{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,30]],"date-time":"2026-01-30T04:31:42Z","timestamp":1769747502856,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":23,"publisher":"ACM","license":[{"start":{"date-parts":[[2005,9,5]],"date-time":"2005-09-05T00:00:00Z","timestamp":1125878400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2005,9,5]]},"DOI":"10.1145\/1108473.1108496","type":"proceedings-article","created":{"date-parts":[[2006,2,6]],"date-time":"2006-02-06T15:52:40Z","timestamp":1139241160000},"page":"106-113","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":187,"title":["Using parse tree validation to prevent SQL injection attacks"],"prefix":"10.1145","author":[{"given":"Gregory","family":"Buehrer","sequence":"first","affiliation":[{"name":"The Ohio State University, Columbus, OH"}]},{"given":"Bruce W.","family":"Weide","sequence":"additional","affiliation":[{"name":"The Ohio State University, Columbus, OH"}]},{"given":"Paolo A. G.","family":"Sivilotti","sequence":"additional","affiliation":[{"name":"The Ohio State University, Columbus, OH"}]}],"member":"320","published-online":{"date-parts":[[2005,9,5]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-24852-1_21"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1018772405468"},{"key":"e_1_3_2_1_3_1","volume-title":"Advanced SQL injection in SQL server applications. In http:\/www.nextgenss.com\/papers\/advanced_sql_injection.pdf","author":"Anley C.","year":"2002","unstructured":"C. Anley . Advanced SQL injection in SQL server applications. In http:\/www.nextgenss.com\/papers\/advanced_sql_injection.pdf , 2002 . C. Anley. Advanced SQL injection in SQL server applications. In http:\/www.nextgenss.com\/papers\/advanced_sql_injection.pdf, 2002."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.5555\/1760267.1760269"},{"key":"e_1_3_2_1_5_1","first-page":"91","volume-title":"Proceedings of the 12th USENIX Security Symposium","author":"Cowan C.","year":"2003","unstructured":"C. Cowan , S. Beattie , J. Johansen , and P. Wagle , PointGuard: Protecting pointers from buffer overflow vulnerabilities . In Proceedings of the 12th USENIX Security Symposium , pages 91 -- 104 , August 2003 . C. Cowan, S. Beattie, J. Johansen, and P. Wagle, PointGuard: Protecting pointers from buffer overflow vulnerabilities. In Proceedings of the 12th USENIX Security Symposium, pages 91--104, August 2003."},{"key":"e_1_3_2_1_6_1","first-page":"63","volume-title":"Proceedings of the 7th USENIX Security Symposium","author":"Cowan C.","year":"1998","unstructured":"C. Cowan , C. Pu , D. Maier , H. Hinton , J. Walpole , P. Bakke , S. Beattie , A. Grier , P. Wagle , and Q. Zhang . Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks . In Proceedings of the 7th USENIX Security Symposium , pages 63 -- 78 , January 1998 . C. Cowan, C. Pu, D. Maier, H. Hinton, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang. Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the 7th USENIX Security Symposium, pages 63--78, January 1998."},{"key":"e_1_3_2_1_7_1","volume-title":"Zql: A java sql parser. In http:\/\/www.experlog.com\/gibello\/zql\/","author":"Gibello P.-Y.","year":"2002","unstructured":"P.-Y. Gibello . Zql: A java sql parser. In http:\/\/www.experlog.com\/gibello\/zql\/ , 2002 . P.-Y. Gibello. Zql: A java sql parser. In http:\/\/www.experlog.com\/gibello\/zql\/, 2002."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.5555\/998675.999476"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.5555\/998675.999468"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1083246.1083250"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/775152.775174"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/988672.988679"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/948109.948146"},{"key":"e_1_3_2_1_14_1","unstructured":"D. Litchfield. Web application disassembly with ODBC error messages. In http:\/\/www.nextgenss.com\/papers\/webappdis.doc.  D. Litchfield. Web application disassembly with ODBC error messages. In http:\/\/www.nextgenss.com\/papers\/webappdis.doc."},{"key":"e_1_3_2_1_15_1","volume-title":"Stop SQL injection attacks before they stop you. In http:\/\/msdn.microsoft.com\/msdnmag\/issues\/04\/09\/SQLInjection\/default.aspx","author":"Litwin P.","year":"2004","unstructured":"P. Litwin . Stop SQL injection attacks before they stop you. In http:\/\/msdn.microsoft.com\/msdnmag\/issues\/04\/09\/SQLInjection\/default.aspx , 2004 . P. Litwin. Stop SQL injection attacks before they stop you. In http:\/\/msdn.microsoft.com\/msdnmag\/issues\/04\/09\/SQLInjection\/default.aspx, 2004."