Sciweavers

42 search results - page 1 / 9
» The essence of command injection attacks in web applications
Sort
View
POPL
2006
ACM
14 years 3 months ago
The essence of command injection attacks in web applications
Web applications typically interact with a back-end database to retrieve persistent data and then present the data to the user as dynamically generated output, such as HTML web pa...
Zhendong Su, Gary Wassermann
ACSAC
2007
IEEE
13 years 10 months ago
Sania: Syntactic and Semantic Analysis for Automated Testing against SQL Injection
With the recent rapid increase in interactive web applications that employ back-end database services, an SQL injection attack has become one of the most serious security threats....
Yuji Kosuga, Kenji Kono, Miyuki Hanaoka, Miho Hish...
IJSSE
2010
121views more  IJSSE 2010»
13 years 26 days ago
Retrofitting Existing Web Applications with Effective Dynamic Protection Against SQL Injection Attacks
This paper presents an approach for retrofitting existing web applications with runtime protection against known as well as unseen SQL injection attacks (SQLIAs) without the invol...
San-Tsai Sun, Konstantin Beznosov
WWW
2007
ACM
14 years 4 months ago
Defeating script injection attacks with browser-enforced embedded policies
Web sites that accept and display content such as wiki articles or comments typically filter the content to prevent injected script code from running in browsers that view the sit...
Trevor Jim, Nikhil Swamy, Michael Hicks
IEEEARES
2008
IEEE
13 years 10 months ago
Evaluation of Anomaly Based Character Distribution Models in the Detection of SQL Injection Attacks
The ubiquity of web applications has led to an increased focus on the development of attacks targeting these applications. One particular type of attack that has recently become p...
Mehdi Kiani, Andrew Clark, George M. Mohay