{"id":"https://openalex.org/W2125321366","doi":"https://doi.org/10.1145/1082983.1083250","title":"Combining static analysis and runtime monitoring to counter SQL-injection attacks","display_name":"Combining static analysis and runtime monitoring to counter SQL-injection attacks","publication_year":2005,"publication_date":"2005-05-17","ids":{"openalex":"https://openalex.org/W2125321366","doi":"https://doi.org/10.1145/1082983.1083250","mag":"2125321366"},"language":"en","primary_location":{"id":"doi:10.1145/1082983.1083250","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1082983.1083250","pdf_url":null,"source":{"id":"https://openalex.org/S186921487","display_name":"ACM SIGSOFT Software Engineering Notes","issn_l":"0163-5948","issn":["0163-5948","1943-5843"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM SIGSOFT Software Engineering Notes","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5036531724","display_name":"William G. J. Halfond","orcid":"https://orcid.org/0000-0003-4951-9367"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"William G. J. Halfond","raw_affiliation_strings":["","[Georgia Institute of Technology.]"],"affiliations":[{"raw_affiliation_string":"","institution_ids":[]},{"raw_affiliation_string":"[Georgia Institute of Technology.]","institution_ids":["https://openalex.org/I130701444"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5030961858","display_name":"Alessandro Orso","orcid":"https://orcid.org/0000-0003-4516-9320"},"institutions":[{"id":"https://openalex.org/I130701444","display_name":"Georgia Institute of Technology","ror":"https://ror.org/01zkghx44","country_code":"US","type":"education","lineage":["https://openalex.org/I130701444"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Alessandro Orso","raw_affiliation_strings":["Georgia Institute of Technology","[Georgia Institute of Technology.]"],"affiliations":[{"raw_affiliation_string":"Georgia Institute of Technology","institution_ids":["https://openalex.org/I130701444"]},{"raw_affiliation_string":"[Georgia Institute of Technology.]","institution_ids":["https://openalex.org/I130701444"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5036531724"],"corresponding_institution_ids":["https://openalex.org/I130701444"],"apc_list":null,"apc_paid":null,"fwci":17.7156,"has_fulltext":false,"cited_by_count":107,"citation_normalized_percentile":{"value":0.98890549,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":"30","issue":"4","first_page":"1","last_page":"7"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10478","display_name":"Diamond and Carbon-based Materials Research","score":0.9830999970436096,"subfield":{"id":"https://openalex.org/subfields/2505","display_name":"Materials Chemistry"},"field":{"id":"https://openalex.org/fields/25","display_name":"Materials Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/sql-injection","display_name":"SQL injection","score":0.9430172443389893},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8623690009117126},{"id":"https://openalex.org/keywords/sql","display_name":"SQL","score":0.673412561416626},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.5802229046821594},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.5657961964607239},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.439861536026001},{"id":"https://openalex.org/keywords/taint-checking","display_name":"Taint checking","score":0.4222724437713623},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3903292417526245},{"id":"https://openalex.org/keywords/query-by-example","display_name":"Query by Example","score":0.29498928785324097},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.28023362159729004},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.2340604066848755},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.17443883419036865},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.11954385042190552},{"id":"https://openalex.org/keywords/web-search-query","display_name":"Web search query","score":0.0913475751876831},{"id":"https://openalex.org/keywords/search-engine","display_name":"Search engine","score":0.08258923888206482}],"concepts":[{"id":"https://openalex.org/C150451098","wikidata":"https://www.wikidata.org/wiki/Q506059","display_name":"SQL injection","level":5,"score":0.9430172443389893},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8623690009117126},{"id":"https://openalex.org/C510870499","wikidata":"https://www.wikidata.org/wiki/Q47607","display_name":"SQL","level":2,"score":0.673412561416626},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.5802229046821594},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.5657961964607239},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.439861536026001},{"id":"https://openalex.org/C63116202","wikidata":"https://www.wikidata.org/wiki/Q7676227","display_name":"Taint checking","level":3,"score":0.4222724437713623},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3903292417526245},{"id":"https://openalex.org/C194222762","wikidata":"https://www.wikidata.org/wiki/Q114486","display_name":"Query by