{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,24]],"date-time":"2025-10-24T08:18:20Z","timestamp":1761293900711,"version":"3.37.3"},"reference-count":49,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"3","license":[{"start":{"date-parts":[[2019,9,1]],"date-time":"2019-09-01T00:00:00Z","timestamp":1567296000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2019,9,1]],"date-time":"2019-09-01T00:00:00Z","timestamp":1567296000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2019,9,1]],"date-time":"2019-09-01T00:00:00Z","timestamp":1567296000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"EC","award":["FP7-607109"],"award-info":[{"award-number":["FP7-607109"]}]},{"name":"Funda\u00e7\u00e3o para a Ci\u00eancia e a Tecnologia","award":["AAC-2\/SAICT\/2017-029058 Grant UID\/CEC\/00408\/2019 UID\/CEC\/50021\/2019"],"award-info":[{"award-number":["AAC-2\/SAICT\/2017-029058 Grant UID\/CEC\/00408\/2019 UID\/CEC\/50021\/2019"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Rel."],"published-print":{"date-parts":[[2019,9]]},"DOI":"10.1109\/tr.2019.2900007","type":"journal-article","created":{"date-parts":[[2019,3,21]],"date-time":"2019-03-21T19:40:52Z","timestamp":1553197252000},"page":"1168-1188","source":"Crossref","is-referenced-by-count":20,"title":["SEPTIC: Detecting Injection Attacks and Vulnerabilities Inside the DBMS"],"prefix":"10.1109","volume":"68","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-4478-8680","authenticated-orcid":false,"given":"Iberia","family":"Medeiros","sequence":"first","affiliation":[]},{"given":"Miguel","family":"Beatriz","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0411-4542","authenticated-orcid":false,"given":"Nuno","family":"Neves","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7873-5531","authenticated-orcid":false,"given":"Miguel","family":"Correia","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"journal-title":"eclipse AspectJ","year":"2014","key":"ref39"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.17487\/rfc3986"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1007\/11663812_7"},{"year":"2016","key":"ref32","article-title":"Naked security by SOPHOS: The web attacks that refuse to die"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2018.2839339"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/2931037.2931041"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-13257-0_26"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/2103656.2103678"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2011.06.020"},{"journal-title":"PostgreSQL","year":"0","key":"ref34"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1002\/sec.1199"},{"journal-title":"MariaDB","year":"0","key":"ref27"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2015.2457411"},{"volume":"3","article-title":"Q1 2016 state of the Internet\/security report","year":"2016","key":"ref2"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1007\/978-81-322-2650-5_4"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/1363686.1364201"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2009.5070521"},{"journal-title":"Debian Hardening","year":"2013","author":"koschany","key":"ref21"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/PRDC.2010.24"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/1529282.1529737"},{"key":"ref26","article-title":"OWASP Top 10: The ten most critical web application security risks – RC2","author":"gigler","year":"2017","journal-title":"OWASP Foundation"},{"journal-title":"OSVDB","year":"2014","key":"ref25"},{"journal-title":"Common Vulnerabilities and Exposures","year":"2014","key":"ref10"},{"journal-title":"SolidIT DB-Engines Ranking","year":"2015","key":"ref11"},{"journal-title":"Spring","year":"2014","key":"ref40"},{"key":"ref12","article-title":"SQL smuggling or, the attack that wasn’t there","author":"douglen","year":"2007","journal-title":"COMSEC Consulting Inf Secur"},{"journal-title":"The Art of Software Security Assessment","year":"2006","author":"dowd","key":"ref13"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2013.37"},{"journal-title":"Gambas","year":"2015","key":"ref15"},{"key":"ref16","first-page":"45","article-title":"pSigene: Webcrawling to generalize SQL injection signatures","author":"modelo-howard","year":"0","journal-title":"Proc IEEE\/IFIP Int Conf Dependable Syst Netw"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/1101908.1101935"},{"journal-title":"Writing Secure Code For Windows Vista","year":"2007","author":"howard","key":"ref18"},{"journal-title":"JSOUP","year":"2014","key":"ref19"},{"journal-title":"Expert MySQL","year":"2007","author":"bell","key":"ref4"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315249"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/1108473.1108496"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-24852-1_21"},{"key":"ref8","first-page":"37","article-title":"BenchLab: An open testbed for realistic benchmarking of web applications","author":"cecchet","year":"0","journal-title":"Proc 2nd USENIX Conf Web Appl Develop"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/2970276.2970343"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2007.70748"},{"journal-title":"SQL Injection Attacks and Defense","year":"2009","author":"clarke","key":"ref9"},{"article-title":"Practical dynamic taint analysis for countering input validation attacks on web applications","year":"2005","author":"xu","key":"ref46"},{"key":"ref45","first-page":"123","article-title":"A learning-based approach to the detection of SQL attacks","author":"valeur","year":"0","journal-title":"Detection of Intrusions and Malware and Vulnerability Assessment"},{"journal-title":"Usage of server-side programming languages for websites W3Techs","year":"2017","key":"ref48"},{"journal-title":"Wapiti","year":"2016","key":"ref47"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516696"},{"journal-title":"SQLmap","year":"2014","key":"ref41"},{"journal-title":"Trustwave SpiderLabs ModSecurity—Open Source Web Application Firewall","year":"2004","key":"ref44"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1145\/1111037.1111070"}],"container-title":["IEEE Transactions on Reliability"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/24\/8821425\/08672505.pdf?arnumber=8672505","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,13]],"date-time":"2022-07-13T20:53:30Z","timestamp":1657745610000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/8672505\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,9]]},"references-count":49,"journal-issue":{"issue":"3"},"URL":"https:\/\/doi.org\/10.1109\/tr.2019.2900007","relation":{},"ISSN":["0018-9529","1558-1721"],"issn-type":[{"type":"print","value":"0018-9529"},{"type":"electronic","value":"1558-1721"}],"subject":[],"published":{"date-parts":[[2019,9]]}}}