},{"key":"e_1_3_2_1_16_1","volume-title":"SQL injection signatures evasion. In http:\/\/www.imperva.com\/application_defense_center\/white_papers\/sql_injection_signature_evasion.html","author":"Maor O.","year":"2004","unstructured":"O. Maor and A. Shulman . SQL injection signatures evasion. In http:\/\/www.imperva.com\/application_defense_center\/white_papers\/sql_injection_signature_evasion.html , 2004 . O. Maor and A. Shulman. SQL injection signatures evasion. In http:\/\/www.imperva.com\/application_defense_center\/white_papers\/sql_injection_signature_evasion.html, 2004."},{"key":"e_1_3_2_1_17_1","volume-title":"Modes of attack, defense, and why it matters. In http:\/\/www.governmentsecurity.org\/articles\/SQLInjectionModesofAttackDefenseandWhyItMatters.php","author":"McDonald S.","year":"2005","unstructured":"S. McDonald . SQL injection : Modes of attack, defense, and why it matters. In http:\/\/www.governmentsecurity.org\/articles\/SQLInjectionModesofAttackDefenseandWhyItMatters.php , 2005 . S. McDonald. SQL injection: Modes of attack, defense, and why it matters. In http:\/\/www.governmentsecurity.org\/articles\/SQLInjectionModesofAttackDefenseandWhyItMatters.php, 2005."},{"key":"e_1_3_2_1_18_1","volume-title":"Web security flaw settlement: FTC charges that Petco web site left customer data exposed. In http:\/\/www.pcworld.com\/news\/article\/0,aid,118638,00.asp","author":"McMillan R.","year":"2004","unstructured":"R. McMillan . Web security flaw settlement: FTC charges that Petco web site left customer data exposed. In http:\/\/www.pcworld.com\/news\/article\/0,aid,118638,00.asp , 2004 . R. McMillan. Web security flaw settlement: FTC charges that Petco web site left customer data exposed. In http:\/\/www.pcworld.com\/news\/article\/0,aid,118638,00.asp, 2004."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1007\/0-387-25660-1_20"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1022494.1022529"},{"key":"e_1_3_2_1_21_1","volume-title":"Challenges of automated web application scanning. In http:\/\/greatguards.com\/docs\/insightweb.htm","author":"Security W.","year":"2003","unstructured":"W. Security . Challenges of automated web application scanning. In http:\/\/greatguards.com\/docs\/insightweb.htm , 2003 . W. Security. Challenges of automated web application scanning. In http:\/\/greatguards.com\/docs\/insightweb.htm, 2003."},{"key":"e_1_3_2_1_22_1","volume-title":"SPI Labs White Paper","author":"Spett K.","year":"2004","unstructured":"K. Spett . SQL injection : Are your web applications vulnerable ? In SPI Labs White Paper , 2004 . K. Spett. SQL injection: Are your web applications vulnerable? In SPI Labs White Paper, 2004."},{"key":"e_1_3_2_1_23_1","first-page":"70","volume-title":"Proceedings of the FSE Workshop on Specification and Verification of Component-Based Systems (SAVCBS 2004","author":"Wasserman G.","year":"2004","unstructured":"G. Wasserman and Z. Su . An analysis framework for security in web applications . In Proceedings of the FSE Workshop on Specification and Verification of Component-Based Systems (SAVCBS 2004 ), pages 70 -- 78 , October 2004 . G. Wasserman and Z. Su. An analysis framework for security in web applications. In Proceedings of the FSE Workshop on Specification and Verification of Component-Based Systems (SAVCBS 2004), pages 70--78, October 2004."}],"event":{"name":"SEM05: Software Engineering and Middleware 2005","location":"Lisbon Portugal","acronym":"SEM05","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering"]},"container-title":["Proceedings of the 5th international workshop on Software engineering and middleware"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1108473.1108496","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1108473.1108496","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T16:07:49Z","timestamp":1750262869000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1108473.1108496"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2005,9,5]]},"references-count":23,"alternative-id":["10.1145\/1108473.1108496","10.1145\/1108473"],"URL":"https:\/\/doi.org\/10.1145\/1108473.1108496","relation":{},"subject":[],"published":{"date-parts":[[2005,9,5]]},"assertion":[{"value":"2005-09-05","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}