{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T18:15:02Z","timestamp":1775067302376,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":26,"publisher":"ACM","license":[{"start":{"date-parts":[[2005,11,7]],"date-time":"2005-11-07T00:00:00Z","timestamp":1131321600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2005,11,7]]},"DOI":"10.1145\/1101908.1101935","type":"proceedings-article","created":{"date-parts":[[2006,2,6]],"date-time":"2006-02-06T15:52:40Z","timestamp":1139241160000},"page":"174-183","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":322,"title":["AMNESIA"],"prefix":"10.1145","author":[{"given":"William G. J.","family":"Halfond","sequence":"first","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA"}]},{"given":"Alessandro","family":"Orso","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA"}]}],"member":"320","published-online":{"date-parts":[[2005,11,7]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"White Paper","author":"Server Applications C. Anley Advanced SQL","year":"2002","unstructured":"C. Anley Advanced SQL Injection In SQL Server Applications . Next Generation Security Software Ltd . White Paper , 2002 . C. Anley Advanced SQL Injection In SQL Server Applications. Next Generation Security Software Ltd. White Paper, 2002."},{"key":"e_1_3_2_1_2_1","unstructured":"D. Aucsmith. Creating and maintaining software that resists malicious attack. http:\/\/www.gtisc.gatech.edu\/aucsmith_bio.htm Distinguished Lecture Series. Atlanta GA. September 2004.  D. Aucsmith. Creating and maintaining software that resists malicious attack. http:\/\/www.gtisc.gatech.edu\/aucsmith_bio.htm Distinguished Lecture Series. Atlanta GA. September 2004."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-24852-1_21"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1022494.1022533"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.5555\/1760267.1760269"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1062455.1062488"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.5555\/998675.999476"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.5555\/998675.999468"},{"key":"e_1_3_2_1_9_1","volume-title":"Java Architecture for Bytecode Analysis (JABA)","author":"A. R. Group","year":"2004","unstructured":"A. R. Group . Java Architecture for Bytecode Analysis (JABA) , 2004 . http:\/\/www.cc.gatech.edu\/aristotle\/Tools\/jaba.html. A. R. Group. Java Architecture for Bytecode Analysis (JABA), 2004. http:\/\/www.cc.gatech.edu\/aristotle\/Tools\/jaba.html."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1083246.1083250"},{"key":"e_1_3_2_1_11_1","volume-title":"Writing Secure Code","author":"Howard M.","year":"2003","unstructured":"M. Howard and D. LeBlanc . Writing Secure Code . Microsoft Press , Redmond, Washington , 2 nd edition, 2003 . M. Howard and D. LeBlanc. Writing Secure Code. Microsoft Press, Redmond, Washington, 2nd edition, 2003.","edition":"2"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/775152.775174"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/988672.988679"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/948109.948146"},{"key":"e_1_3_2_1_15_1","volume-title":"Finding Security Vulnerabilities in Java Applications with Static Analysis In Usenix Security Symposium","author":"Livshits V. B.","year":"2005","unstructured":"V. B. Livshits and M. S. Lam . Finding Security Vulnerabilities in Java Applications with Static Analysis In Usenix Security Symposium , Aug. 2005 . V. B. Livshits and M. S. Lam. Finding Security Vulnerabilities in Java Applications with Static Analysis In Usenix Security Symposium, Aug. 2005."},{"key":"e_1_3_2_1_16_1","unstructured":"O. Maor and A. Shulman. SQL Injection Signatures Evasion. http:\/\/www.imperva.com\/application_defense_center\/white_papers\/sql_injection_signatures_evasion.html April 2004. White paper.  O. Maor and A. Shulman. SQL Injection Signatures Evasion. http:\/\/www.imperva.com\/application_defense_center\/white_papers\/sql_injection_signatures_evasion.html April 2004. White paper."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1094811.1094840"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1062455.1062487"},{"key":"e_1_3_2_1_19_1","unstructured":"S. McDonald. SQL Injection: Modes of attack defense and why it matters. http:\/\/www.governmentsecurity.org\/articles\/SQLInjectionModesofAttackDefenceandWhyItMatters.php April 2004. White paper.  S. McDonald. SQL Injection: Modes of attack defense and why it matters. http:\/\/www.governmentsecurity.org\/articles\/SQLInjectionModesofAttackDefenceandWhyItMatters.php April 2004. White paper."},{"key":"e_1_3_2_1_20_1","volume-title":"David Evans. Automatically Hardening Web Applications Using Precise Tainting Information In Twentieth IFIP International Information Security Conference (SEC 2005)","author":"Nguyen-Tuong Anh","year":"2005","unstructured":"Anh Nguyen-Tuong , Salvatore Guarnieri , Doug Greene , Jeff Shirley , David Evans. Automatically Hardening Web Applications Using Precise Tainting Information In Twentieth IFIP International Information Security Conference (SEC 2005) , May 2005 . Anh Nguyen-Tuong, Salvatore Guarnieri, Doug Greene, Jeff Shirley, David Evans. Automatically Hardening Web Applications Using Precise Tainting Information In Twentieth IFIP International Information Security Conference (SEC 2005), May 2005."},{"key":"e_1_3_2_1_21_1","unstructured":"OWASPD -- Open Web Application Security Project. Top ten most critical web application vulnerabilities. http:\/\/www.owasp.org\/documentation\/topten.html 2005.  OWASPD -- Open Web Application Security Project. Top ten most critical web application vulnerabilities. http:\/\/www.owasp.org\/documentation\/topten.html 2005."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1007\/11663812_7"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/511446.511498"},{"key":"e_1_3_2_1_24_1","unstructured":"SecuriTeam. SQL Injection Walkthrough. http:\/\/www.securiteam.com\/securityreviews\/5DP0N1P76E.html May 2002. White paper.  SecuriTeam. SQL Injection Walkthrough. http:\/\/www.securiteam.com\/securityreviews\/5DP0N1P76E.html May 2002. White paper."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/11506881_8"},{"key":"e_1_3_2_1_26_1","first-page":"70","volume-title":"Proceedings of the FSE Workshop on Specification and Verification of Component-Based Systems (SAVCBS 2004","author":"Wassermann G.","year":"2004","unstructured":"G. Wassermann and Z. Su . An Analysis Framework for Security in Web Applications . In Proceedings of the FSE Workshop on Specification and Verification of Component-Based Systems (SAVCBS 2004 ), pages 70 -- 78 , 2004 . G. Wassermann and Z. Su. An Analysis Framework for Security in Web Applications. In Proceedings of the FSE Workshop on Specification and Verification of Component-Based Systems (SAVCBS 2004), pages 70--78, 2004."}],"event":{"name":"ASE05: International Conference on Automated Software Engineering 2005","location":"Long Beach CA USA","acronym":"ASE05","sponsor":["SIGAI ACM Special Interest Group on Artificial Intelligence","ACM Association for Computing Machinery","SIGSOFT ACM Special Interest Group on Software Engineering"]},"container-title":["Proceedings of the 20th IEEE\/ACM International Conference on Automated Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1101908.1101935","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1101908.1101935","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T16:08:02Z","timestamp":1750262882000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1101908.1101935"}},"subtitle":["analysis and monitoring for NEutralizing SQL-injection attacks"],"short-title":[],"issued":{"date-parts":[[2005,11,7]]},"references-count":26,"alternative-id":["10.1145\/1101908.1101935","10.1145\/1101908"],"URL":"https:\/\/doi.org\/10.1145\/1101908.1101935","relation":{},"subject":[],"published":{"date-parts":[[2005,11,7]]},"assertion":[{"value":"2005-11-07","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}