{"id":"https://openalex.org/W2047314534","doi":"https://doi.org/10.1145/1370905.1370912","title":"Proposing SQL statement coverage metrics","display_name":"Proposing SQL statement coverage metrics","publication_year":2008,"publication_date":"2008-05-15","ids":{"openalex":"https://openalex.org/W2047314534","doi":"https://doi.org/10.1145/1370905.1370912","mag":"2047314534"},"language":"en","primary_location":{"id":"doi:10.1145/1370905.1370912","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1370905.1370912","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the fourth international workshop on Software engineering for secure systems","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102452504","display_name":"Ben Smith","orcid":"https://orcid.org/0000-0002-9233-1389"},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ben Smith","raw_affiliation_strings":["North Carolina State University, Raleigh, NC, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"North Carolina State University, Raleigh, NC, USA","institution_ids":["https://openalex.org/I137902535"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5020844039","display_name":"Yonghee Shin","orcid":null},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yonghee Shin","raw_affiliation_strings":["North Carolina State University, Raleigh, NC, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"North Carolina State University, Raleigh, NC, USA","institution_ids":["https://openalex.org/I137902535"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5028171895","display_name":"Laurie Williams","orcid":"https://orcid.org/0000-0003-3300-6540"},"institutions":[{"id":"https://openalex.org/I137902535","display_name":"North Carolina State University","ror":"https://ror.org/04tj63d06","country_code":"US","type":"education","lineage":["https://openalex.org/I137902535"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Laurie Williams","raw_affiliation_strings":["North Carolina State University, Raleigh, NC, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"North Carolina State University, Raleigh, NC, USA","institution_ids":["https://openalex.org/I137902535"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":7.0056,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.96559374,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"49","last_page":"56"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9896000027656555,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9873999953269958,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.815066933631897},{"id":"https://openalex.org/keywords/sql-injection","display_name":"SQL injection","score":0.729333221912384},{"id":"https://openalex.org/keywords/statement","display_name":"Statement (logic)","score":0.6017706990242004},{"id":"https://openalex.org/keywords/sql","display_name":"SQL","score":0.574552595615387},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.5605359673500061},{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.5533813238143921},{"id":"https://openalex.org/keywords/suite","display_name":"Suite","score":0.5196786522865295},{"id":"https://openalex.org/keywords/data-validation","display_name":"Data validation","score":0.49091798067092896},{"id":"https://openalex.org/keywords/blacklist","display_name":"Blacklist","score":0.4666236639022827},{"id":"https://openalex.org/keywords/test-suite","display_name":"Test suite","score":0.45744866132736206},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4482451379299164},{"id":"https://openalex.org/keywords/variable","display_name":"Variable (mathematics)","score":0.43587642908096313},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.35364049673080444},{"id":"https://openalex.org/keywords/test-case","display_name":"Test case","score":0.331085741519928},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.31721803545951843},{"id":"https://openalex.org/keywords/information-retrieval","display_name":"Information retrieval","score":0.17496201395988464},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.1342436671257019},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.13376015424728394},{"id":"https://openalex.org/keywords/query-by-example","display_name":"Query by Example","score":0.13173556327819824},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.09786820411682129}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.815066933631897},{"id":"https://openalex.org/C150451098","wikidata":"https://www.wikidata.org/wiki/Q506059","display_name":"SQL injection","level":5,"score":0.729333221912384},{"id":"https://openalex.org/C2777026412","wikidata":"https://www.wikidata.org/wiki/Q2684591","display_name":"Statement (logic)","level":2,"score":0.6017706990242004},{"id":"https://openalex.org/C510870499","wikidata":"https://www.wikidata.org/wiki/Q47607","display_name":"SQL","level":2,"score":0.574552595615387},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.5605359673500061},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.5533813238143921},{"id":"https://openalex.org/C79581498","wikidata":"https://www.wikidata.org/wiki/Q1367530","display_name":"Suite","level":2,"score":0.5196786522865295},{"id":"https://openalex.org/C92446256","wikidata":"https://www.wikidata.org/wiki/Q3306762","display_name":"Data validation","level":2,"score":0.49091798067092896},{"id":"https://openalex.org/C2781345505","wikidata":"https://www.wikidata.org/wiki/Q2535979","display_name":"Blacklist","level":2,"score":0.4666236639022827},{"id":"https://openalex.org/C151552104","wikidata":"https://www.wikidata.org/wiki/Q7705809","display_name":"Test