{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,23]],"date-time":"2025-02-23T05:15:55Z","timestamp":1740287755840,"version":"3.37.3"},"publisher-location":"Berlin, Heidelberg","reference-count":34,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642145766"},{"type":"electronic","value":"9783642145773"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-3-642-14577-3_21","type":"book-chapter","created":{"date-parts":[[2010,7,16]],"date-time":"2010-07-16T08:11:34Z","timestamp":1279267894000},"page":"272-288","source":"Crossref","is-referenced-by-count":7,"title":["Automatically Preparing Safe SQL Queries"],"prefix":"10.1007","author":[{"given":"Prithvi","family":"Bisht","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"A. Prasad","family":"Sistla","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"V. N.","family":"Venkatakrishnan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"21_CR1","unstructured":"JDBC: Using a prepared statements, http:\/\/java.sun.com\/docs\/books\/tutorial\/jdbc\/basics\/prepared.html"},{"key":"21_CR2","unstructured":"Symantec Internet Security Threat Report, vol. XI. Technical report, Symantec (March 2007)"},{"key":"21_CR3","doi-asserted-by":"crossref","unstructured":"Balzarotti, D., Cova, M., Felmetsger, V., Jovanovic, N., Kirda, E., Kruegel, C., Vigna, G.: Saner: Composing static and dynamic analysis to validate sanitization in web applications. In: IEEE Symposium on Security and Privacy, Oakland, California, pp. 387\u2013401 (2008)","DOI":"10.1109\/SP.2008.22"},{"key":"21_CR4","doi-asserted-by":"crossref","unstructured":"Bandhakavi, S., Bisht, P., Madhusudan, P., Venkatakrishnan, V.N.: Candid: preventing sql injection attacks using dynamic candidate evaluations. In: ACM Conference on Computer and Communications Security, Alexandria, Virginia, USA, pp. 12\u201324 (2007)","DOI":"10.1145\/1315245.1315249"},{"key":"21_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"292","DOI":"10.1007\/978-3-540-24852-1_21","volume-title":"Applied Cryptography and Network Security","author":"S.W. Boyd","year":"2004","unstructured":"Boyd, S.W., Keromytis, A.D.: SQLrand: Preventing SQL Injection Attacks. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol.\u00a03089, pp. 292\u2013302. Springer, Heidelberg (2004)"},{"key":"21_CR6","doi-asserted-by":"crossref","unstructured":"Buehrer, G., Weide, B.W., Sivilotti, P.A.G.: Using parse tree validation to prevent sql injection attacks. In: 5th International Workshop on Software Engineering and Middleware, Lisbon, Portugal, pp. 106\u2013113 (2005)","DOI":"10.1145\/1108473.1108496"},{"issue":"4","key":"21_CR7","doi-asserted-by":"publisher","first-page":"451","DOI":"10.1145\/115372.115320","volume":"13","author":"R. Cytron","year":"1991","unstructured":"Cytron, R., Ferrante, J., Rosen, B.K., Wegman, M.N., Zadeck, F.K.: Efficiently computing static single assignment form and the control dependence graph. ACM Transactions on Programming Languages and Systems\u00a013(4), 451\u2013490 (1991)","journal-title":"ACM Transactions on Programming Languages and Systems"},{"key":"21_CR8","doi-asserted-by":"crossref","unstructured":"Dysart, F., Sherriff, M.: Automated fix generator for sql injection attacks. In: ISSRE 2008: Proceedings of the 2008 19th International Symposium on Software Reliability Engineering, Seattle, WA, pp. 311\u2013312 (2008)","DOI":"10.1109\/ISSRE.2008.44"},{"key":"21_CR9","unstructured":"Flak, H.: MYSQL prepared statements, http:\/\/dev.mysql.com\/tech-resources\/articles\/4.1\/prepared-statements.html"},{"key":"21_CR10","doi-asserted-by":"crossref","unstructured":"Fu, X., Lu, X., Peltsverger, B., Chen, S., Qian, K., Tao, L.: A static analysis framework for detecting sql injection vulnerabilities. In: International Computer Software and Applications Conference, Beijing, China, pp. 