Automatically preparing safe SQL queries

Interprocedural slicing using dependence graphs

PLDI '88 Proceedings of the ACM SIGPLAN 1988 conference on Programming Language design and Implementation

Efficiently computing static single assignment form and the control dependence graph

ACM Transactions on Programming Languages and Systems (TOPLAS)

Symbolic execution and program testing

Communications of the ACM

Writing Secure Code

Writing Secure Code

Static approximation of dynamically generated Web pages

WWW '05 Proceedings of the 14th international conference on World Wide Web

AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks

Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering

Using parse tree validation to prevent SQL injection attacks

SEM '05 Proceedings of the 5th international workshop on Software engineering and middleware

The essence of command injection attacks in web applications

Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages

Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy

Precise alias analysis for static detection of web application vulnerabilities

Proceedings of the 2006 workshop on Programming languages and analysis for security

Using positive tainting and syntax-aware evaluation to counter SQL injection attacks

Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering

Application layer intrusion detection for SQL injection

Proceedings of the 44th annual Southeast regional conference

Sound and precise analysis of web applications for injection vulnerabilities

Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation

Finding security vulnerabilities in java applications with static analysis

SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14

Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks

USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15

Static detection of security vulnerabilities in scripting languages

USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15

A Static Analysis Framework For Detecting SQL Injection Vulnerabilities

COMPSAC '07 Proceedings of the 31st Annual International Computer Software and Applications Conference - Volume 01

CANDID: preventing sql injection attacks using dynamic candidate evaluations

Proceedings of the 14th ACM conference on Computer and communications security

Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications

SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy

Automated Fix Generator for SQL Injection Attacks

ISSRE '08 Proceedings of the 2008 19th International Symposium on Software Reliability Engineering

On automated prepared statement generation to remove SQL injection vulnerabilities

Information and Software Technology

SQLProb: a proxy-based architecture towards preventing SQL injection attacks

Proceedings of the 2009 ACM symposium on Applied Computing

TAJ: effective taint analysis of web applications

Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation

Automatic creation of SQL Injection and cross-site scripting attacks

ICSE '09 Proceedings of the 31st International Conference on Software Engineering

A learning-based approach to the detection of SQL attacks

DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment

Defending against injection attacks through context-sensitive string evaluation

RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection