An approach for SQL injection vulnerability detection

ITNG 2009 - 6th International Conference on Information Technology: New Generations

Volumn , Issue , 2009, Pages 1411-1414

  MeiJunjin, ^a  

^a HUBEI POLYTECHNIC UNIVERSITY   (China)

Author keywords

[No Author keywords available]

Indexed keywords

FALSE NEGATIVES; FALSE POSITIVE; PROTOTYPE TOOLS; RESEARCH OBJECTIVES; RUNTIMES; SQL INJECTION; VULNERABILITY DETECTION; WEB APPLICATION;

AUTOMATIC TESTING; INFORMATION TECHNOLOGY; STATIC ANALYSIS;

RESEARCH;

EID: 77951105286     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ITNG.2009.34     Document Type: Conference Paper

References (9)

1. "OWASPD - Open Web Application Security Project. Top ten most critical web application vulnerabilities," 2005.
2. C. Anley, Advanced SQL Injection In SQL Server Applications. White Paper, Next Generation Security Software Ltd., 2000. http://www.ngssoftware.com/ papers/advanced-sql-injection.pdf.
3. B. Arkin, S. Stender, and G. McGraw, "Software Penetration Testing," IEEE Security and Privacy, vol.3, no.1, pp. 84-87, 2005.
4. L. Auronen, "Tool-Based Approach to Assessing Web Application Security," Helsinki University of Technology, November, 2002.
5. R. A. Baker, "Code Reviews Enhance Software Quality," In Proceedings of the 19th international conference on Software engineering (ICSE'97) pp. 570-571, Boston, MA, USA. 1997.
6. P. Chandra, B. Chess, and J. Steven, "Putting the Tools to Work: How to Succeed with Source Code Analysis," IEEE Security and Privacy, vol.4, no.3, pp. 80-83, 2006.
7. B. Chess and G. McGraw, "Static analysis for security," IEEE Security and Privacy, vol.2, no.6, pp. 76-79, 2004.
8. A. S. Christensen, A. Mller, and M. I. Schwartzbach, "Extending Java for high-level Web service construction," ACM Transactions on Program ming Languages and Systems, vol.25, no.6, pp. 814-875, 2003. (Pubitemid 41283893)
9. A. S. Christensen, A. Mller, and M. I. Schwartzbach, "Precise Analysis of String Expressions," In Proceedings of the 10th International Static Analysis Symposium(SAS 03), pp. 1-18, June. 2003.