최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기情報保護學會論文誌 = Journal of the Korea Institute of Information Security and Cryptology, v.18 no.5, 2008년, pp.135 - 148
이인용 (고려대학교, 정보경영공학전문대학원) , 조재익 (고려대학교, 정보경영공학전문대학원) , 조규형 (고려대학교, 정보경영공학전문대학원) , 문종섭 (고려대학교, 정보경영공학전문대학원)
The expansion of the internet has made web applications become a part of everyday lift. As a result the number of incidents which exploit web application vulnerabilities are increasing. A large percentage of these incidents are SQL Injection attacks which are a serious security threat to databases w...
국가사이버안전센터, "2008 국가 정보보호 백서", 2008
The Open Web Application Security Project, "OWASP TOP 10 Project", http://www.owasp.org/
PHP, magic quotes, http://www.php.net/magic_quotes/
Apache Struts project, Struts. http://struts.apache.org/
C. Gould, Z. Su, P. Devanbu, "JDBC Checker :A Static Analysis Tool for SQL/JDBC Applications", In Proceedings of the 26th International Conference on Software Engineering (ICSE), pp. 697-698, 2004
G Wassermann, Z. Su, "An Analysis Framework for Security in Web Applications", In Proceedings of the FSE Workshop on Specification and Verification of Component-Based Systems(SAVCBS), pp. 70-78, 2004
Thomas. S, Williams. L, "Using Automated Fix Generation ot Secure SQL Statements", In Proceeding of the 29th international Conference on Software Engineering Workshops (ICSEW. IEEE Computer Society), pp. 54, 2007
Paros. Parosproxy.org, http://www.parosproxy.org/
Kosuga. Y, Kernel. K, Hanaoka. M, Hishiyama. M, Takahama. Yu, "Sania:Syntactic and Semantic Analysis for Automated Testing against SQL Injection", In Proceedings of the Computer Security Applications Conference 2007, pp. 107-117, 2007
Yonghee Shin, "Improving the Identification of Actual Input Manipulation Vulnerabilities", 14th ACM SIGSOFT Symposium on Foundations of Software Engineering ACM, 2006
Z. Su, G. Wassermann, "The Essence of Command Injection Attacks in Web Applications", In Conference Record of the 33rd ACM SIGPLANSIGACT Symposium on Principles of Programming Languages, pp. 372-382, 2006
Halfond W. G, Orso. A, "AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks", In Proceedings of the 20th IEEE/ACM international Conference on Automated Software Engineering, pp. 174- 183, 2005
Buehrer. G, Weide. B. W, Sivilotti. P A, "Using Parse Tree Validation to Prevent SQL Injection Attacks", In Proceedings of the 5th international Workshop on Software Engineering and Middleware, pp. 105-113, 2005
Wei. K, Muthuprasanna. M, Kothari. S, "Preventing SQL injection attacks in stored procedures", Software Engineering Conference 2006. Australian, pp. 18-21, 2006
S. Boyd, A. Keromytis, "SQLrand:Preventing SQL injection attacks", Applied Cryptography and Network Security LNCS, Volume 3089, pp. 292-302, 2004
Jae-Chul Park, Bong-Nam Noh, "SQL Injection Attack Detection:Profiling of Web Application Parameter Using the Sequence Pairwise Alignment", Information Security Applications LNCS, Volume 4298, pp. 74-82, 2007
F. Valeur, D. Mutz, G. Vigna, "A Learning- Based Approach to the Detection of SQL Attacks", In Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment, pp 123-140, 2005
Huang. Y, Huang. S, Lin. T, Tasi. C, "Web application security assessment by fault injection and behavior monitoring", In Proceedings of the 12th international Conference on World Wide Web, pp 148-159, 2003
GotoCode, http://www.gotocode.com/
W. G. Halfond, J. Viegas, A. Orso, "A Classification of SQL-Injection Attacks and Countermeasures", In proceeding on International Symposium on Secure Software Engineering Raleigh, NC, USA, pp. 65-81, 2006
*원문 PDF 파일 및 링크정보가 존재하지 않을 경우 KISTI DDS 시스템에서 제공하는 원문복사서비스를 사용할 수 있습니다.
Free Access. 출판사/학술단체 등이 허락한 무료 공개 사이트를 통해 자유로운 이용이 가능한 논문
※ AI-Helper는 부적절한 답변을 할 수 있습니다.