{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,1]],"date-time":"2025-06-01T04:13:00Z","timestamp":1748751180603,"version":"3.41.0"},"publisher-location":"Cham","reference-count":27,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319269603"},{"type":"electronic","value":"9783319269610"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-26961-0_12","type":"book-chapter","created":{"date-parts":[[2015,12,16]],"date-time":"2015-12-16T13:07:52Z","timestamp":1450271272000},"page":"192-206","source":"Crossref","is-referenced-by-count":1,"title":["SQLshield: Preventing SQL Injection Attacks by Modifying User Input Data"],"prefix":"10.1007","author":[{"given":"Punit","family":"Mehta","sequence":"first","affiliation":[]},{"given":"Jigar","family":"Sharda","sequence":"additional","affiliation":[]},{"given":"Manik Lal","family":"Das","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,12,31]]},"reference":[{"key":"12_CR1","unstructured":"The Open Web Application Security Project (OWASP), OWASP top 10 web application security risks in year (2013). https:\/\/www.owasp.org\/index.php\/Top_10_2013-Top_10"},{"key":"12_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"292","DOI":"10.1007\/978-3-540-24852-1_21","volume-title":"Applied Cryptography and Network Security","author":"SW Boyd","year":"2004","unstructured":"Boyd, S.W., Keromytis, A.D.: SQLrand: preventing SQL injection attacks. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 292\u2013302. Springer, Heidelberg (2004)"},{"issue":"2","key":"12_CR3","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/1698750.1698754","volume":"13","author":"P Bisht","year":"2010","unstructured":"Bisht, P., Madhusudan, P., Venkatakrishnan, V.N.: CANDID: Dynamic candidate evaluations for automatic prevention of SQL injection attacks. ACM Trans. Inf. Syst. Secur. 13(2), 1\u201339 (2010)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"12_CR4","doi-asserted-by":"crossref","unstructured":"Bisht, P., Sistla, A.P., Venkatakrishnan, V.N.: TAPS: automatically preparing safe SQL queries. In: Proceedings of the International Conference on Financial Cryptography and Data Security, pp. 272\u2013288 (2010)","DOI":"10.1007\/978-3-642-14577-3_21"},{"key":"12_CR5","doi-asserted-by":"crossref","unstructured":"Buehrer, G., Weide, B.W., Sivilotti, P.A.: Using parse tree validation to prevent SQL injection attacks. In: Proceedings of the International Workshop on Software Engineering and Middleware, pp. 106\u2013113 (2005)","DOI":"10.1145\/1108473.1108496"},{"issue":"3\u20134","key":"12_CR6","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1016\/j.cose.2008.09.005","volume":"28","author":"D Mitropoulos","year":"2009","unstructured":"Mitropoulos, D., Spinellis, D.: SDriver: Location-specific signatures prevent SQL injection attacks. J. Comput. Secur. 28(3\u20134), 121\u2013129 (2009)","journal-title":"J. Comput. Secur."},{"key":"12_CR7","unstructured":"General SQL parser implemented in JAVA. http:\/\/www.sqlparser.com\/products.php"},{"key":"12_CR8","volume-title":"SQL Injection Attacks and Defense","author":"J Clarke","year":"2012","unstructured":"Clarke, J.: SQL Injection Attacks and Defense, vol. 2. Elsevier publisher, USA (2012)"},{"key":"12_CR9","doi-asserted-by":"crossref","unstructured":"Halfond, W.G., Orso, A.: Combining static analysis and runtime monitoring to counter SQL-injection attacks. In: Proceedings of the Third International Workshop on Dynamic Analysis, pp. 22\u201328 (2005)","DOI":"10.1145\/1083246.1083250"},{"key":"12_CR10","unstructured":"Martin, M., Lan, M.S.: Automatic generation of XSS and SQL injection attacks with goal-directed model checking. In: Proceedings of the Conference on Security Symposium, pp. 31\u201343 (2008)"},{"key":"12_CR11","unstructured":"Halfond, W.G., Viegas, J., Orso, A.: A classification of SQL-injection attacks and countermeasures. In: Proceedings of the IEEE International Symposium on Secure Software Engineering (2006)"},{"key":"12_CR12","doi-asserted-by":"crossref","unstructured":"McClure, R., Kruger, I.: SQL DOM: compile time checking of dynamic SQL statements. In: Proceedings of the