Static Checking of Dynamically Generated Queries in Database Applications
Proceedings of the 26th International Conference on Software Engineering
Finding security vulnerabilities in java applications with static analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Improving software security with precise static and runtime analysis
Improving software security with precise static and runtime analysis
Component design, integration and service transformation in financial industry
International Journal of Information Systems and Change Management
SQLProb: a proxy-based architecture towards preventing SQL injection attacks
Proceedings of the 2009 ACM symposium on Applied Computing
Precise analysis of string expressions
SAS'03 Proceedings of the 10th international conference on Static analysis
Defending against injection attacks through context-sensitive string evaluation
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
| Hi-index | 0.00 |
To apply our analysis work in industry security applications, we are investigating semantic metadata and structural syntax analysis. This paper explains how our approaches achieve the goal in terms of static and dynamic analysis by using industry scenarios. To better explain the framework and roadmap, we describe our approaches by using macro and micro views individually. Macro view oversees syntax structure and identification, while micro view envisions metadata messaging and parser automaton. The coherence of macro and micro views forms web security framework in tracking and validation. Our research applies the security service in industry fraud detection. It demonstrates metadata messaging for tracking, and HIPA code generation for validation. This bridges the gap between static and dynamic analysis. This also builds up the foundation of web security governance.