{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,16]],"date-time":"2025-10-16T03:50:23Z","timestamp":1760586623272},"publisher-location":"Berlin, Heidelberg","reference-count":20,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642341342"},{"type":"electronic","value":"9783642341359"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2012]]},"DOI":"10.1007\/978-3-642-34135-9_26","type":"book-chapter","created":{"date-parts":[[2012,9,10]],"date-time":"2012-09-10T08:08:15Z","timestamp":1347264495000},"page":"252-263","source":"Crossref","is-referenced-by-count":6,"title":["Intrusion Protection against SQL Injection and Cross Site Scripting Attacks Using a Reverse Proxy"],"prefix":"10.1007","author":[{"given":"S. Fouzul","family":"Hidhaya","sequence":"first","affiliation":[]},{"given":"Angelina","family":"Geetha","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"26_CR1","unstructured":"Litchfield, D.: Data-mining with SQL Injection and Inference. Next Generation Security software Ltd., White Paper (2005)"},{"key":"26_CR2","doi-asserted-by":"crossref","unstructured":"Huang, Y., Huang, F., Lin, T., Tsai, C.: Web Application Security Assessment by Fault Injection and Behavior Monitoring. In: 12th International World Wide Web Conference 2003, pp. 148\u2013159 (2003)","DOI":"10.1145\/775173.775174"},{"key":"26_CR3","unstructured":"Gould, C., Su, Z., Devanbu, P.: JDBC Checker: A Static Analysis Tool for SQL\/JDBC Application. In: 26th International Conference on Software Engineering 2004, pp. 697\u2013698 (2004)"},{"key":"26_CR4","doi-asserted-by":"crossref","unstructured":"Halfond, W.G., Orso, A.: AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks. In: 20th IEEE\/ACM International Conference on Automated Software Engineering 2005, pp. 174\u2013183 (2005)","DOI":"10.1145\/1101908.1101935"},{"key":"26_CR5","doi-asserted-by":"crossref","unstructured":"Buehrer, G., Bruce Weide, W., Paolo Sivilotti, A.G.: Using Parse Tree Validation to Prevent SQL Injection Attacks. In: 5th International Workshop on Software Engineering and Middleware, pp. 106\u2013113 (2005)","DOI":"10.1145\/1108473.1108496"},{"key":"26_CR6","doi-asserted-by":"crossref","unstructured":"Su, Z., Wassermann, G.: The Essence of Command Injection Attacks in Web Applications. In: 33rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages 2006, pp. 372\u2013382 (2006)","DOI":"10.1145\/1111320.1111070"},{"key":"26_CR7","doi-asserted-by":"crossref","unstructured":"Huang, Y., Yu, F., Hang, C., Tsai, C.H., Lee, D.T., Kuo, S.Y.: Securing Web Application Code by Static Analysis and Runtime Protection. In: 13th International World Wide Web Conference 2004, pp. 40\u201352 (2004)","DOI":"10.1145\/988672.988679"},{"key":"26_CR8","unstructured":"Livshits, V.B., Lam, M.S.: Finding Security Errors in Java Programs with Static Analysis. In: 14th Usenix Security Symposium 2005, pp. 271\u2013286 (2005)"},{"key":"26_CR9","doi-asserted-by":"crossref","unstructured":"Scott, D., Sharps, R.: Abstracting Application-level Web Security. In: 11th International Conference on the World Wide Web 2002, pp. 396\u2013407 (2002)","DOI":"10.1145\/511446.511498"},{"key":"26_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"292","DOI":"10.1007\/978-3-540-24852-1_21","volume-title":"Applied Cryptography and Network Security","author":"S.W. Boyd","year":"2004","unstructured":"Boyd, S.W., Keromytis, A.D.: SQLrand: Preventing SQL Injection Attacks. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol.