The programmer's apprentice
Writing Secure Code
Securing web application code by static analysis and runtime protection
Proceedings of the 13th international conference on World Wide Web
ACM SIGPLAN Notices
Refactoring support for class library migration
OOPSLA '05 Proceedings of the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
Sound and precise analysis of web applications for injection vulnerabilities
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Finding security vulnerabilities in java applications with static analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Static detection of security vulnerabilities in scripting languages
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
A Static Analysis Framework For Detecting SQL Injection Vulnerabilities
COMPSAC '07 Proceedings of the 31st Annual International Computer Software and Applications Conference - Volume 01
ReBA: a tool for generating binary adapters for evolving java libraries
Companion of the 30th international conference on Software engineering
Dynamic test input generation for web applications
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Automated Fix Generator for SQL Injection Attacks
ISSRE '08 Proceedings of the 2008 19th International Symposium on Software Reliability Engineering
On automated prepared statement generation to remove SQL injection vulnerabilities
Information and Software Technology
Systematically Eradicating Data Injection Attacks Using Security-Oriented Program Transformations
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
TAJ: effective taint analysis of web applications
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
A formal representation for plans in the programmer's apprentice
IJCAI'81 Proceedings of the 7th international joint conference on Artificial intelligence - Volume 2
A security oriented program transformation to "add on" policies to prevent injection attacks
Proceedings of the 2nd Workshop on Refactoring Tools
AURA: a hybrid approach to identify framework evolution
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
Automatically preparing safe SQL queries
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
Automatically fixing security vulnerabilities in Java code
Proceedings of the ACM international conference companion on Object oriented programming systems languages and applications companion
Fine slicing: theory and applications for computation extraction
FASE'12 Proceedings of the 15th international conference on Fundamental Approaches to Software Engineering
Reconciling manual and automatic refactoring
Proceedings of the 34th International Conference on Software Engineering
Hi-index | 0.00 |
Refactoring often requires the reordering of code fragments; such is the case when migrating from one API to another. Performing such reordering manually is complex and error-prone. A specific example in the security domain involves database query execution, in which some of the parameters come from untrusted sources. In Java, the Statement API provides opportunities for SQL injection attacks. The recommended remedy is to replace it with the secure Prepared-Statement API; however, that sometimes requires changing the order in which the query is built. We present an algorithm that performs this migration, moving code as necessary to preserve functionality while changing the structure of the original code as little as possible.