{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:15:51Z","timestamp":1750306551958,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":38,"publisher":"ACM","license":[{"start":{"date-parts":[[2016,3,9]],"date-time":"2016-03-09T00:00:00Z","timestamp":1457481600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100000780","name":"European Commission","doi-asserted-by":"publisher","award":["FP7-607109 (SEGRID)"],"award-info":[{"award-number":["FP7-607109 (SEGRID)"]}],"id":[{"id":"10.13039\/501100000780","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001871","name":"Funda\u00e7\u00e3o para a Ci\u00eancia e a Tecnologia","doi-asserted-by":"publisher","award":["UID\/CEC\/50021\/2013 (INESC-ID),UID\/CEC\/00408\/2013 (LaSIGE)"],"award-info":[{"award-number":["UID\/CEC\/50021\/2013 (INESC-ID),UID\/CEC\/00408\/2013 (LaSIGE)"]}],"id":[{"id":"10.13039\/501100001871","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2016,3,9]]},"DOI":"10.1145\/2857705.2857723","type":"proceedings-article","created":{"date-parts":[[2020,12,22]],"date-time":"2020-12-22T01:12:06Z","timestamp":1608599526000},"page":"295-306","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["Hacking the DBMS to Prevent Injection Attacks"],"prefix":"10.1145","author":[{"given":"Ib\u00e9ria","family":"Medeiros","sequence":"first","affiliation":[{"name":"INESC-ID, Faculdade de Ci\u00eancias da Universidade de Lisboa, Lisboa, Portugal"}]},{"given":"Miguel","family":"Beatriz","sequence":"additional","affiliation":[{"name":"INESC-ID, Instituto Superior T\u00e9cnico da Universidade de Lisboa, Lisboa, Portugal"}]},{"given":"Nuno","family":"Neves","sequence":"additional","affiliation":[{"name":"LaSIGE, Faculdade de Ci\u00eancias da Universidade de Lisboa, Lisboa, Portugal"}]},{"given":"Miguel","family":"Correia","sequence":"additional","affiliation":[{"name":"INESC-ID, Instituto Superior T\u00e9cnico da Universidade de Lisboa, Lisboa, Portugal"}]}],"member":"320","published-online":{"date-parts":[[2016,3,9]]},"reference":[{"unstructured":"Spring framework 2014. http:\/\/spring.io\/.  Spring framework 2014. http:\/\/spring.io\/.","key":"e_1_3_2_1_1_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_2_1","DOI":"10.1007\/978-81-322-2650-5_4"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_3_1","DOI":"10.1145\/1315245.1315249"},{"key":"e_1_3_2_1_4_1","volume-title":"Oct.","author":"Technology BBC","year":"2014","unstructured":"BBC Technology . Millions of websites hit by Drupal hack attack , Oct. 2014 . http:\/\/www.bbc.com\/news\/technology-29846539. BBC Technology. Millions of websites hit by Drupal hack attack, Oct. 2014. http:\/\/www.bbc.com\/news\/technology-29846539."},{"key":"e_1_3_2_1_5_1","volume-title":"Uniform resource identifier (URI): Generic syntax. IETF Request for Comments: RFC","author":"Berners-Lee T.","year":"2005","unstructured":"T. Berners-Lee , R. Fielding , and L. Masinter . Uniform resource identifier (URI): Generic syntax. IETF Request for Comments: RFC 3986, Jan. 2005 . T. Berners-Lee, R. Fielding, and L. Masinter. Uniform resource identifier (URI): Generic syntax. IETF Request for Comments: RFC 3986, Jan. 2005."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_6_1","DOI":"10.1007\/978-3-540-24852-1_21"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_7_1","DOI":"10.1145\/1108473.1108496"},{"key":"e_1_3_2_1_8_1","volume-title":"Proceedings of the 2nd USENIX Conference on Web Application Development","author":"Cecchet E.","year":"2011","unstructured":"E. Cecchet , V. Udayabhanu , T. Wood , and P. Shenoy . Benchlab: An open testbed for realistic benchmarking of web applications . In Proceedings of the 2nd USENIX Conference on Web Application Development , 2011 . E. Cecchet, V. Udayabhanu, T. Wood, and P. Shenoy. Benchlab: An open testbed for realistic benchmarking of web applications. In Proceedings of the 2nd USENIX Conference on Web Application Development, 2011."},{"key":"e_1_3_2_1_9_1","volume-title":"Syngress","author":"Clarke J.","year":"2009","unstructured":"J. Clarke . SQL Injection Attacks and Defense . Syngress , 2009 . J. Clarke. SQL Injection Attacks and Defense. Syngress, 2009."},{"unstructured":"CVE. http:\/\/cve.mitre.org.  CVE. http:\/\/cve.mitre.org.","key":"e_1_3_2_1_10_1"},{"key":"e_1_3_2_1_11_1","volume-title":"COMSEC Consulting","author":"Douglen A.","year":"2007","unstructured":"A. Douglen . SQL smuggling or, the attack that wasn't there. Technical report , COMSEC Consulting , Information Security , 2007 . A. Douglen. SQL smuggling or, the attack that wasn't there. Technical report, COMSEC Consulting, Information Security, 2007."},{"key":"e_1_3_2_1_12_1","volume-title":"Pearson Professional Education","author":"Dowd M.","year":"2006","unstructured":"M. Dowd , J. Mcdonald , and J. Schuh . Art of Software Security Assessment . Pearson Professional Education , 2006 . M. Dowd, J. Mcdonald, and J. Schuh. Art of Software Security Assessment. Pearson Professional Education, 2006."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_13_1","DOI":"10.1145\/1101908.1101935"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_14_1","DOI":"10.1109\/TSE.2007.70748"},{"key":"e_1_3_2_1_15_1","volume-title":"Writing Secure Code for Windows Vista","author":"Howard M.","year":"2007","unstructured":"M. Howard and D. LeBlanc . Writing Secure Code for Windows Vista . Microsoft Press , 1 st edition, 2007 . M. Howard and D. LeBlanc. Writing Secure Code for Windows Vista. Microsoft Press, 1st edition, 2007.","edition":"1"},{"key":"e_1_3_2_1_16_1","volume-title":"Incident response\/vulnerability coordination","author":"CERT.","year":"2014","unstructured":"ICS- CERT. Incident response\/vulnerability coordination in 2014 . ICS-CERT Monitor , Set .-Feb. 2015. ICS-CERT. Incident response\/vulnerability coordination in 2014. ICS-CERT Monitor, Set.-Feb. 2015."},{"volume-title":"Hacker intelligence initiative, monthly trend report#8","year":"2012","unstructured":"Imperva. Hacker intelligence initiative, monthly trend report#8 . Apr. 2012 . Imperva. Hacker intelligence initiative, monthly trend report#8. Apr. 2012.","key":"e_1_3_2_1_17_1"},{"unstructured":"JSoup. http:\/\/jsoup.org.  JSoup. http:\/\/jsoup.org.","key":"e_1_3_2_1_18_1"},{"key":"e_1_3_2_1_19_1","volume-title":"Debian hardening","author":"Koschany M.","year":"2013","unstructured":"M. Koschany . Debian hardening , 2013 . https:\/\/wiki.debian.org\/ Hardening . M. Koschany. Debian hardening, 2013. https:\/\/wiki.debian.org\/ Hardening."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_20_1","DOI":"10.1002\/sec.1199"},{"unstructured":"Measureit. https:\/\/code.google.com\/p\/measureit\/.  Measureit. https:\/\/code.google.com\/p\/measureit\/.","key":"e_1_3_2_1_21_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_22_1","DOI":"10.1145\/2566486.2568024"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_23_1","DOI":"10.1109\/DSN.2014.21"},{"unstructured":"OSVDB. http:\/\/osvdb.org.  OSVDB. http:\/\/osvdb.org.","key":"e_1_3_2_1_24_1"},{"unstructured":"PHP Address Book. http:\/\/php-addressbook.sourceforge.net.  