87\u201396 (2007)","DOI":"10.1109\/COMPSAC.2007.43"},{"key":"21_CR11","doi-asserted-by":"crossref","unstructured":"Halfond, W.G.J., Orso, A.: AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks. In: IEEE\/ACM international Conference on Automated Software Engineering, Long Beach, CA, USA, pp. 174\u2013183 (2005)","DOI":"10.1145\/1101908.1101935"},{"key":"21_CR12","doi-asserted-by":"crossref","unstructured":"Halfond, W.G.J., Orso, A., Manolios, P.: Using positive tainting and syntax-aware evaluation to counter sql injection attacks. In: ACM SIGSOFT International Symposium on Foundations of Software Engineering, Portland, Oregon, USA, pp. 175\u2013185 (2006)","DOI":"10.1145\/1181775.1181797"},{"key":"21_CR13","doi-asserted-by":"crossref","unstructured":"Horwitz, S., Reps, T., Binkley, D.: Interprocedural slicing using dependence graphs. In: ACM SIGPLAN 1988 Conference on Programming Language Design and Implementation, Atlanta, Georgia, pp. 35\u201346 (1988)","DOI":"10.1145\/53990.53994"},{"key":"21_CR14","volume-title":"Writing Secure Code","author":"M. Howard","year":"2001","unstructured":"Howard, M., Leblanc, D.: Writing Secure Code. Microsoft Press, Redmond (2001)"},{"key":"21_CR15","doi-asserted-by":"crossref","unstructured":"Jovanovic, N., Kruegel, C., Kirda, E.: Pixy: A static analysis tool for detecting web application vulnerabilities (short paper). In: IEEE Symposium on Security and Privacy, Oakland, California, pp. 258\u2013263 (2006)","DOI":"10.1109\/SP.2006.29"},{"key":"21_CR16","doi-asserted-by":"crossref","unstructured":"Jovanovic, N., Kruegel, C., Kirda, E.: Precise alias analysis for static detection of web application vulnerabilities. In: PLAS 2006: Proceedings of the 2006 Workshop on Programming Languages and Analysis for Security, Ottawa, Ontario, Canada, pp. 27\u201336 (2006)","DOI":"10.1145\/1134744.1134751"},{"key":"21_CR17","doi-asserted-by":"crossref","unstructured":"Kieyzun, A., Guo, P.J., Jayaraman, K., Ernst, M.D.: Automatic creation of sql injection and cross-site scripting attacks. In: IEEE International Conference on Software Engineering, Vancouver, Canada, pp. 199\u2013209 (2009)","DOI":"10.1109\/ICSE.2009.5070521"},{"issue":"7","key":"21_CR18","doi-asserted-by":"publisher","first-page":"385","DOI":"10.1145\/360248.360252","volume":"19","author":"J.C. King","year":"1976","unstructured":"King, J.C.: Symbolic execution and program testing. Communications of the ACM\u00a019(7), 385\u2013394 (1976)","journal-title":"Communications of the ACM"},{"key":"21_CR19","doi-asserted-by":"crossref","unstructured":"Kosuga, Y., Kono, K., Hanaoka, M., Hishiyama, M., Takahama, Y.: Sania: Syntactic and semantic analysis for automated testing against sql injection. In: Computer Security Applications Conference, Annual, pp. 107\u2013117 (2007)","DOI":"10.1109\/ACSAC.2007.4412981"},{"key":"21_CR20","first-page":"2054","volume-title":"ACM Symposium on Applied Computing","author":"A. Liu","year":"2009","unstructured":"Liu, A., Yuan, Y., Wijesekera, D., Stavrou, A.: Sqlprob: a proxy-based architecture towards preventing sql injection attacks. In: ACM Symposium on Applied Computing, Honolulu, Hawaii, pp. 2054\u20132061. ACM, New York (2009)"},{"key":"21_CR21","unstructured":"Livshits, V.B., Lam, M.S.: Finding security vulnerabilities in java applications with static analysis. In: USENIX Security Symposium, Baltimore, MD, p. 18 (2005)"},{"key":"21_CR22","doi-asserted-by":"crossref","unstructured":"Minamide, Y.: Static approximation of dynamically generated web pages. In: International Conference on World Wide Web, Chiba, Japan, pp. 432\u2013441 (2005)","DOI":"10.1145\/1060745.1060809"},{"key":"21_CR23","doi-asserted-by":"crossref","unstructured":"Nguyen-Tuong, A., Guarnieri, S., Greene, D., Shirley, J., Evans, D.: Automatically hardening web