International Conference on Software Engineering (ICSE 05), pp 88\u201396 (2005)","DOI":"10.1145\/1062455.1062487"},{"key":"12_CR13","unstructured":"McDonald, S.: SQL Injection: Modes of attack, defense, and why it matters. White paper (2002). GovernmentSecurity.org"},{"key":"12_CR14","volume-title":"Advanced SQL Injection In SQL Server Applications","author":"C Anley","year":"2002","unstructured":"Anley, C.: Advanced SQL Injection In SQL Server Applications. Next Generation Security Software Ltd., White paper (2002)"},{"key":"12_CR15","unstructured":"McDonald, S.: SQL Injection Walkthrough. White paper, SecuriTeam, May 2002. http:\/\/www.securiteam.com\/securityreviews\/5DP0N1P76E.html"},{"key":"12_CR16","doi-asserted-by":"crossref","unstructured":"Antunes, N., Laranjeiro, N., Vieira, M., Madeira, H.: Effective detection of SQL\/XPath injection vulnerabilities in web services. In: Proceedings of IEEE International Conference on Services Computing (SCC 2009), pp. 260\u2013267. IEEE (2009)","DOI":"10.1109\/SCC.2009.23"},{"issue":"3","key":"12_CR17","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/2187671.2187673","volume":"44","author":"H Shahriar","year":"2012","unstructured":"Shahriar, H., Zulkernine, M.: Mitigating program security vulnerabilities: approaches and challenges. ACM Comput. Surv. 44(3), 1\u201346 (2012). Article 11","journal-title":"ACM Comput. Surv."},{"key":"12_CR18","unstructured":"Gould, C., Su, Z., Devanbu, P.: JDBC Checker: a static analysis tool for SQL\/JDBC applications. In: Proceedings of the International Conference on Software Engineering (ICSE 2004) - Formal Demos, pp. 697\u2013698 (2004)"},{"key":"12_CR19","doi-asserted-by":"crossref","unstructured":"Gould, C., Su, Z., Devanbu, P.: Static checking of dynamically generated queries in database applications. In: Proceedings of the International Conference on Software Engineering (ICSE 2004), pp. 645\u2013654 (2004)","DOI":"10.1109\/ICSE.2004.1317486"},{"key":"12_CR20","unstructured":"Maor, O., Shulman, A.: SQL injection signatures evasion. White paper, Imperva (2002)"},{"key":"12_CR21","unstructured":"Xie, Y., Aiken, A.: Static detection of security vulnerabilities in scripting languages. In: Proceedings of the USENIX Security Symposium, pp. 179\u2013192 (2006)"},{"key":"12_CR22","doi-asserted-by":"crossref","unstructured":"Kiezun, A., Ganesh, V., Guo, P.J., Hooimeijer, P., Ernst, M.D.: Hampi: a solver for string constraints. In: Proceedings of the International Symposium on Software Testing and Analysis, pp. 105\u2013116 (2009)","DOI":"10.1145\/1572272.1572286"},{"key":"12_CR23","doi-asserted-by":"crossref","unstructured":"Halfond, W.G., Orso, A.: AMNESIA: analysis and monitoring for neutralizing SQL-injection. In: Proceedings of the IEEE\/ACM International Conference on Automated Software Engineering, pp. 174\u2013183 (2005)","DOI":"10.1145\/1101908.1101935"},{"key":"12_CR24","doi-asserted-by":"crossref","unstructured":"Valeur, F., Mutz, D., Vigna, G.: A learning-based approach to the detection of SQL attacks. In: Proceedings of the Conference on Detection of Intrusions and Malware Vulnerability Assessment, pp. 123\u2013140 (2005)","DOI":"10.1007\/11506881_8"},{"key":"12_CR25","unstructured":"Baranwal, A.K.: Approaches to detect SQL injection and XSS in web applications. Term Survey paper-EECE 571b, University of British Columbia (2012)"},{"key":"12_CR26","unstructured":"Security Compass. SQL Inject Me. https:\/\/addons.mozilla.org\/en-US\/firefox\/addon\/sql-inject-me\/"},{"key":"12_CR27","unstructured":"Larouche, F.: SQL Power Injector. http:\/\/www.sqlpowerinjector.com\/"}],"container-title":["Lecture Notes in Computer Science","Information Systems Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-26961-0_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,31]],"date-time":"2025-05-31T20:20:21Z","timestamp":1748722821000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-26961-0_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319269603","9783319269610"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-26961-0_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2015]]}}}