Sciweavers

PAAMS
2010
Springer
13 years 10 months ago
Unsupervised Visualization of SQL Attacks by Means of the SCMAS Architecture
This paper presents an improvement of the SCMAS architecture aimed at securing SQL-run databases. The main goal of such architecture is the detection and prevention of SQL injectio...
Álvaro Herrero, Cristian Pinzón, Emi...
ISSRE
2010
IEEE
13 years 11 months ago
Security Trend Analysis with CVE Topic Models
—We study the vulnerability reports in the Common Vulnerability and Exposures (CVE) database by using topic models on their description texts to find prevalent vulnerability typ...
Stephan Neuhaus, Thomas Zimmermann
CCS
2010
ACM
13 years 11 months ago
TAPS: automatically preparing safe SQL queries
We present the first sound program transformation approach for automatically transforming the code of a legacy web application to employ PREPARE statements in place of unsafe SQL...
Prithvi Bisht, A. Prasad Sistla, V. N. Venkatakris...
TSE
2008
89views more  TSE 2008»
14 years 13 days ago
WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation
Many software systems have evolved to include a Web-based component that makes them available to the public via the Internet and can expose them to a variety of Web-based attacks. ...
William G. J. Halfond, Alessandro Orso, Pete Manol...
HAIS
2008
Springer
14 years 1 months ago
Classification Agent-Based Techniques for Detecting Intrusions in Databases
This paper presents an agent specially designed for the prevention and detection of SQL injection at the database layer of an application. The agent incorporates a Case-based reaso...
Cristian Pinzón, Yanira de Paz, Rosa Cano
FC
2010
Springer
183views Cryptology» more  FC 2010»
14 years 4 months ago
Automatically Preparing Safe SQL Queries
We present the first sound program source transformation approach for automatically transforming the code of a legacy web application to employ PREPARE statements in place of unsa...
Prithvi Bisht, A. Prasad Sistla, V. N. Venkatakris...
EDO
2005
Springer
14 years 6 months ago
Using parse tree validation to prevent SQL injection attacks
An SQL injection attack targets interactive web applications that employ database services. Such applications accept user input, such as form fields, and then include this input ...
Gregory Buehrer, Bruce W. Weide, Paolo A. G. Sivil...
KBSE
2005
IEEE
14 years 6 months ago
AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks
The use of web applications has become increasingly popular in our routine activities, such as reading the news, paying bills, and shopping on-line. As the availability of these s...
William G. J. Halfond, Alessandro Orso
ACMSE
2006
ACM
14 years 6 months ago
Application layer intrusion detection for SQL injection
SQL injection attacks potentially affect all applications, especially web applications, that utilize a database backend. While these attacks are generally against the application...
Frank S. Rietta
ACSAC
2007
IEEE
14 years 7 months ago
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Injection
With the recent rapid increase in interactive web applications that employ back-end database services, an SQL injection attack has become one of the most serious security threats....
Yuji Kosuga, Kenji Kono, Miyuki Hanaoka, Miho Hish...