suite","level":4,"score":0.45744866132736206},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4482451379299164},{"id":"https://openalex.org/C182365436","wikidata":"https://www.wikidata.org/wiki/Q50701","display_name":"Variable (mathematics)","level":2,"score":0.43587642908096313},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.35364049673080444},{"id":"https://openalex.org/C128942645","wikidata":"https://www.wikidata.org/wiki/Q1568346","display_name":"Test case","level":3,"score":0.331085741519928},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.31721803545951843},{"id":"https://openalex.org/C23123220","wikidata":"https://www.wikidata.org/wiki/Q816826","display_name":"Information retrieval","level":1,"score":0.17496201395988464},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.1342436671257019},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.13376015424728394},{"id":"https://openalex.org/C194222762","wikidata":"https://www.wikidata.org/wiki/Q114486","display_name":"Query by Example","level":4,"score":0.13173556327819824},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.09786820411682129},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C97854310","wikidata":"https://www.wikidata.org/wiki/Q19541","display_name":"Search engine","level":2,"score":0.0},{"id":"https://openalex.org/C95457728","wikidata":"https://www.wikidata.org/wiki/Q309","display_name":"History","level":0,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C152877465","wikidata":"https://www.wikidata.org/wiki/Q208042","display_name":"Regression analysis","level":2,"score":0.0},{"id":"https://openalex.org/C164120249","wikidata":"https://www.wikidata.org/wiki/Q995982","display_name":"Web search query","level":3,"score":0.0},{"id":"https://openalex.org/C166957645","wikidata":"https://www.wikidata.org/wiki/Q23498","display_name":"Archaeology","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/1370905.1370912","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1370905.1370912","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the fourth international workshop on Software engineering for secure systems","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.472.9113","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.472.9113","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://collaboration.csc.ncsu.edu/laurie/Papers/p49-smith.pdf","raw_type":"text"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.568.7918","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.568.7918","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www4.ncsu.edu/~yshin2/papers/sess2008_smith.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.7599999904632568,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":17,"referenced_works":["https://openalex.org/W23242426","https://openalex.org/W1598083179","https://openalex.org/W1648477960","https://openalex.org/W2001693166","https://openalex.org/W2003115932","https://openalex.org/W2015004885","https://openalex.org/W2023730632","https://openalex.org/W2075884868","https://openalex.org/W2102632372","https://openalex.org/W2107531799","https://openalex.org/W2132791332","https://openalex.org/W2137296056","https://openalex.org/W2144696387","https://openalex.org/W2154897437","https://openalex.org/W4285719527","https://openalex.org/W6600277068","https://openalex.org/W6636851664"],"related_works":["https://openalex.org/W2038167710","https://openalex.org/W1598160211","https://openalex.org/W2179621094","https://openalex.org/W2067499928","https://openalex.org/W1524028411","https://openalex.org/W2138059712","https://openalex.org/W2018145554","https://openalex.org/W2127248783","https://openalex.org/W1793348505","https://openalex.org/W4256285596"],"abstract_inverted_index":{"An":[0],"increasing":[1],"number":[2],"of":[3,51],"cyber":[4],"attacks":[5],"are":[6],"occurring":[7],"at":[8],"the":[9,49,72,155],"application":[10,142,158],"layer":[11],"when":[12],"attackers":[13],"use":[14],"malicious":[15],"input.":[16],"These":[17],"input":[18,86,95,114,166],"validation":[19,87,115],"vulnerabilities":[20],"can":[21,106],"be":[22,107],"exploited":[23],"by":[24],"(among":[25],"others)":[26],"SQL":[27,84],"injection,":[28],"cross":[29],"site":[30],"scripting,":[31],"and":[32,38,53,94,143,164],"buffer":[33],"overflow":[34],"attacks.":[35],"Statement":[36],"coverage":[37,93,163],"similar":[39],"test":[40,99],"adequacy":[41,89,104],"metrics":[42,66],"have":[43,150],"historically":[44],"been":[45,58],"used":[46],"to":[47,126],"assess":[48],"level":[50],"functional":[52],"unit":[54],"testing":[55,88],"which":[56,101],"has":[57],"performed":[59],"on":[60,138],"an":[61],"application.":[62],"However,":[63],"these":[64],"currently-available":[65],"do":[67],"not":[68],"highlight":[69],"how":[70],"well":[71],"system":[73],"protects":[74],"itself":[75],"through":[76],"validation.":[77],"In":[78],"this":[79],"paper,":[80],"we":[81,133,149],"propose":[82],"two":[83,131],"injection":[85],"metrics:":[90],"target":[91,161],"statement":[92,162],"variable":[96,167],"coverage.":[97,168],"A":[98],"suite":[100],"satisfies":[102],"both":[103],"criteria":[105],"leveraged":[108],"as":[109],"a":[110,118,135,139],"solid":[111],"foundation":[112],"for":[113,129],"scanning":[116],"with":[117],"blacklist.":[119],"To":[120],"determine":[121],"whether":[122],"it":[123],"is":[124],"feasible":[125],"calculate":[127],"values":[128],"our":[130],"metrics,":[132],"perform":[134],"case":[136],"study":[137],"web":[140,156],"healthcare":[141,157],"discuss":[144],"some":[145],"issues":[146],"in":[147],"implementation":[148],"encountered.":[151],"We":[152],"find":[153],"that":[154],"scored":[159],"96.7%":[160],"98.5%":[165]},"counts_by_year":[{"year":2016,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}