메뉴 건너뛰기
Proceedings - International Conference on Software Engineering
Volumn , Issue , 2012, Pages 1293-1296
Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities
Author keywords

data mining; defect prediction; input sanitization; static code attributes; web security vulnerabilities
Indexed keywords

CROSS SITE SCRIPTING; CYCLOMATIC COMPLEXITY; DATA MINING METHODS; DEFECT PREDICTION; LINES OF CODE; SANITIZATION; SOFTWARE MODULES; SQL INJECTION; STATIC CODES; WEB APPLICATION; WEB APPLICATION VULNERABILITY; WEB SECURITY;
EID: 84864239564     PISSN: 02705257     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICSE.2012.6227096     Document Type: Conference Paper
Times cited : (54)
References (14)
  • 1
    • 0026869449 scopus 로고
    • Methodology for validating software metrics
    • N. F. Schneidewind, "Methodology for validating software metrics," IEEE Trans. Softw. Eng., vol. 18(5), 1992, pp. 410-422.
    • (1992) IEEE Trans. Softw. Eng. , vol.18 , Issue.5 , pp. 410-422
    • Schneidewind, N.F.1
  • 2
    • 0017291489 scopus 로고
    • A complexity measure
    • T. McCabe, "A complexity measure," IEEE Trans. Softw. Eng., vol. 2(4), 1976, pp. 308-320.
    • (1976) IEEE Trans. Softw. Eng. , vol.2 , Issue.4 , pp. 308-320
    • McCabe, T.1
  • 3
    • 33845782503 scopus 로고    scopus 로고
    • Data mining static code attributes to learn defect predictors
    • T. Menzies, J. Greenwald, and A. Frank, "Data mining static code attributes to learn defect predictors," IEEE Trans. Softw. Eng., vol. 33(1), 2007, pp. 2-13.
    • (2007) IEEE Trans. Softw. Eng. , vol.33 , Issue.1 , pp. 2-13
    • Menzies, T.1    Greenwald, J.2    Frank, A.3
  • 4
    • 49349089233 scopus 로고    scopus 로고
    • Benchmarking classification models for software defect prediction: A proposed framework and novel findings
    • S. Lessmann, B. Baesens, C. Mues, and S. Pietsch, "Benchmarking classification models for software defect prediction: a proposed framework and novel findings," IEEE Trans. Softw. Eng., vol. 34(4), 2008, pp. 485-496.
    • (2008) IEEE Trans. Softw. Eng. , vol.34 , Issue.4 , pp. 485-496
    • Lessmann, S.1    Baesens, B.2    Mues, C.3    Pietsch, S.4
  • 5
    • 57349095431 scopus 로고    scopus 로고
    • Predicting defect using network analysis on dependency graphs
    • T. Zimmermann and N. Nagappan, "Predicting defect using network analysis on dependency graphs," In ICSE'08, 2008, pp. 531-540.
    • (2008) ICSE'08 , pp. 531-540
    • Zimmermann, T.1    Nagappan, N.2
  • 6
    • 33751027156 scopus 로고    scopus 로고
    • Pixy: A static analysis tool for detecting web application vulnerabilities
    • N. Jovanovic, C. Kruegel, and E. Kirda, "Pixy: a static analysis tool for detecting web application vulnerabilities," In S&P'06, 2006, pp. 258-263.
    • (2006) S&P'06 , pp. 258-263
    • Jovanovic, N.1    Kruegel, C.2    Kirda, E.3
  • 7
    • 84910681237 scopus 로고    scopus 로고
    • Static detection of security vulnerabilities in scripting languages
    • Y. Xie and A. Aiken, "Static detection of security vulnerabilities in scripting languages," In USENIX Security'06, 2006, pp. 179-192.
    • (2006) USENIX Security'06 , pp. 179-192
    • Xie, Y.1    Aiken, A.2
  • 8
    • 57349153984 scopus 로고    scopus 로고
    • Static detection of cross-site scripting vulnerabilities
    • G. Wassermann and Z. Su, "Static detection of cross-site scripting vulnerabilities," In ICSE'08, 2008, pp. 171-180.
    • (2008) ICSE'08 , pp. 171-180
    • Wassermann, G.1    Su, Z.2
  • 9
    • 77949879017 scopus 로고    scopus 로고
    • Automatic creation of SQL injection and cross-site scripting attacks
    • A. Kieżun, P. J. Guo, K. Jayaraman, and M. D. Ernst, "Automatic creation of SQL injection and cross-site scripting attacks," In ICSE'09, 2009, pp. 199-209.
    • (2009) ICSE'09 , pp. 199-209
    • Kiezun, A.1    Guo, P.J.2    Jayaraman, K.3    Ernst, M.D.4
  • 10
    • 85084163766 scopus 로고    scopus 로고
    • Automatic generation of XSS and SQL injection attacks with goal-directed model checking
    • M. Martin and M. S. Lam, "Automatic generation of XSS and SQL injection attacks with goal-directed model checking," In USENIX Security'08, 2008, pp. 31-43.
    • (2008) USENIX Security'08 , pp. 31-43
    • Martin, M.1    Lam, M.S.2
  • 11
    • 79952032085 scopus 로고    scopus 로고
    • OWASP Top 10, 2010, http://www.owasp.org/
    • (2010) OWASP Top 10
  • 12
    • 0004204162 scopus 로고    scopus 로고
    • 2nd ed., Morgan Kaufmann, Los Altos, CA
    • I. H. Witten and E. Frank, Data Mining, 2nd ed., Morgan Kaufmann, Los Altos, CA, 2005.
    • (2005) Data Mining
    • Witten, I.H.1    Frank, E.2
  • 13
    • 79955126989 scopus 로고    scopus 로고
    • Replication of defect prediction studies: Problems, pitfalls and recommendations
    • T. Mende, "Replication of defect prediction studies: problems, pitfalls and recommendations," In PROMISE'10, 2010.
    • (2010) PROMISE'10
    • Mende, T.1
  • 14
    • 77956972220 scopus 로고    scopus 로고
    • Defect prediction from static code features: Current results, limitations, new approaches
    • T. Menzies, Z. Milton, B. Turhan, B. Cukic, Y. Jiang, and A. Bener, "Defect prediction from static code features: current results, limitations, new approaches," Autom. Softw. Eng., vol. 17(4), 2010, pp. 375-407.
    • (2010) Autom. Softw. Eng. , vol.17 , Issue.4 , pp. 375-407
    • Menzies, T.1    Milton, Z.2    Turhan, B.3    Cukic, B.4    Jiang, Y.5    Bener, A.6

* 이 정보는 Elsevier사의 SCOPUS DB에서 KISTI가 분석하여 추출한 것입니다.