{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,5]],"date-time":"2025-11-05T20:46:02Z","timestamp":1762375562708,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":30,"publisher":"ACM","license":[{"start":{"date-parts":[[2012,2,7]],"date-time":"2012-02-07T00:00:00Z","timestamp":1328572800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2012,2,7]]},"DOI":"10.1145\/2133601.2133605","type":"proceedings-article","created":{"date-parts":[[2012,2,7]],"date-time":"2012-02-07T15:39:28Z","timestamp":1328629168000},"page":"25-36","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":12,"title":["SENTINEL"],"prefix":"10.1145","author":[{"given":"Xiaowei","family":"Li","sequence":"first","affiliation":[{"name":"Vanderbilt University, Nashville, TN, USA"}]},{"given":"Wei","family":"Yan","sequence":"additional","affiliation":[{"name":"Vanderbilt University, Nashville, TN, USA"}]},{"given":"Yuan","family":"Xue","sequence":"additional","affiliation":[{"name":"Vanderbilt University, Nashville, TN, USA"}]}],"member":"320","published-online":{"date-parts":[[2012,2,7]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"AT&T website breach. http:\/\/www.acunetix.com\/blog\/web-security-zone\/articles\/analysis-php-attack-apple-information-disclosure\/.  AT&T website breach. http:\/\/www.acunetix.com\/blog\/web-security-zone\/articles\/analysis-php-attack-apple-information-disclosure\/."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315250"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315249"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866375"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046774"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1943513.1943524"},{"key":"e_1_3_2_1_7_1","first-page":"159","volume-title":"Proceedings of the Integrity and Internal Control in Information System","author":"Chung C. Y.","year":"1999","unstructured":"C. Y. Chung , M. Gertz , and K. Levitt . DEMIDS: A Misuse Detection System for Database Systems . In Proceedings of the Integrity and Internal Control in Information System , pages 159 -- 178 , 1999 . C. Y. Chung, M. Gertz, and K. Levitt. DEMIDS: A Misuse Detection System for Database Systems. In Proceedings of the Integrity and Internal Control in Information System, pages 159--178, 1999."},{"key":"e_1_3_2_1_8_1","unstructured":"Confused Deputy Problem. http:\/\/en.wikipedia.org\/wiki\/confused\\_deputy\\_problem.  Confused Deputy Problem. http:\/\/en.wikipedia.org\/wiki\/confused\\_deputy\\_problem."},{"key":"e_1_3_2_1_9_1","unstructured":"Connection Pooling. http:\/\/en.wikipedia.org\/wiki\/connection\\_pool.  Connection Pooling. http:\/\/en.wikipedia.org\/wiki\/connection\\_pool."},{"key":"e_1_3_2_1_10_1","first-page":"63","volume-title":"Swaddler: An Approach for the Anomaly-based Detection of State Violations in Web Applications. In RAID'07: Proceedings of the 10th International Symposium on Recent Advances in Intrusion Detection","author":"Cova M.","year":"2007","unstructured":"M. Cova , D. Balzarotti , V. Felmetsger , and G. Vigna . Swaddler: An Approach for the Anomaly-based Detection of State Violations in Web Applications. In RAID'07: Proceedings of the 10th International Symposium on Recent Advances in Intrusion Detection , pages 63 -- 86 , 2007 . M. Cova, D. Balzarotti, V. Felmetsger, and G. Vigna. Swaddler: An Approach for the Anomaly-based Detection of State Violations in Web Applications. In RAID'07: Proceedings of the 10th International Symposium on Recent Advances in Intrusion Detection, pages 63--86, 2007."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.5555\/1884848.1884858"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/32.908957"},{"key":"e_1_3_2_1_13_1","unstructured":"Extended Finite State Machine. http:\/\/en.wikipedia.org\/wiki\/extended\\_finite-state\\_machine.  Extended Finite State Machine. http:\/\/en.wikipedia.org\/wiki\/extended\\_finite-state\\_machine."