{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,20]],"date-time":"2026-01-20T08:56:37Z","timestamp":1768899397990,"version":"3.49.0"},"reference-count":59,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"7","license":[{"start":{"date-parts":[[2024,7,1]],"date-time":"2024-07-01T00:00:00Z","timestamp":1719792000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2024,7,1]],"date-time":"2024-07-01T00:00:00Z","timestamp":1719792000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,7,1]],"date-time":"2024-07-01T00:00:00Z","timestamp":1719792000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62376240"],"award-info":[{"award-number":["62376240"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"S&#x0026;T Program of Hebei","award":["226Z0701G"],"award-info":[{"award-number":["226Z0701G"]}]},{"name":"S&#x0026;T Program of Hebei","award":["236Z0702G"],"award-info":[{"award-number":["236Z0702G"]}]},{"name":"S&#x0026;T Program of Hebei","award":["236Z0304G"],"award-info":[{"award-number":["236Z0304G"]}]},{"DOI":"10.13039\/501100003787","name":"Natural Science Foundation of Hebei Province","doi-asserted-by":"publisher","award":["F2022203026"],"award-info":[{"award-number":["F2022203026"]}],"id":[{"id":"10.13039\/501100003787","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Science and Technology Project of Hebei Education Department","award":["BJK2022029"],"award-info":[{"award-number":["BJK2022029"]}]},{"name":"Innovation Capability Improvement Plan Project of Hebei Province","award":["22567637H"],"award-info":[{"award-number":["22567637H"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IIEEE Trans. Software Eng."],"published-print":{"date-parts":[[2024,7]]},"DOI":"10.1109\/tse.2024.3400404","type":"journal-article","created":{"date-parts":[[2024,5,14]],"date-time":"2024-05-14T17:30:38Z","timestamp":1715707838000},"page":"1807-1826","source":"Crossref","is-referenced-by-count":6,"title":["SQLPsdem: A Proxy-Based Mechanism Towards Detecting, Locating and Preventing Second-Order SQL Injections"],"prefix":"10.1109","volume":"50","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9867-8439","authenticated-orcid":false,"given":"Bing","family":"Zhang","sequence":"first","affiliation":[{"name":"School of Information Science and Engineering, Yanshan University, and the Key Laboratory for Software Engineering of Hebei Province, Qinhuangdao, Hebei, P. R. China"}]},{"given":"Rong","family":"Ren","sequence":"additional","affiliation":[{"name":"School of Information Science and Engineering, Yanshan University, and the Key Laboratory for Software Engineering of Hebei Province, Qinhuangdao, Hebei, P. R. China"}]},{"given":"Jia","family":"Liu","sequence":"additional","affiliation":[{"name":"School of Information Science and Engineering, Yanshan University, and the Key Laboratory for Software Engineering of Hebei Province, Qinhuangdao, Hebei, P. R. China"}]},{"given":"Mingcai","family":"Jiang","sequence":"additional","affiliation":[{"name":"School of Information Science and Engineering, Yanshan University, and the Key Laboratory for Software Engineering of Hebei Province, Qinhuangdao, Hebei, P. R. China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2245-9133","authenticated-orcid":false,"given":"Jiadong","family":"Ren","sequence":"additional","affiliation":[{"name":"School of Information Science and Engineering, Yanshan University, and the Key Laboratory for Software Engineering of Hebei Province, Qinhuangdao, Hebei, P. R. China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7958-391X","authenticated-orcid":false,"given":"Jingyue","family":"Li","sequence":"additional","affiliation":[{"name":"Department of Computer science, Norwegian University of Science and Technology, Trondheim, Norway"}]}],"member":"263","reference":[{"key":"ref1","article-title":"Common weakness enumeration"},{"key":"ref2","article-title":"OWASP top 10"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/3474553"},{"key":"ref4","article-title":"Second-order code injection attacks","author":"Ollmann","year":"2004","journal-title":"NGS Insight Secur. Res."},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/1101908.1101935"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2014.04.007"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/MySEC.2015.7475225"},{"key":"ref8","first-page":"167","article-title":"SOFIA: An automated security oracle for black-box testing of SQL-injection vulnerabilities","volume-title":"Proc. 31st IEEE\/ACM Int. Conf. Automated Softw. Eng. (ASE)","author":"Ceccato","year":"2016"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-160554"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2017.64"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2019.2910285"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-04915-1_11"},{"issue":"4","key":"ref13","first-page":"600","article-title":"Vulnerability detection using second-order SQL injection combining dynamic and static analysis","volume":"39","author":"Li","year":"2018","journal-title":"J. Huaqiao Univ. (Natural Sci.)"