applications using precise tainting. In: IFIP International Information Security Conference, Chiba, Japan, pp. 295\u2013308 (2005)","DOI":"10.1007\/0-387-25660-1_20"},{"key":"21_CR24","unstructured":"OWASP. The ten most critical web application security vulnerabilities, http:\/\/www.owasp.org"},{"key":"21_CR25","doi-asserted-by":"crossref","unstructured":"Pietraszek, T., Berghe, C.V.: Defending Against Injection Attacks through Context-Sensitive String Evaluation. In: Recent Advances in Intrusion Detection, Seattle, Washington (September 2005)","DOI":"10.1007\/11663812_7"},{"key":"21_CR26","doi-asserted-by":"crossref","first-page":"531","DOI":"10.1145\/1185448.1185564","volume-title":"Annual Southeast Regional Conference","author":"F.S. Rietta","year":"2006","unstructured":"Rietta, F.S.: Application layer intrusion detection for sql injection. In: Annual Southeast Regional Conference, Melbourne, Florida, pp. 531\u2013536. ACM, New York (2006)"},{"key":"21_CR27","unstructured":"Sekar, R.: An efficient black-box technique for defeating web application attacks. In: Network and Distributed Systems Symposium, San Diego, CA (2009)"},{"key":"21_CR28","doi-asserted-by":"crossref","unstructured":"Su, Z., Wassermann, G.: The essence of command injection attacks in web applications. In: ACM Symposium on Principles of Programming Languages, Charleston, South Carolina, USA, pp. 372\u2013382 (2006)","DOI":"10.1145\/1111037.1111070"},{"issue":"3","key":"21_CR29","doi-asserted-by":"publisher","first-page":"589","DOI":"10.1016\/j.infsof.2008.08.002","volume":"51","author":"S. Thomas","year":"2009","unstructured":"Thomas, S., Williams, L., Xie, T.: On automated prepared statement generation to remove sql injection vulnerabilities. Inf. Softw. Technol.\u00a051(3), 589\u2013598 (2009)","journal-title":"Inf. Softw. Technol."},{"key":"21_CR30","doi-asserted-by":"crossref","unstructured":"Tripp, O., Pistoia, M., Fink, S.J., Sridharan, M., Weisman, O.: Taj: effective taint analysis of web applications. In: PLDI 2009: Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation, Dublin, Ireland, pp. 87\u201397 (2009)","DOI":"10.1145\/1542476.1542486"},{"key":"21_CR31","doi-asserted-by":"crossref","unstructured":"Valeur, F., Mutz, D., Vigna, G.: A Learning-Based Approach to the Detection of SQL Attacks. In: Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA), Vienna, Austria, pp. 123\u2013140 (July 2005)","DOI":"10.1007\/11506881_8"},{"key":"21_CR32","doi-asserted-by":"crossref","unstructured":"Wassermann, G., Su, Z.: Sound and precise analysis of web applications for injection vulnerabilities. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, San Diego, California, USA, pp. 32\u201341 (2007)","DOI":"10.1145\/1250734.1250739"},{"key":"21_CR33","unstructured":"Xie, Y., Aiken, A.: Static detection of security vulnerabilities in scripting languages. In: USENIX-SS 2006: Proceedings of the 15th Conference on USENIX Security Symposium, Vancouver, BC, Canada (2006)"},{"key":"21_CR34","doi-asserted-by":"crossref","unstructured":"Xu, W., Bhatkar, S., Sekar, R.: Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks. In: USENIX-SS 2006: Proceedings of the 15th Conference on USENIX Security Symposium, Vancouver, BC, Canada (2006)","DOI":"10.1109\/SP.2006.12"}],"container-title":["Lecture Notes in Computer Science","Financial Cryptography and Data Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-14577-3_21.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,22]],"date-time":"2025-02-22T23:49:20Z","timestamp":1740268160000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-14577-3_21"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9783642145766","9783642145773"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-14577-3_21","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2010]]}}}