{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T16:58:53Z","timestamp":1768409933403,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":28,"publisher":"ACM","license":[{"start":{"date-parts":[[2016,8,25]],"date-time":"2016-08-25T00:00:00Z","timestamp":1472083200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"National de la Recherche Luxembourg","award":["FNR4800382"],"award-info":[{"award-number":["FNR4800382"]}]},{"DOI":"10.13039\/501100001866","name":"Fonds National de la Recherche Luxembourg","doi-asserted-by":"publisher","award":["FNR\/P10\/03"],"award-info":[{"award-number":["FNR\/P10\/03"]}],"id":[{"id":"10.13039\/501100001866","id-type":"DOI","asserted-by":"publisher"}]},{"name":"FBK Mobility project"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2016,8,25]]},"DOI":"10.1145\/2970276.2970343","type":"proceedings-article","created":{"date-parts":[[2016,8,26]],"date-time":"2016-08-26T12:40:09Z","timestamp":1472215209000},"page":"167-177","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":25,"title":["SOFIA: an automated security oracle for black-box testing of SQL-injection vulnerabilities"],"prefix":"10.1145","author":[{"given":"Mariano","family":"Ceccato","sequence":"first","affiliation":[{"name":"Fondazione Bruno Kessler, Italy"}]},{"given":"Cu D.","family":"Nguyen","sequence":"additional","affiliation":[{"name":"University of Luxembourg, Luxembourg"}]},{"given":"Dennis","family":"Appelt","sequence":"additional","affiliation":[{"name":"University of Luxembourg, Luxembourg"}]},{"given":"Lionel C.","family":"Briand","sequence":"additional","affiliation":[{"name":"University of Luxembourg, Luxembourg"}]}],"member":"320","published-online":{"date-parts":[[2016,8,25]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.5555\/2535015"},{"key":"e_1_3_2_1_2_1","first-page":"10","volume-title":"Verification and Validation (ICST), 2015 IEEE 8th International Conference on","author":"Appelt D.","year":"2015","unstructured":"D. Appelt , C. Nguyen , and L. Briand . Behind an application firewall, are we safe from sql injection attacks? In Software Testing , Verification and Validation (ICST), 2015 IEEE 8th International Conference on , pages 1\u2013 10 , April 2015 . D. Appelt, C. Nguyen, and L. Briand. Behind an application firewall, are we safe from sql injection attacks? In Software Testing, Verification and Validation (ICST), 2015 IEEE 8th International Conference on, pages 1\u201310, April 2015."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2610384.2610403"},{"key":"e_1_3_2_1_4_1","first-page":"43","volume-title":"Data and Knowledge","author":"Avancini A.","unstructured":"A. Avancini and M. Ceccato . Security oracle based on tree kernel methods. In Trustworthy Eternal Systems via Evolving Software , Data and Knowledge , pages 30\u2013 43 . Springer, 2013. A. Avancini and M. Ceccato. Security oracle based on tree kernel methods. In Trustworthy Eternal Systems via Evolving Software, Data and Knowledge, pages 30\u201343. Springer, 2013."},{"issue":"5","key":"e_1_3_2_1_5_1","first-page":"507","article-title":"The oracle problem in software testing: A survey. Software Engineering","volume":"41","author":"Barr E.","year":"2015","unstructured":"E. Barr , M. Harman , P. McMinn , M. Shahbaz , and S. Yoo . The oracle problem in software testing: A survey. Software Engineering , IEEE Transactions on , 41 ( 5 ): 507 \u2013 525 , May 2015 . E. Barr, M. Harman, P. McMinn, M. Shahbaz, and S. Yoo. The oracle problem in software testing: A survey. Software Engineering, IEEE Transactions on, 41(5):507\u2013525, May 2015.","journal-title":"IEEE Transactions on"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1698750.1698754"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1108473.1108496"},{"key":"e_1_3_2_1_8_1","volume-title":"Vulnerability type distributions in cve. Technical report","author":"Christey S.","year":"2006","unstructured":"S. Christey and R. A. Martin . Vulnerability type distributions in cve. Technical report , The MITRE Corporation , 2006 . S. Christey and R. A. Martin. Vulnerability type distributions in cve. Technical report, The MITRE Corporation, 2006."