최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기KSII Transactions on internet and information systems : TIIS, v.14 no.6, 2020년, pp.2576 - 2590
He, Chengwan (School of Computer Science and Engineering, Wuhan Institute of Technology) , He, Yue (School of Information Engineering, Wuhan University of Technology)
The fundamental reason why most SQL injection detection methods are difficult to use in practice is the low reusability of the implementation code. This paper presents a reusable SQL injection detection method for Java Web applications based on AOP (Aspect-Oriented Programming) and dynamic taint ana...
* AI 자동 식별 결과로 적합하지 않은 문장이 있을 수 있으니, 이용에 유의하시기 바랍니다.
IBM Security. "Five Steps to Achieve Risk-Based Application Security Management," Thought Leadership White Paper, Jul. 2015.
L. K. Shar, H. B. K. Tan, "Defeating SQL injection," Computer, vol. 46, no. 3, pp. 69-77, 2013.
W. G. J. Halfond, J. Viegas, and A. Orso, "A classification of SQL injection attacks and countermeasures," in Proc. of the International Symposium on Secure Software Engineering, Washington, USA, pp. 13-15, 2006.
W. G. J. Halfond, A. Orso, P. Manolios, "WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation," IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, vol.34, no.1, PP. 65-81, 2008.
M. Sridharan, S. Artzi, M. Pistoia, S. Guarnieri, O. Tripp, and R. Berg, "F4F: Taint analysis of framework-based Web applications," ACM SIGPLAN Notices, vol. 46, no. 10, pp. 1053?1068, 2011.
I. Papagiannis, M. Migliavacca, and P. Pietzuch, "PHP ASPIS: Using partial taint tracking to protect against injection attacks," in Proc. of the Usenix Conf. on Web Application Development, pp. 1-8, Feb. 2011.
WANG Yi, LI Zhou-jun, and GUO Tao, "Literal tainting method for preventing code injection attack in web application," Journal of Computer Research and Development, vol. 49, no.11, pp. 2414-2423, 2012.
WANG Lei, LI Feng, LI Lian, et al, "Principle and practice of taint analysis," Journal of Software, vol. 28, no. 4, pp. 860-882, 2017.
G. Kiczales, J. Lamping, A. Mendhekar, et al, "Aspect-oriented programming," in Proc. of the European Conference on Object-Oriented Programming, Jyvaskyla, Finland, pp. 220-242, 1997.
HE Cheng-wan, YE Zhi-peng, "SQL Injection Behavior Detection Method Based on AOP and Dynamic Taint Analysis." Acta Electronica Sinica, vol.47, no.11, pp.2413-2419, 2019.
Y. Shin, L. Williams, T. Xie, "SQLUnitGen: Test Case Generation for SQL Injection Detection," North Carolina State University, 2006.
M. S. Lam, M. Martin, J. Whaley, et al, "Securing web applications with static and dynamic information flow tracking," in Proc. of ACM Sigplan Symposium on Partial Evaluation and Semantics-Based Program Manipulation, San Francisco, CA, USA, pp.3-12, 2008.
V. B. Livshits, and M. S. Lam, "Finding security vulnerabilities in java applications with static analysis," in Proc. of the 14th Conference on USENIX Security Symposium, California, USA, pp. 18-18, 2005.
N. Jovanovic, C. Kruegel, and E. Kirda E, "Pixy: a static analysis tool for detecting web application vulnerabilities," in Proc. of IEEE Symposium on Security and Privacy, pp. 258-263, Berkeley, USA, 2006.
Y. Minamide, "Static approximation of dynamically generated Web pages," in Proc. of the International Conference on the World Wide Web, pp. 432-441, 2005.
G. Wassermann, and Zhendong Su, "Sound and precise analysis of web applications for injection vulnerabilities," in Proc. of PLDI '07: Proceedings of the 28th ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 32-41, 2007.
G.Wassermann, Zhendong Su, "Static detection of cross-site scripting vulnerabilities," in Proc. of ACM/IEEE International Conference on Software Engineering, pp. 171-180, 2008.
A. Naderi-Afooshteh, A. Nguyen-Tuong, M. Bagheri-Marzijarani, et al, "Joza: Hybrid taint inference for defeating web application SQL injection attacks," in Proc. of IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 172-183, Rio de Janeiro, Brazil.
E. J. Schwartz, T. Avgerinos, and D. Brumley, "All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask)," in Proc. of IEEE international Conference on Security and Privacy, pp. 317-331, 2010.
ZHOU Ying, FANG Yong, HUANG Cheng, et al, "Detection of SQL injection behaviors for PHP applications," Journal of Computer Applications, vol. 38, no. 1, pp. 201-206, 2018.
P. Vogt, F. Nentwich, N. Jovanovic, E. Kirda, C. Kruegel, G. Vigna, "Cross site scripting prevention with dynamic data tainting and static analysis," in Proc. of the Network and Distributed System Security Symposium, San Diego, California, USA, Feb. 2007.
MA Jin-xin, LI Zhou-jun, ZHANG Tao, et al, "Taint analysis method based on offline indices of instruction trace," Journal of Software, vol. 28, no. 9, pp. 2388-2401, 2017.
A. guyen-Tuong, S. Guarnieri, D. Greene, et al, "Automatically hardening web applications using precise tainting," in Proc. of IFIP 20th International Information Security Conference, Chiba, Japan, pp. 295-307, 2005.
M. Martin, M. S. Lam, "Automatic Generation of XSS and SQL Injection Attacks with Goal-directed Model Checking," in Proc. of USENIX Security Symposium, pp. 31-44, 2008.
T. Pietraszek, C. V. Berghe, "Defending against injection attacks through context-sensitive string evaluation," in Proc. of International Conference on Recent Advances in Intrusion Detection, Seattle, WA, USA, pp. 124-145, 2005.
A. Kieyzun, P. J. Guo, K. Jayaraman, et al, "Automatic creation of SQL Injection and cross-site scripting attacks," in Proc. of IEEE International Conference on Software Engineering, Vancouver, BC, Canada , pp. 199-209, 2009.
S. W. Boyd, and A. D. Keromytis, "SQLrand: Preventing SQL Injection Attacks," in Proc. of 2ndInternational Conference on Applied Cryptography and Network Security, Yellow Mountain, China, pp. 292-302, 2004.
ZHANG Hui-lin, DING Yu, ZHANG Li-hua, et al, "SQL injection prevention based on sensitive characters," Journal of Computer Research and Development, vol. 53, no. 10, pp. 2262-2276, 2016.
ZHAO Yu-fei, XIONG Gang, HE Long-tao, et al, "Approach to detecting SQL injection behaviors in network environment," Journal on Communications, vol. 37, no. 2, pp. 89-98, 2016.
ShayChen, "TheWebApplicationVulnerability Scanner Evaluation Project," 2019.
OWASP, "WebGoat," 2019. [Online]. Available: https://github.com/WebGoat/WebGoat,
*원문 PDF 파일 및 링크정보가 존재하지 않을 경우 KISTI DDS 시스템에서 제공하는 원문복사서비스를 사용할 수 있습니다.
오픈액세스 학술지에 출판된 논문
※ AI-Helper는 부적절한 답변을 할 수 있습니다.