Idea: Using System Level Testing for Revealing SQL Injection-Related Error Message Information Leaks: Difference between revisions
Programsam (talk | contribs) Created page with "B. Smith, L. Williams, A. Austin, "Idea: Using System Level Testing for Revealing SQL Injection-Related Error Message Information Leaks", Lecture Notes in Computer Science, vo..." |
Programsam (talk | contribs) |
||
| Line 8: | Line 8: | ||
== 12. References == | == 12. References == | ||
: <sup>[1]</sup> Halfond, W.G.J., Orso, A.: AMNESIA: analysis and monitoring for neutralizing SQL-injection attacks. 20th IEEE/ACM International Conference on Automated Software Engineering, Long Beach, CA, USA (2005) 174-183 | |||
: <sup>[2]</sup> Kosuga, Y., Kono, K., Hanaoka, M., Hishiyama, M., Takahama, Y.: Sania: syntactic and semantic analysis for automated testing against SQL injection. 23rd Annual Computer Security Applications Conference, Miami Beach, FL (2007) 107-117 | |||
: <sup>[3]</sup> Pietraszek, T., Berghe, C.V.: Defending against injection attacks through context-sensitive string evaluation. Recent Advances in Intrusion Detection (RAID), Vol. 3858 / 2006. Springer, Berlin, Germany (2006) 124-145 | |||
: <sup>[4]</sup> Aslam, T., Krsul, I., Spafford, E.: Use of a taxonomy of security faults. 19th National Information Systems Security Conference, Baltimore, MD (1996) 551-560 | |||
: <sup>[5]</sup> Tsipenyuk, K., Chess, B., McGraw, G.: Seven pernicious kingdoms: a taxonomy of software security errors. IEEE Security & Privacy 3 (2005) 81-84 | |||
: <sup>[6]</sup> IEEE: IEEE Standard 610.12-1990, IEEE Standard Glossary of Software Engineering Terminology. (1990) | |||
: <sup>[7]</sup> Beck, K.: Test-driven development: By example. Addison-Wesley, Boston, MA, USA (2003) | |||
: <sup>[8]</sup> McGraw, G.: Software security: Building security in. Addison-Wesley, Upper Saddle River, NJ (2006) | |||
: <sup>[9]</sup> Smith, B., Shin, Y., Williams, L.: Proposing SQL statement coverage metrics. The 4th International Workshop on Software Engineering for Secure Systems at the 30th International Conference on Software Engineering, Leipzig, Germany (2008) 49-56 | |||
: <sup>[10]</sup> Jiang, Y., Cukic, B., Menzies, T.: Fault Prediction using Early Lifecycle Data. Software Reliability, 2007. ISSRE '07. The 18th IEEE International Symposium on (2007) 237-246 | |||
: <sup>[11]</sup> Livshits, V.B., Lam, M.S.: Finding security vulnerabilities in Java applications with static analysis. USENIX Security Symposium, Baltimore, MD (2005) 18-18 | |||
: <sup>[12]</sup> Bauer, C., King, G.: Hibernate in Action. Manning Publications (2004) | |||
: <sup>[13]</sup> Brown, M., Tapolcsanyi, E.: Mock object patterns. The 10th Conference on Pattern Languages of Programs, Monticello, USA (2003) | |||
: <sup>[14]</sup> Thomas, S., Williams, L.: Using automated fix generation to secure SQL statements. Proceedings of the Third International Workshop on Software Engineering for Secure Systems, Minneapolis, MN (2007) | |||
== 13. End Notes == | == 13. End Notes == | ||
[[Category:Conference Papers]] | [[Category:Conference Papers]] | ||