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/ECOWS.2010.28"},{"key":"e_1_3_2_1_10_1","first-page":"15","volume-title":"Proceedings of the IEEE International Symposium on Secure Software Engineering","volume":"1","author":"Halfond W.","unstructured":"W. Halfond , J. Viegas , and A. Orso . A classification of sql-injection attacks and countermeasures . In Proceedings of the IEEE International Symposium on Secure Software Engineering , volume 1 , pages 13\u2013 15 . IEEE, 2006. W. Halfond, J. Viegas, and A. Orso. A classification of sql-injection attacks and countermeasures. In Proceedings of the IEEE International Symposium on Secure Software Engineering, volume 1, pages 13\u201315. IEEE, 2006."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1101908.1101935"},{"key":"e_1_3_2_1_12_1","volume-title":"The sql injection threat study. Technical report","author":"P. Institute","year":"2014","unstructured":"P. Institute . The sql injection threat study. Technical report , Ponemon Institute , 2014 . P. Institute. The sql injection threat study. Technical report, Ponemon Institute, 2014."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.patrec.2009.09.011"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1363686.1364201"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2009.5070521"},{"key":"e_1_3_2_1_16_1","volume-title":"A survey on sql injection: Vulnerabilities, attacks, and prevention techniques","author":"Kindy D. A.","year":"2011","unstructured":"D. A. Kindy and A.-S. K. Pathan . A survey on sql injection: Vulnerabilities, attacks, and prevention techniques . 2011 . D. A. Kindy and A.-S. K. Pathan. A survey on sql injection: Vulnerabilities, attacks, and prevention techniques. 2011."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1529282.1529737"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.5555\/1394399"},{"key":"e_1_3_2_1_19_1","volume-title":"Enisa threat landscape. Technical report","author":"Marinos L.","year":"2012","unstructured":"L. Marinos and A. Sfakianakis . Enisa threat landscape. Technical report , European Network and Information Security Agency , 2012 . L. Marinos and A. Sfakianakis. Enisa threat landscape. Technical report, European Network and Information Security Agency, 2012."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2338965.2336765"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2011.06.020"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10852-005-9022-1"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1016\/0196-6774(90)90011-3"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1111320.1111070"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2568225.2568242"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1007\/11506881_8"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/HPCSim.2014.6903792"},{"key":"e_1_3_2_1_28_1","volume-title":"The Open Web Application Security Project","author":"Williams J.","year":"2013","unstructured":"J. Williams and D. Wichers . Owasp, top 10, the ten most critical web application security risks. Technical report , The Open Web Application Security Project , 2013 . J. Williams and D. Wichers. Owasp, top 10, the ten most critical web application security risks. Technical report, The Open Web Application Security Project, 2013."}],"event":{"name":"ASE'16: ACM\/IEEE International Conference on Automated Software Engineering","location":"Singapore Singapore","acronym":"ASE'16","sponsor":["SIGAI ACM Special Interest Group on Artificial Intelligence","SIGSOFT ACM Special Interest Group on Software Engineering","IEEE-CS Computer Society"]},"container-title":["Proceedings of the 31st IEEE\/ACM International Conference on Automated Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2970276.2970343","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2970276.2970343","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:50:01Z","timestamp":1750218601000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2970276.2970343"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,8,25]]},"references-count":28,"alternative-id":["10.1145\/2970276.2970343","10.1145\/2970276"],"URL":"https:\/\/doi.org\/10.1145\/2970276.2970343","relation":{},"subject":[],"published":{"date-parts":[[2016,8,25]]},"assertion":[{"value":"2016-08-25","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}