\u00a03089, pp. 292\u2013302. Springer, Heidelberg (2004)"},{"key":"26_CR11","doi-asserted-by":"publisher","first-page":"1239","DOI":"10.1016\/j.comnet.2006.09.016","volume":"51","author":"L. Kenneth Ingham","year":"2007","unstructured":"Kenneth Ingham, L., Somayaji, A., Burge, J., Forrest, S.: Learning DFA Representations of HTTP for Protecting Web Applications. Computer Networks\u00a051, 1239\u20131255 (2007)","journal-title":"Computer Networks"},{"key":"26_CR12","doi-asserted-by":"crossref","unstructured":"Kemalis, K., Tzouramanis, T.: SQL-IDS: a specification-based approach for SQL-injection detection. In: 2008 ACM Symposium on Applied Computing, pp. 2153\u20132158 (2008)","DOI":"10.1145\/1363686.1364201"},{"key":"26_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"192","DOI":"10.1007\/978-3-642-11747-3_15","volume-title":"Engineering Secure Software and Systems","author":"B. Smith","year":"2010","unstructured":"Smith, B., Williams, L., Austin, A.: Idea: Using System Level Testing for Revealing SQL Injection-Related Error Message Information Leaks. In: Massacci, F., Wallach, D., Zannone, N. (eds.) ESSoS 2010. LNCS, vol.\u00a05965, pp. 192\u2013200. Springer, Heidelberg (2010)"},{"key":"26_CR14","doi-asserted-by":"crossref","unstructured":"Wurzinger, P., Platzer, C., Ludl, C., Kirda, E., Kruegel, C.: SWAP: Mitigating XSS Attacks using a Reverse Proxy. In: ICSE Workshop on Software Engineering for Secure Systems, SESS, pp. 33\u201339. IEEE Computer Society Press (2009)","DOI":"10.1109\/IWSESS.2009.5068456"},{"key":"26_CR15","doi-asserted-by":"crossref","unstructured":"Kirda, E., Kruegel, C., Vigna, G., Jovanovic, N.: Noxes: A client-side solution for mitigating cross-site scripting attacks. In: 21st ACM Symposium on Applied Computing, SAC 2006, pp. 330\u2013337 (2006)","DOI":"10.1145\/1141277.1141357"},{"key":"26_CR16","unstructured":"Erlingsson, U., Livshits, B., Xie, Y.: End to End Application Security. In: 11th USENIX Workshop on Hot Topics in Operating Systems, pp. 1\u20136 (2007)"},{"key":"26_CR17","unstructured":"Van Gundy, M., Chen, H.: Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart XSS Attacks. In: 16th Annual Network and Distributed System Security Symposium (2009)"},{"key":"26_CR18","series-title":"IFIP","doi-asserted-by":"publisher","first-page":"295","DOI":"10.1007\/0-387-25660-1_20","volume-title":"Security and Privacy in the Age of Ubiquitous Computing","author":"A. Nguyen-Tuong","year":"2005","unstructured":"Nguyen-Tuong, A., Guarnieri, S., Greene, D., Shirley, J., Evans, D.: Automatically Hardening Web Applications Using Precise Tainting. In: Sasaki, R., Qing, S., Okamoto, E., Yoshiura, H. (eds.) Security and Privacy in the Age of Ubiquitous Computing. IFIP, vol.\u00a0181, pp. 295\u2013307. Springer, Boston (2005)"},{"key":"26_CR19","unstructured":"Fouzul Hidhaya, S., Geetha, A.: COMPVAL \u2013 A system to mitigate SQLIA. In: International Conference on Computer, Communication and Intelligence, ICCCI 2010, pp. 337\u2013342 (2010)"},{"key":"26_CR20","unstructured":"Burp suite, \n                    \n                      http:\/\/portswigger.net\/burp\/"}],"container-title":["Communications in Computer and Information Science","Recent Trends in Computer Networks and Distributed Systems Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-34135-9_26.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,5,4]],"date-time":"2021-05-04T08:45:48Z","timestamp":1620117948000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-34135-9_26"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012]]},"ISBN":["9783642341342","9783642341359"],"references-count":20,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-34135-9_26","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"type":"print","value":"1865-0929"},{"type":"electronic","value":"1865-0937"}],"subject":[],"published":{"date-parts":[[2012]]}}}