},{"issue":"20","key":"ref14","first-page":"8426","article-title":"Security testing of web applications for detecting and exploiting second-order SQL injection vulnerabilities","volume":"13","author":"Draib","year":"2018","journal-title":"J. Eng. Appl. Sci."},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2881070"},{"issue":"11","key":"ref16","first-page":"70","article-title":"Second-order SQL injection attack defense model","volume":"15","author":"Tian","year":"2014","journal-title":"Netinfo Secur."},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/ITNEC.2017.8285104"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2019.2900007"},{"key":"ref19","first-page":"989","article-title":"Static detection of second-order vulnerabilities in web applications","volume-title":"Proc. 23rd USENIX Secur. Symp. (USENIX Secur. 14)","author":"Dahse","year":"2014"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1587\/transfun.2022EAP1045"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/1529282.1529737"},{"key":"ref22","first-page":"13","article-title":"A classification of SQL-injection attacks and countermeasures","volume-title":"Proc. IEEE Int. Symp. Secure Softw. Eng.","volume":"1","author":"Halfond","year":"2006"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2007.70748"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1016\/b978-1-59749-424-3.x0001-1"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1016\/j.mcm.2011.01.050"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/ICoIA.2013.6650259"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-23276-8_14"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1007\/978-81-322-2674-1_18"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/2103621.2103678"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-13257-0_26"},{"key":"ref31","article-title":"MySQL statement syntax"},{"key":"ref32","article-title":"PHP-parser"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.17487\/RFC1321"},{"key":"ref34","article-title":"Automatic penetration test tool"},{"key":"ref35","article-title":"CVE"},{"key":"ref36","article-title":"DVWA"},{"key":"ref37","article-title":"Pikachu, bWAPP, sqlilabs"},{"key":"ref38","article-title":"Schoolmate"},{"key":"ref39","article-title":"Faqforge"},{"key":"ref40","article-title":"Wackopicko"},{"key":"ref41","article-title":"Webchess"},{"key":"ref42","article-title":"COVID-19 testing management system using PHP and MySQL"},{"key":"ref43","article-title":"Doctormms"},{"key":"ref44","article-title":"Pet shop"},{"key":"ref45","first-page":"1","article-title":"RIPS-a static source code analyser for vulnerabilities in PHP scripts","volume-title":"Proc. Seminar Work (Seminer Calismasi), Horst G\u00f6rtz Inst. Ruhr-Univ. Bochum","author":"Dahse","year":"2010"},{"key":"ref46","article-title":"PHP vulhunter"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2009.5070521"},{"key":"ref48","article-title":"Acunetix web vulnerability scanner"},{"key":"ref49","article-title":"2,300+ companies of all sizes automate application security testing with Acunetix"},{"key":"ref50","volume-title":"Software Testing Guide: Fundamentals, Tools and Practice","author":"Chen","year":"2011"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1145\/1181775.1181797"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1007\/0-387-25660-1_20"},{"key":"ref53","first-page":"9","article-title":"Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks","volume-title":"Proc. 15th Conf. USENIX Secur. Symp.","volume":"15","author":"Xu","year":"2006"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/1111320.1111070"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315249"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516696"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1145\/988672.988679"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2018.2844343"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1145\/1363686.1364201"}],"container-title":["IEEE Transactions on Software Engineering"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/32\/10601498\/10530516.pdf?arnumber=10530516","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,7,19]],"date-time":"2024-07-19T14:01:29Z","timestamp":1721397689000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10530516\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7]]},"references-count":59,"journal-issue":{"issue":"7"},"URL":"https:\/\/doi.org\/10.1109\/tse.2024.3400404","relation":{},"ISSN":["0098-5589","1939-3520","2326-3881"],"issn-type":[{"value":"0098-5589","type":"print"},{"value":"1939-3520","type":"electronic"},{"value":"2326-3881","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,7]]}}}