Example","level":4,"score":0.29498928785324097},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.28023362159729004},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.2340604066848755},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.17443883419036865},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.11954385042190552},{"id":"https://openalex.org/C164120249","wikidata":"https://www.wikidata.org/wiki/Q995982","display_name":"Web search query","level":3,"score":0.0913475751876831},{"id":"https://openalex.org/C97854310","wikidata":"https://www.wikidata.org/wiki/Q19541","display_name":"Search engine","level":2,"score":0.08258923888206482}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/1082983.1083250","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1082983.1083250","pdf_url":null,"source":{"id":"https://openalex.org/S186921487","display_name":"ACM SIGSOFT Software Engineering Notes","issn_l":"0163-5948","issn":["0163-5948","1943-5843"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM SIGSOFT Software Engineering Notes","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.7400000095367432,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":18,"referenced_works":["https://openalex.org/W1480385994","https://openalex.org/W1565952674","https://openalex.org/W1600965014","https://openalex.org/W1648477960","https://openalex.org/W1809751277","https://openalex.org/W1983142587","https://openalex.org/W1984590780","https://openalex.org/W1994212840","https://openalex.org/W2003115932","https://openalex.org/W2006591097","https://openalex.org/W2015478874","https://openalex.org/W2101699859","https://openalex.org/W2123886726","https://openalex.org/W2128217000","https://openalex.org/W2140506847","https://openalex.org/W2170830071","https://openalex.org/W2914982603","https://openalex.org/W3028818932"],"related_works":["https://openalex.org/W2766465278","https://openalex.org/W3107810407","https://openalex.org/W4298018373","https://openalex.org/W2571113418","https://openalex.org/W4206678297","https://openalex.org/W2359391484","https://openalex.org/W3196457791","https://openalex.org/W2133089983","https://openalex.org/W3202423697","https://openalex.org/W189846524"],"abstract_inverted_index":{"Our":[0],"dependence":[1],"on":[2,161,212,236],"web":[3,32,73,123,215],"applications":[4,33,74],"has":[5,46,49],"steadily":[6],"increased,":[7,47],"and":[8,26,37,57,126,148,153],"we":[9,20,29,134,234],"continue":[10],"to":[11,34,139,151,227],"integrate":[12],"them":[13],"into":[14],"our":[15],"everyday":[16],"routine":[17],"activities.":[18],"When":[19],"are":[21,159,222],"making":[22],"reservations,":[23],"paying":[24],"bills,":[25],"shopping":[27],"on-line,":[28],"expect":[30],"these":[31,44],"be":[35,180],"secure":[36],"reliable.":[38],"However,":[39],"as":[40,107,118],"the":[41,55,66,103,129,162,168,175,183,189,192,199,209,220,231,237],"availability":[42],"of":[43,59,65,70,83,102,174,208,219,230],"services":[45],"there":[48],"been":[50],"a":[51,81,93,98,136,171,205],"corresponding":[52],"increase":[53],"in":[54,86,92,96],"number":[56],"sophistication":[58],"attacks":[60,85,232],"that":[61,100,178,233],"target":[62],"them.":[63],"One":[64],"most":[67],"serious":[68],"types":[69],"attack":[71],"against":[72],"is":[75,80,90,105],"SQL":[76,78,94,110],"injection.":[77,111],"injection":[79],"class":[82],"code-injection":[84],"which":[87],"user":[88],"input":[89,104],"included":[91],"query":[95],"such":[97,117],"way":[99],"part":[101],"treated":[106],"code.":[108],"Using":[109],"attackers":[112],"can":[113],"leak":[114],"confidential":[115],"information,":[116],"credit":[119],"card":[120],"numbers,":[121],"from":[122],"applications'":[124],"databases":[125],"even":[127],"corrupt":[128],"database.":[130,163],"In":[131,164,185],"this":[132],"paper,":[133],"propose":[135],"novel":[137],"technique":[138,143,169,190,210,224],"counter":[140],"SQL-injection.":[141],"The":[142,217],"combines":[144],"conservative":[145,172],"static":[146,166],"analysis":[147],"runtime":[149],"monitoring":[150],"detect":[152],"stop":[154],"illegal":[155],"queries":[156,177,195],"before":[157],"they":[158],"executed":[160],"its":[165,186],"part,":[167,188],"builds":[170],"model":[173],"legitimate":[176],"could":[179],"generated":[181,194],"by":[182],"application.":[184],"dynamic":[187],"inspects":[191],"dynamically":[193],"for":[196],"compliance":[197],"with":[198],"statically-built":[200],"model.":[201],"We":[202],"also":[203],"present":[204],"preliminary":[206],"evaluation":[207,221],"performed":[211,235],"two":[213,238],"small":[214],"applications.":[216,239],"results":[218],"promising---our":[223],"was":[225],"able":[226],"prevent":[228],"all":[229]},"counts_by_year":[{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":3},{"year":2020,"cited_by_count":4},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":4},{"year":2017,"cited_by_count":7},{"year":2016,"cited_by_count":7},{"year":2015,"cited_by_count":5},{"year":2014,"cited_by_count":5},{"year":2013,"cited_by_count":12},{"year":2012,"cited_by_count":9}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}