{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T14:56:17Z","timestamp":1742914577998,"version":"3.40.3"},"publisher-location":"Cham","reference-count":24,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030708801"},{"type":"electronic","value":"9783030708818"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-70881-8_6","type":"book-chapter","created":{"date-parts":[[2021,2,26]],"date-time":"2021-02-26T05:18:27Z","timestamp":1614316707000},"page":"82-99","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Developer-Proof Prevention of SQL Injections"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9880-2401","authenticated-orcid":false,"given":"Judica\u00ebl","family":"Courant","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2021,2,27]]},"reference":[{"key":"6_CR1","unstructured":"Hibernate project. http:\/\/hibernate.org\/"},{"key":"6_CR2","unstructured":"jOOQ website. https:\/\/www.jooq.org\/"},{"key":"6_CR3","unstructured":"Querydsl website. http:\/\/www.querydsl.com\/"},{"issue":"4","key":"6_CR4","first-page":"235","volume":"I","author":"K Ahmad","year":"2010","unstructured":"Ahmad, K., Shekhar, J., Yadav, K.: Classification of SQL injection attacks. VSRD Tech. Non-Techn. J. I(4), 235\u2013242 (2010)","journal-title":"VSRD Tech. Non-Techn. J."},{"key":"6_CR5","unstructured":"Bergmann, S., Blankerts, A., Priebsch, S.: Why magic quotes are gone in PHP 7, August 2017. https:\/\/thephp.cc\/news\/2017\/08\/why-magic-quotes-are-gone-in-php7"},{"key":"6_CR6","doi-asserted-by":"crossref","unstructured":"Buehrer, G.T., Weide, B.W., Sivilotti, P.A.G.: Using parse tree validation to prevent SQL injection attacks. In: Proceedings of the International Workshop on Software Engineering and Middleware (SEM) at Joint FSE and ESEC, pp. 106\u2013113 (2005)","DOI":"10.1145\/1108473.1108496"},{"key":"6_CR7","unstructured":"Courant, J.: Sqltrees: a secure, developper-proof, java library for querying SQL databases (2020). https:\/\/github.com\/Orange-Cyberdefense\/sqltrees"},{"key":"6_CR8","unstructured":"Dahse, J., Holz, T.: Static detection of second-order vulnerabilities in web applications. In: Fu, K., Jung, J. (eds.) Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, 20\u201322 August 2014, pp. 989\u20131003. USENIX Association (2014). https:\/\/www.usenix.org\/conference\/usenixsecurity14\/technical-sessions\/presentation\/dahse"},{"key":"6_CR9","unstructured":"Eder, L.: Never concatenate strings with jOOQ. jOOQ blog, March 2020. https:\/\/blog.jooq.org\/2020\/03\/04\/never-concatenate-strings-with-jooq\/"},{"key":"6_CR10","unstructured":"Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley Professional Computing Series, Pearson Education (1994)"},{"key":"6_CR11","unstructured":"Halfond, W.G., Viegas, J., Orso, A.: A classification of SQL-injection attacks and countermeasures. In: Proceedings of the International Symposium on Secure Software Engineering, Washington, D.C., USA, March 2006"},{"key":"6_CR12","unstructured":"Karwin, B.: SQL injection myths and fallacies (2012). https:\/\/www.percona.com\/sites\/default\/files\/WEBINAR-SQL-Injection-Myths.pdf"},{"key":"6_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1007\/978-3-642-27375-9_11","volume-title":"Theory of Security and Applications","author":"Z Luo","year":"2012","unstructured":"Luo, Z., Rezk, T., Serrano, M.: Automated code injection prevention for web applications. In: M\u00f6dersheim, S., Palamidessi, C. (eds.) TOSCA 2011. LNCS, vol. 6993, pp. 186\u2013204. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-27375-9_11"},{"key":"6_CR14","doi-asserted-by":"crossref","unstructured":"McClure, R.A., Kruger, I.H.: SQL DOM: compile time checking of dynamic SQL statements. In: Proceedings. 27th International Conference on Software Engineering, ICSE 2005, pp. 88\u201396 (2005)","DOI":"10.1145\/1062455.1062487"},{"key":"6_CR15","doi-asserted-by":"publisher","first-page":"348","DOI":"10.1016\/0022-0000(78)90014-4","volume":"17","author":"R Milner","year":"1978","unstructured":"Milner, R.: A theory of type polymorphism in programming. J. Comput. Syst. Sci. 17, 348\u2013375 (1978)","journal-title":"J. Comput. Syst. Sci."},{"key":"6_CR16","unstructured":"OWASP project: SQL injection prevention cheat sheet (2020). https:\/\/cheatsheetseries.owasp.org\/cheatsheets\/SQL_Injection_Prevention_Cheat_Sheet.html"},{"key":"6_CR17","unstructured":"Puppy, R.F.: NT web technology vulnerabilities. Phrack Mag. 8(54) (1998). http:\/\/phrack.org\/issues\/54\/8.html"},{"key":"6_CR18","unstructured":"van der Stock, A., Glass, B., Smithline, N., Gigler, T.: OWASP Top 10 (2017). https:\/\/web.archive.org\/web\/20200406122129\/owasp.org\/www-pdf-archive\/OWASP_Top_10-2017_(en).pdf.pdf"},{"key":"6_CR19","doi-asserted-by":"publisher","unstructured":"Su, Z., Wassermann, G.: The essence of command injection attacks in web applications. In: Morrisett, J.G., Jones, S.L.P. (eds.) Proceedings of the 33rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2006, Charleston, South Carolina, USA, pp. 372\u2013382. ACM (2006). https:\/\/doi.org\/10.1145\/1111037.1111070","DOI":"10.1145\/1111037.1111070"},{"key":"6_CR20","unstructured":"Sun, S.T., Wei, T.H., Liu, S., Lau, S.: Classification of SQL injection attacks. University of Columbia, Term Project (2007). https:\/\/courses.ece.ubc.ca\/cpen442\/term_project\/reports\/2007-fall\/Classification_of_SQL_Injection_Attacks.pdf"},{"key":"6_CR21","unstructured":"Wikipedia, The Free Encyclopedia: Embedded SQL, March 2020"},{"key":"6_CR22","unstructured":"Wikipedia, The Free Encyclopedia: SQL Reserved Words, March 2020"},{"key":"6_CR23","unstructured":"Wikipedia, The Free Encyclopedia: SQLJ, March 2020"},{"key":"6_CR24","unstructured":"Wall, K., Seil, M.: The OWASP enterprise security API. https:\/\/web.archive.org\/web\/20200331100823\/owasp.org\/www-project-enterprise-security-api\/"}],"container-title":["Lecture Notes in Computer Science","Foundations and Practice of Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-70881-8_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,2,26]],"date-time":"2021-02-26T05:29:26Z","timestamp":1614317366000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-70881-8_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030708801","9783030708818"],"references-count":24,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-70881-8_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"27 February 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"FPS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Symposium on Foundations and Practice of Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Montreal, QC","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Canada","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"1 December 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3 December 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"fps2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.fps-symposium.com\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"23","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"11","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"1","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"48% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Due to the Corona pandemic this event was held virtually.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}