-injecti_n_signatures_evasion.html."},{"key":"5_CR16","doi-asserted-by":"crossref","unstructured":"M. Martin, V. B. Livshits, and M. S. Lam. Finding Application Errors and Security Flaws Using PQL: a Program Query Language. In Proceedings of the ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), October 2005.","DOI":"10.1145\/1094811.1094840"},{"key":"5_CR17","doi-asserted-by":"crossref","unstructured":"R. McClure and I. Krtiger. SQL DOM: Compile Time Checking of Dynamic SQL Statements. In Proceedings of the 27th International Conference on Software Engineering (ICSE OS), pages 88\u201396,2005.","DOI":"10.1145\/1062455.1062487"},{"key":"5_CR18","unstructured":"S. McDonald. SQL Injection: Modes of attack, defense, and why it matters. White paper, GovernmentSecurity.org, April 2002. http:\/\/www.governmentsecurity.org\/articles\/SQLInjectionModesofAttackDefenceandWhyItMatters.php."},{"key":"5_CR19","unstructured":"S. McDonald. SQL Injection Walkthrough. White paper, SecuriTeam, May 2002. http:\/\/www.securiteam.com\/securityreviews\/5DPONlP76E.html."},{"key":"5_CR20","doi-asserted-by":"crossref","unstructured":"A. Nguyen-Tuong, S. Guarnieri, D. Greene, J. Shirley, and D. Evans. Automatically Hardening Web Applications Using Precise Tainting Information. In Twentieth IFIP International Information Security Conference (SEC 2005), May 2005.","DOI":"10.21236\/ADA436667"},{"key":"5_CR21","doi-asserted-by":"crossref","unstructured":"T. Pietraszek and C. V. Berghe. Defending Against Injection Attacks through Context-Sensitive String Evaluation. In Proceedings of Recent Advances in lntrusion Detection (RAID2005), 2005.","DOI":"10.1007\/11663812_7"},{"key":"5_CR22","doi-asserted-by":"crossref","unstructured":"D. Scott and R. Sharp. Abstracting Application-level Web Security. In Proceedings of the 1lth International Conference on the World Wide Web (WWW 2002), pages 396\u2013407, 2002.","DOI":"10.1145\/511446.511498"},{"key":"5_CR23","doi-asserted-by":"crossref","unstructured":"A. Seesing and A. Orso. InsECTJ: A Generic Instrumentation Framework for Collecting Dynamic Information within Eclipse. In Proceedings of the eclipse Technology exchange (em) Workshop at OOPSLA 2005, pages 49\u201353, San Diego, USA, October 2005.","DOI":"10.1145\/1117696.1117706"},{"key":"5_CR24","doi-asserted-by":"crossref","unstructured":"F. Valeur, D. Mutz, and G. Vigna. A Learning-Based Approach to the Detection of SQL Attacks. In Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA), Vienna, Austria, July 2005.","DOI":"10.1007\/11506881_8"},{"key":"5_CR25","unstructured":"G. Wassermann and Z. Su. An Analysis Framework for Security in Web Applications. In Proceedings of the FSE Workshop on Specification and Verification of Component-Based Systems (SAVCBS 2004), pages 70\u201378,2004."}],"container-title":["Advances in Information Security","Malware Detection"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-0-387-44599-1_5.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,27]],"date-time":"2021-04-27T22:00:36Z","timestamp":1619560836000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-0-387-44599-1_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"ISBN":["9780387327204"],"references-count":25,"URL":"https:\/\/doi.org\/10.1007\/978-0-387-44599-1_5","relation":{},"subject":[]}}