},{"key":"e_1_3_2_1_14_1","first-page":"143","volume-title":"Toward Automated Detection of Logic Vulnerabilities in Web Applications. In USENIX'10: Proceedings of the 19th conference on USENIX Security Symposium","author":"Felmetsger V.","year":"2010","unstructured":"V. Felmetsger , L. Cavedon , C. Kruegel , and G. Vigna . Toward Automated Detection of Logic Vulnerabilities in Web Applications. In USENIX'10: Proceedings of the 19th conference on USENIX Security Symposium , pages 143 -- 160 , 2010 . V. Felmetsger, L. Cavedon, C. Kruegel, and G. Vigna. Toward Automated Detection of Logic Vulnerabilities in Web Applications. In USENIX'10: Proceedings of the 19th conference on USENIX Security Symposium, pages 143--160, 2010."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/1966913.1966971"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1101908.1101935"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00778-007-0051-4"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.5555\/646649.699488"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076767"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1368088.1368157"},{"key":"e_1_3_2_1_21_1","unstructured":"OpenInvoice 0.9 beta. http:\/\/sourceforge.net\/projects\/openinv\/.  OpenInvoice 0.9 beta. http:\/\/sourceforge.net\/projects\/openinv\/."},{"key":"e_1_3_2_1_22_1","unstructured":"OpenIT. http:\/\/sourceforge.net\/projects\/openit\/.  OpenIT. http:\/\/sourceforge.net\/projects\/openit\/."},{"key":"e_1_3_2_1_23_1","unstructured":"Prepared Statement. http:\/\/php.net\/manual\/en\/pdo.prepared-statements.php.  Prepared Statement. http:\/\/php.net\/manual\/en\/pdo.prepared-statements.php."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1266840.1266846"},{"key":"e_1_3_2_1_25_1","first-page":"313","volume-title":"Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security","author":"Roichman A.","year":"2008","unstructured":"A. Roichman and E. Gudes . DIWeDa - Detecting Intrusions in Web Databases . In Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security , pages 313 -- 329 , 2008 . 10.1007\/978-3-540-70567-3_24 A. Roichman and E. Gudes. DIWeDa - Detecting Intrusions in Web Databases. In Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security, pages 313--329, 2008. 10.1007\/978-3-540-70567-3_24"},{"key":"e_1_3_2_1_26_1","unstructured":"SeleniumHQ: Web Application Testing System. http:\/\/seleniumhq.org\/.  SeleniumHQ: Web Application Testing System. http:\/\/seleniumhq.org\/."},{"key":"e_1_3_2_1_27_1","first-page":"11","volume-title":"Static Detection of Access Control Vulnerabilities in Web Applications. In USENIX'11: Proceedings of the 20th USENIX Security Symposium","author":"Sun F.","year":"2011","unstructured":"F. Sun , L. Xu , and Z. Su . Static Detection of Access Control Vulnerabilities in Web Applications. In USENIX'11: Proceedings of the 20th USENIX Security Symposium , pages 11 -- 11 , 2011 . F. Sun, L. Xu, and Z. Su. Static Detection of Access Control Vulnerabilities in Web Applications. In USENIX'11: Proceedings of the 20th USENIX Security Symposium, pages 11--11, 2011."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/11506881_8"},{"key":"e_1_3_2_1_29_1","unstructured":"Wackopicko. https:\/\/github.com\/adamdoupe\/wackopicko.  Wackopicko. https:\/\/github.com\/adamdoupe\/wackopicko."},{"key":"e_1_3_2_1_30_1","unstructured":"Web Application Security Statistics. http:\/\/projects.webappsec.org\/w\/page\/13246989\/web\\\\applicationsecuritystatistics.  Web Application Security Statistics. http:\/\/projects.webappsec.org\/w\/page\/13246989\/web\\\\applicationsecuritystatistics."}],"event":{"name":"CODASPY'12: Second ACM Conference on Data and Application Security and Privacy","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"San Antonio Texas USA","acronym":"CODASPY'12"},"container-title":["Proceedings of the second ACM conference on Data and Application Security and Privacy"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2133601.2133605","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2133601.2133605","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T10:05:52Z","timestamp":1750241152000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2133601.2133605"}},"subtitle":["securing database from logic flaws in web applications"],"short-title":[],"issued":{"date-parts":[[2012,2,7]]},"references-count":30,"alternative-id":["10.1145\/2133601.2133605","10.1145\/2133601"],"URL":"https:\/\/doi.org\/10.1145\/2133601.2133605","relation":{},"subject":[],"published":{"date-parts":[[2012,2,7]]},"assertion":[{"value":"2012-02-07","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}