{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T13:59:20Z","timestamp":1725544760175},"publisher-location":"Berlin, Heidelberg","reference-count":14,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642117466"},{"type":"electronic","value":"9783642117473"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-3-642-11747-3_15","type":"book-chapter","created":{"date-parts":[[2010,1,25]],"date-time":"2010-01-25T01:03:02Z","timestamp":1264381382000},"page":"192-200","source":"Crossref","is-referenced-by-count":6,"title":["Idea: Using System Level Testing for Revealing SQL Injection-Related Error Message Information Leaks"],"prefix":"10.1007","author":[{"given":"Ben","family":"Smith","sequence":"first","affiliation":[]},{"given":"Laurie","family":"Williams","sequence":"additional","affiliation":[]},{"given":"Andrew","family":"Austin","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"15_CR1","doi-asserted-by":"crossref","unstructured":"Halfond, W.G.J., Orso, A.: AMNESIA: analysis and monitoring for neutralizing SQL-injection attacks. In: 20th IEEE\/ACM International Conference on Automated Software Engineering, Long Beach, CA, USA, pp. 174\u2013183 (2005)","DOI":"10.1145\/1101908.1101935"},{"key":"15_CR2","doi-asserted-by":"crossref","unstructured":"Kosuga, Y., Kono, K., Hanaoka, M., Hishiyama, M., Takahama, Y.: Sania: syntactic and semantic analysis for automated testing against SQL injection. In: 23rd Annual Computer Security Applications Conference, Miami Beach, FL, pp. 107\u2013117 (2007)","DOI":"10.1109\/ACSAC.2007.20"},{"key":"15_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"124","DOI":"10.1007\/11663812_7","volume-title":"Recent Advances in Intrusion Detection","author":"T. Pietraszek","year":"2006","unstructured":"Pietraszek, T., Berghe, C.V.: Defending against injection attacks through context-sensitive string evaluation. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol.\u00a03858, pp. 124\u2013145. Springer, Heidelberg (2006)"},{"key":"15_CR4","unstructured":"Aslam, T., Krsul, I., Spafford, E.: Use of a taxonomy of security faults. In: 19th National Information Systems Security Conference, Baltimore, MD, pp. 551\u2013560 (1996)"},{"key":"15_CR5","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1109\/MSP.2005.159","volume":"3","author":"K. Tsipenyuk","year":"2005","unstructured":"Tsipenyuk, K., Chess, B., McGraw, G.: Seven pernicious kingdoms: a taxonomy of software security errors. IEEE Security & Privacy\u00a03, 81\u201384 (2005)","journal-title":"IEEE Security & Privacy"},{"key":"15_CR6","unstructured":"IEEE: IEEE Standard 610.12-1990, IEEE Standard Glossary of Software Engineering Terminology (1990)"},{"key":"15_CR7","volume-title":"Test-driven development: By example","author":"K. Beck","year":"2003","unstructured":"Beck, K.: Test-driven development: By example. Addison-Wesley, Boston (2003)"},{"key":"15_CR8","volume-title":"Software security: Building security in","author":"G. McGraw","year":"2006","unstructured":"McGraw, G.: Software security: Building security in. Addison-Wesley, Upper Saddle River (2006)"},{"key":"15_CR9","doi-asserted-by":"crossref","unstructured":"Smith, B., Shin, Y., Williams, L.: Proposing SQL statement coverage metrics. In: The 4th International Workshop on Software Engineering for Secure Systems at the 30th International Conference on Software Engineering, Leipzig, Germany, pp. 49\u201356 (2008)","DOI":"10.1145\/1370905.1370912"},{"key":"15_CR10","doi-asserted-by":"crossref","unstructured":"Jiang, Y., Cukic, B., Menzies, T.: Fault Prediction using Early Lifecycle Data. In: The 18th IEEE International Symposium on Software Reliability, 2007. ISSRE 2007, pp. 237\u2013246 (2007)","DOI":"10.1109\/ISSRE.2007.24"},{"key":"15_CR11","unstructured":"Livshits, V.B., Lam, M.S.: Finding security vulnerabilities in Java applications with static analysis. In: USENIX Security Symposium, Baltimore, MD, pp. 18\u201318 (2005)"},{"key":"15_CR12","unstructured":"Bauer, C., King, G.: Hibernate in Action. Manning Publications (2004)"},{"key":"15_CR13","unstructured":"Brown, M., Tapolcsanyi, E.: Mock object patterns. In: The 10th Conference on Pattern Languages of Programs, Monticello, USA (2003)"},{"key":"15_CR14","doi-asserted-by":"crossref","unstructured":"Thomas, S., Williams, L.: Using automated fix generation to secure SQL statements. In: Proceedings of the Third International Workshop on Software Engineering for Secure Systems, Minneapolis, MN (2007)","DOI":"10.1109\/SESS.2007.12"}],"container-title":["Lecture Notes in Computer Science","Engineering Secure Software and Systems"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-11747-3_15.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,30]],"date-time":"2021-04-30T11:57:06Z","timestamp":1619783826000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-11747-3_15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9783642117466","9783642117473"],"references-count":14,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-11747-3_15","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2010]]}}}