Defining and Preventing Code-injection Attacks
作者: Donald Ray
DOI:
关键词:
摘要:
参考文章(28)
William G.J. Halfond, Alessandro Orso, Jeremy Viegas, A Classification of SQL-Injection Attacks and Countermeasures Proceedings of the International Symposium on Secure Software Engineering. ,(2006)
Chris Anley, Advanced SQL Injection In SQL Server Applications ,(2002)
Anh Nguyen-Tuong, Salvatore Guarnieri, Doug Greene, Jeff Shirley, David Evans, Automatically Hardening Web Applications Using Precise Tainting information security conference. pp. 295- 307 ,(2004) , 10.1007/0-387-25660-1_20
Sandeep Bhatkar, R. Sekar, Wei Xu, Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks usenix security symposium. pp. 9- ,(2006)
Tadeusz Pietraszek, Chris Vanden Berghe, Defending Against Injection Attacks Through Context-Sensitive String Evaluation Lecture Notes in Computer Science. pp. 124- 145 ,(2006) , 10.1007/11663812_7
James Cheney, Michael W. Hicks, Yanling Wang, Dan Grossman, J. Greg Morrisett, Trevor Jim, Cyclone: A Safe Dialect of C usenix annual technical conference. pp. 275- 288 ,(2002)
Sruthi Bandhakavi, Prithvi Bisht, P. Madhusudan, V. N. Venkatakrishnan, CANDID: preventing sql injection attacks using dynamic candidate evaluations computer and communications security. pp. 12- 24 ,(2007) , 10.1145/1315245.1315249
Gary Wassermann, Zhendong Su, Sound and precise analysis of web applications for injection vulnerabilities Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation - PLDI '07. ,vol. 42, pp. 32- 41 ,(2007) , 10.1145/1250734.1250739
Gregory T. Buehrer, Bruce W. Weide, Paolo A. G. Sivilotti, Using parse tree validation to prevent SQL injection attacks Proceedings of the 5th international workshop on Software engineering and middleware - SEM '05. pp. 106- 113 ,(2005) , 10.1145/1108473.1108496
Prithvi Bisht, P. Madhusudan, V. N. Venkatakrishnan, CANDID: Dynamic candidate evaluations for automatic prevention of SQL injection attacks ACM Transactions on Information and System Security. ,vol. 13, pp. 14- ,(2010) , 10.1145/1698750.1698754