{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T23:14:03Z","timestamp":1763507643007},"publisher-location":"New York, NY, USA","reference-count":27,"publisher":"ACM","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2006,11,5]]},"DOI":"10.1145\/1181775.1181797","type":"proceedings-article","created":{"date-parts":[[2007,1,17]],"date-time":"2007-01-17T01:15:56Z","timestamp":1168996556000},"page":"175-185","update-policy":"http:\/\/dx.doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":126,"title":["Using positive tainting and syntax-aware evaluation to counter SQL injection attacks"],"prefix":"10.1145","author":[{"given":"William G. J.","family":"Halfond","sequence":"first","affiliation":[{"name":"Georgia Institute of Technology"}]},{"given":"Alessandro","family":"Orso","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology"}]},{"given":"Panagiotis","family":"Manolios","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology"}]}],"member":"320","published-online":{"date-parts":[[2006,11,5]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Advanced SQL Injection In SQL Server Applications. White paper","author":"Anley C.","year":"2002","unstructured":"C. Anley . Advanced SQL Injection In SQL Server Applications. White paper , Next Generation Security Software Ltd ., 2002 . C. Anley. Advanced SQL Injection In SQL Server Applications. White paper, Next Generation Security Software Ltd., 2002."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-24852-1_21"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/1108473.1108496"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1062455.1062488"},{"key":"e_1_3_2_1_5_1","volume-title":"Top ten most critical web application vulnerabilities","author":"Foundation T. O.","year":"2005","unstructured":"T. O. Foundation . Top ten most critical web application vulnerabilities , 2005 . http:\/\/www.owasp.org\/documentation\/topten.html. T. O. Foundation. Top ten most critical web application vulnerabilities, 2005. http:\/\/www.owasp.org\/documentation\/topten.html."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.5555\/998675.999476"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.5555\/998675.999468"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.2005.21"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1101908.1101935"},{"key":"e_1_3_2_1_10_1","volume-title":"Proc. of the Intl. Symposium on Secure Software Engineering","author":"Halfond W. G.","year":"2006","unstructured":"W. G. Halfond , J. Viegas , and A. Orso . A Classification of SQL-Injection Attacks and Countermeasures . In Proc. of the Intl. Symposium on Secure Software Engineering , Mar. 2006 . W. G. Halfond, J. Viegas, and A. Orso. A Classification of SQL-Injection Attacks and Countermeasures. In Proc. of the Intl. Symposium on Secure Software Engineering, Mar. 2006."},{"key":"e_1_3_2_1_11_1","volume-title":"Writing Secure Code","author":"Howard M.","year":"2003","unstructured":"M. Howard and D. LeBlanc . Writing Secure Code . Microsoft Press, Redmond , Washington, Second Edition, 2003 . M. Howard and D. LeBlanc. Writing Secure Code. Microsoft Press, Redmond, Washington, Second Edition, 2003."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/775152.775174"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/988672.988679"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.29"},{"key":"e_1_3_2_1_15_1","volume-title":"Proceedings of the 14th Usenix Security Symposium","author":"Livshits V. B.","year":"2005","unstructured":"V. B. Livshits and M. S. Lam . Finding Security Vulnerabilities in Java Applications with Static Analysis . In Proceedings of the 14th Usenix Security Symposium , Aug. 2005 . V. B. Livshits and M. S. Lam. Finding Security Vulnerabilities in Java Applications with Static Analysis. In Proceedings of the 14th Usenix Security Symposium, Aug. 2005."},{"key":"e_1_3_2_1_16_1","volume-title":"Imperva","author":"Maor O.","year":"2004","unstructured":"O. Maor and A. Shulman . SQL Injection Signatures Evasion. White paper , Imperva , Apr. 2004 . http:\/\/www.imperva.com\/application_defense_center\/white_papers\/sql_injection_signatures_evasion.html. O. Maor and A. Shulman. SQL Injection Signatures Evasion. White paper, Imperva, Apr. 2004. http:\/\/www.imperva.com\/application_defense_center\/white_papers\/sql_injection_signatures_evasion.html."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1094811.1094840"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1062455.1062487"},{"key":"e_1_3_2_1_19_1","volume-title":"Proc. of the 12th Annual Network and Distributed System Security Symposium (NDSS 05)","author":"Newsome J.","year":"2005","unstructured":"J. Newsome and D. Song . Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software . In Proc. of the 12th Annual Network and Distributed System Security Symposium (NDSS 05) , Feb. 2005 . J. Newsome and D. Song. Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. In Proc. of the 12th Annual Network and Distributed System Security Symposium (NDSS 05), Feb. 2005."},{"key":"e_1_3_2_1_20_1","volume-title":"Automatically Hardening Web Applications Using Precise Tainting. In Twentieth IFIP Intl. Information Security Conference (SEC 2005)","author":"Nguyen-Tuong A.","year":"2005","unstructured":"A. Nguyen-Tuong , S. Guarnieri , D. Greene , J. Shirley , and D. Evans . Automatically Hardening Web Applications Using Precise Tainting. In Twentieth IFIP Intl. Information Security Conference (SEC 2005) , May 2005 . A. Nguyen-Tuong, S. Guarnieri, D. Greene, J. Shirley, and D. Evans. Automatically Hardening Web Applications Using Precise Tainting. In Twentieth IFIP Intl. Information Security Conference (SEC 2005), May 2005."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1007\/11663812_7"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/PROC.1975.9939"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/511446.511498"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1111037.1111070"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/11506881_8"},{"key":"e_1_3_2_1_26_1","first-page":"70","volume-title":"Proc. of the FSE Workshop on Specification and Verification of Component-Based Systems (SAVCBS 2004","author":"Wassermann G.","year":"2004","unstructured":"G. Wassermann and Z. Su . An Analysis Framework for Security in Web Applications . In Proc. of the FSE Workshop on Specification and Verification of Component-Based Systems (SAVCBS 2004 ), pages 70 -- 78 , Oct. 2004 . G. Wassermann and Z. Su. An Analysis Framework for Security in Web Applications. In Proc. of the FSE Workshop on Specification and Verification of Component-Based Systems (SAVCBS 2004), pages 70--78, Oct. 2004."},{"key":"e_1_3_2_1_27_1","volume-title":"Proceedings of the 15th USENIX Security Symposium","author":"Xie Y.","year":"2006","unstructured":"Y. Xie and A. Aiken . Static Detection of Security Vulnerabilities in Scripting Languages . In Proceedings of the 15th USENIX Security Symposium , July 2006 . Y. Xie and A. Aiken. Static Detection of Security Vulnerabilities in Scripting Languages. In Proceedings of the 15th USENIX Security Symposium, July 2006."}],"event":{"name":"SIGSOFT06\/FSE-14: SIGSOFT 2006 -14th International Symposium on the Foundations of Software Engineering","sponsor":["ACM Association for Computing Machinery","SIGSOFT ACM Special Interest Group on Software Engineering"],"location":"Portland Oregon USA","acronym":"SIGSOFT06\/FSE-14"},"container-title":["Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1181775.1181797","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,1,10]],"date-time":"2023-01-10T20:45:18Z","timestamp":1673383518000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1181775.1181797"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2006,11,5]]},"references-count":27,"alternative-id":["10.1145\/1181775.1181797","10.1145\/1181775"],"URL":"https:\/\/doi.org\/10.1145\/1181775.1181797","relation":{},"subject":[],"published":{"date-parts":[[2006,11,5]]},"assertion":[{"value":"2006-11-05","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}