Abstracting application-level web security
Proceedings of the 11th international conference on World Wide Web
Writing Secure Code
Web application security assessment by fault injection and behavior monitoring
WWW '03 Proceedings of the 12th international conference on World Wide Web
Securing web application code by static analysis and runtime protection
Proceedings of the 13th international conference on World Wide Web
Static Checking of Dynamically Generated Queries in Database Applications
Proceedings of the 26th International Conference on Software Engineering
SQL DOM: compile time checking of dynamic SQL statements
Proceedings of the 27th international conference on Software engineering
Safe query objects: statically typed objects as remotely executable queries
Proceedings of the 27th international conference on Software engineering
Combining static analysis and runtime monitoring to counter SQL-injection attacks
WODA '05 Proceedings of the third international workshop on Dynamic analysis
Finding application errors and security flaws using PQL: a program query language
OOPSLA '05 Proceedings of the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
Dynamic Taint Propagation for Java
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Using parse tree validation to prevent SQL injection attacks
SEM '05 Proceedings of the 5th international workshop on Software engineering and middleware
The essence of command injection attacks in web applications
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
InsECTJ: a generic instrumentation framework for collecting dynamic information within Eclipse
eclipse '05 Proceedings of the 2005 OOPSLA workshop on Eclipse technology eXchange
Finding security vulnerabilities in java applications with static analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Precise analysis of string expressions
SAS'03 Proceedings of the 10th international conference on Static analysis
A learning-based approach to the detection of SQL attacks
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Defending against injection attacks through context-sensitive string evaluation
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
DIWeDa - Detecting Intrusions in Web Databases
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Journal of Computing Sciences in Colleges
Systematically Eradicating Data Injection Attacks Using Security-Oriented Program Transformations
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Protecting Database Centric Web Services against SQL/XPath Injection Attacks
DEXA '09 Proceedings of the 20th International Conference on Database and Expert Systems Applications
A semantic data validation service for web applications
Journal of Theoretical and Applied Electronic Commerce Research
Users tracking and roles mining in web-based applications
Proceedings of the 2011 Joint EDBT/ICDT Ph.D. Workshop
PSIAQOP: preventing SQL injection attacks based on query optimization process
Proceedings of the Second Kuwait Conference on e-Services and e-Systems
Path sensitive static analysis of web applications for remote code execution vulnerability detection
Proceedings of the 2013 International Conference on Software Engineering
| Hi-index | 0.00 |
AMNESIA is a tool that detects and prevents SQL injection attacks by combining static analysis and runtime monitoring. Empirical evaluation has shown that AMNESIA is both effective and efficient against SQL injection.