PHP Address Book. http:\/\/php-addressbook.sourceforge.net.","key":"e_1_3_2_1_25_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_26_1","DOI":"10.1007\/11663812_7"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_27_1","DOI":"10.1145\/2103656.2103678"},{"unstructured":"refbase. http:\/\/http:\/\/www.refbase.net.  refbase. http:\/\/http:\/\/www.refbase.net.","key":"e_1_3_2_1_28_1"},{"key":"e_1_3_2_1_29_1","volume-title":"Apr.","author":"TechTarget Search Security","year":"2015","unstructured":"Search Security TechTarget . Wordpress vulnerable to stored XSS , Apr. 2015 . http:\/\/searchsecurity.techtarget.com\/news\/4500245137\/ WordPress-vulnerable-to-stored-XSS-researchers-find . Search Security TechTarget. Wordpress vulnerable to stored XSS, Apr. 2015. http:\/\/searchsecurity.techtarget.com\/news\/4500245137\/ WordPress-vulnerable-to-stored-XSS-researchers-find."},{"key":"e_1_3_2_1_30_1","volume-title":"http:\/\/db-engines.com\/en\/ranking, accessed Aug. 10th","author":"Engines Ranking IT.","year":"2015","unstructured":"Solid IT. DB- Engines Ranking . http:\/\/db-engines.com\/en\/ranking, accessed Aug. 10th , 2015 . SolidIT. DB-Engines Ranking. http:\/\/db-engines.com\/en\/ranking, accessed Aug. 10th, 2015."},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_31_1","DOI":"10.1145\/2508859.2516696"},{"unstructured":"Spring. http:\/\/docs.spring.io\/spring\/docs\/2.5.4\/reference\/aop.html.  Spring. http:\/\/docs.spring.io\/spring\/docs\/2.5.4\/reference\/aop.html.","key":"e_1_3_2_1_32_1"},{"unstructured":"sqlmap. https:\/\/github.com\/sqlmapproject\/testenv\/tree\/master\/mysql.  sqlmap. https:\/\/github.com\/sqlmapproject\/testenv\/tree\/master\/mysql.","key":"e_1_3_2_1_33_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_34_1","DOI":"10.1145\/1111037.1111070"},{"unstructured":"Trustwave SpiderLabs. ModSecurity - Open Source Web Application Firewall. http:\/\/www.modsecurity.org.  Trustwave SpiderLabs. ModSecurity - Open Source Web Application Firewall. http:\/\/www.modsecurity.org.","key":"e_1_3_2_1_35_1"},{"unstructured":"WebChess. http:\/\/sourceforge.net\/projects\/webchess\/.  WebChess. http:\/\/sourceforge.net\/projects\/webchess\/.","key":"e_1_3_2_1_36_1"},{"key":"e_1_3_2_1_37_1","volume-title":"OWASP Top 10: The ten most critical web application security risks. Technical report","author":"Williams J.","year":"2013","unstructured":"J. Williams and D. Wichers . OWASP Top 10: The ten most critical web application security risks. Technical report , OWASP Foundation , 2013 . J. Williams and D. Wichers. OWASP Top 10: The ten most critical web application security risks. Technical report, OWASP Foundation, 2013."},{"unstructured":"ZeroCMS. Content management system built using PHP and MySQL. http:\/\/www.aas9.in\/zerocms\/.  ZeroCMS. Content management system built using PHP and MySQL. http:\/\/www.aas9.in\/zerocms\/.","key":"e_1_3_2_1_39_1"}],"event":{"sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"acronym":"CODASPY'16","name":"CODASPY'16: Sixth ACM Conference on Data and Application Security and Privacy","location":"New Orleans Louisiana USA"},"container-title":["Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2857705.2857723","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2857705.2857723","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T06:12:42Z","timestamp":1750227162000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2857705.2857723"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,3,9]]},"references-count":38,"alternative-id":["10.1145\/2857705.2857723","10.1145\/2857705"],"URL":"https:\/\/doi.org\/10.1145\/2857705.2857723","relation":{},"subject":[],"published":{"date-parts":[[2016,3,9]]},"assertion":[{"value":"2016-03-09","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}