AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks
暂无分享,去创建一个
[1] Richard Sharp,et al. Abstracting application-level web security , 2002, WWW.
[2] Chris Anley,et al. Advanced SQL Injection In SQL Server Applications , 2002 .
[3] Stuart McDonald. SQL Injection: Modes of attack, defence, and why it matters , 2002 .
[4] Angelos D. Keromytis,et al. Countering code-injection attacks with instruction-set randomization , 2003, CCS '03.
[5] Shih-Kun Huang,et al. Web application security assessment by fault injection and behavior monitoring , 2003, WWW '03.
[6] Aske Simon Christensen,et al. Precise Analysis of String Expressions , 2003, SAS.
[7] Angelos D. Keromytis,et al. SQLrand: Preventing SQL Injection Attacks , 2004, ACNS.
[8] Monica S. Lam,et al. Finding Application Errors Using PQL: a Program Query Language , 2004 .
[9] Premkumar T. Devanbu,et al. JDBC checker: a static analysis tool for SQL/JDBC applications , 2004, Proceedings. 26th International Conference on Software Engineering.
[10] D. T. Lee,et al. Securing web application code by static analysis and runtime protection , 2004, WWW '04.
[11] Zhendong Su,et al. An Analysis Framework for Security in Web Applications , 2004 .
[12] Alessandro Orso,et al. A generic instrumentation framework for collecting dynamic information , 2004, SOEN.
[13] Premkumar T. Devanbu,et al. Static checking of dynamically generated queries in database applications , 2004, Proceedings. 26th International Conference on Software Engineering.
[14] Alessandro Orso,et al. Combining static analysis and runtime monitoring to counter SQL-injection attacks , 2005 .
[15] Benjamin Livshits,et al. Finding application errors and security flaws using PQL: a program query language , 2005, OOPSLA '05.
[16] Benjamin Livshits,et al. Finding Security Vulnerabilities in Java Applications with Static Analysis , 2005, USENIX Security Symposium.
[17] S. Rai,et al. Safe query objects: statically typed objects as remotely executable queries , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..
[18] Anh Nguyen-Tuong,et al. Automatically Hardening Web Applications Using Precise Tainting , 2005, SEC.
[19] Giovanni Vigna,et al. A Learning-Based Approach to the Detection of SQL Attacks , 2005, DIMVA.
[20] Tadeusz Pietraszek,et al. Defending Against Injection Attacks Through Context-Sensitive String Evaluation , 2005, RAID.
[21] R.A. McClure,et al. SQL DOM: compile time checking of dynamic SQL statements , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..