Using positive tainting and syntax-aware evaluation to counter SQL injection attacks
暂无分享,去创建一个
[1] Alexander Aiken,et al. Static Detection of Security Vulnerabilities in Scripting Languages , 2006, USENIX Security Symposium.
[2] Anh Nguyen-Tuong,et al. Automatically Hardening Web Applications Using Precise Tainting , 2005, SEC.
[3] Michael Franz,et al. Dynamic taint propagation for Java , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).
[4] Siddhartha Rai,et al. Safe query objects: statically typed objects as remotely executable queries , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..
[5] James Newsom,et al. Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software, Network and Distributed System Security Symposium Conference Proceedings : 2005 , 2005 .
[6] D. T. Lee,et al. Securing web application code by static analysis and runtime protection , 2004, WWW '04.
[7] Giovanni Vigna,et al. A Learning-Based Approach to the Detection of SQL Attacks , 2005, DIMVA.
[8] Tadeusz Pietraszek,et al. Defending Against Injection Attacks Through Context-Sensitive String Evaluation , 2005, RAID.
[9] Richard Sharp,et al. Abstracting application-level web security , 2002, WWW.
[10] Jerome H. Saltzer,et al. The protection of information in computer systems , 1975, Proc. IEEE.
[11] Chris Anley,et al. Advanced SQL Injection In SQL Server Applications , 2002 .
[12] Premkumar T. Devanbu,et al. JDBC checker: a static analysis tool for SQL/JDBC applications , 2004, Proceedings. 26th International Conference on Software Engineering.
[13] Bruce W. Weide,et al. Using parse tree validation to prevent SQL injection attacks , 2005, SEM '05.
[14] R.A. McClure,et al. SQL DOM: compile time checking of dynamic SQL statements , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..
[15] Christopher Krügel,et al. Pixy: a static analysis tool for detecting Web application vulnerabilities , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).
[16] Benjamin Livshits,et al. Finding Security Vulnerabilities in Java Applications with Static Analysis , 2005, USENIX Security Symposium.
[17] Shih-Kun Huang,et al. Web application security assessment by fault injection and behavior monitoring , 2003, WWW '03.
[18] SQL Injection Signatures Evasion , 2004 .
[19] Zhendong Su,et al. An Analysis Framework for Security in Web Applications , 2004 .
[20] Alessandro Orso,et al. AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks , 2005, ASE.
[21] Premkumar T. Devanbu,et al. Static checking of dynamically generated queries in database applications , 2004, Proceedings. 26th International Conference on Software Engineering.
[22] Angelos D. Keromytis,et al. SQLrand: Preventing SQL Injection Attacks , 2004, ACNS.
[23] Zhendong Su,et al. The essence of command injection attacks in web applications , 2006, POPL '06.
[24] Alessandro Orso,et al. A Classification of SQL Injection Attacks and Countermeasures , 2006, ISSSE.
[25] Benjamin Livshits,et al. Finding application errors and security flaws using PQL: a program query language , 2005, OOPSLA '05.