Proposing SQL Statement Coverage Metrics: Difference between revisions
Programsam (talk | contribs) |
Programsam (talk | contribs) |
||
| Line 36: | Line 36: | ||
<span id="footnote"><sup>[1]</sup> We counted the reported instances of vulnerabilities by using the keywords “SQL injection”, “cross-site scripting”, “XSS”, and “buffer overflow” within the input validation error category from NVD.</span> | <span id="footnote"><sup>[1]</sup> We counted the reported instances of vulnerabilities by using the keywords “SQL injection”, “cross-site scripting”, “XSS”, and “buffer overflow” within the input validation error category from NVD.</span> | ||
<span id=" | <span id="zhuHallMay"><sup>[2]</sup> H. Zhu, P. A. V. Hall, and J. H. R. May, "Software Unit Test Coverage and Adequacy," ACM Computing Surveys, vol. 29, no. 4, 1997.</span> | ||
<span id="beizer"><sup>[3]</sup> B. Beizer, Software testing techniques: Van Nostrand Reinhold Co. New York, NY, USA, 1990.</span> | |||
<span id="scottSharp"><sup>[4]</sup> Scott and R. Sharp, "Developing secure Web applications," Internet Computing, IEEE, vol. 6, no. 6, pp. 38-45, 2002.</span> | |||
<span id="ogren"><sup>[5]</sup> E. Ogren, "App Security's Evolution," in DarkReading.com, 2007.</span> | |||
<span id="mcgraw"><sup>[6]</sup> McGraw, Software Security: Building Security in. Upper Saddle River, NJ: Addison-Wesley Professional, 2006.</span> | |||
<span id="offutt"><sup>[7]</sup> J. Offutt, "Quality attributes of Web software applications," IEEE Software, vol. 19, no. 2, pp. 25-32, 2002.</span> | |||
<span id="brenner"><sup>[8]</sup> B. Brenner, "CSI 2007: Developers need Web application security assistance," in SearchSecurity.com, 2007.</span> | |||
<span id="thompson"><sup>[9]</sup> H. H. Thompson and J. A. Whittaker, "Testing for software security," Dr. Dobb's Journal, vol. 27, no. 11, pp. 24-34, 2002.</span> | |||
<span id="cobb"><sup>[10]</sup> M. Cobb, "Making the case for Web application vulnerability scanners," in SearchSecurity.com, 2007.</span> | |||