References

Anley, C., 2002. Advanced SQL injection in SQL server applications. NGS Secure, Manchester, England, UK. http://www.cgisecurity.com/lib/advanced_sql_injection.pdf

Bau, J., E. Bursztein, D. Gupta and J. Mitchell, 2010. State of the art: Automated black-box web application vulnerability testing. Proceedings of the 2010 IEEE International Symposium on Security and Privacy, May 16-19, 2010, IEEE, Berkeley, California, USA., ISBN:978-0-7695-4035-1, pp: 332-345.

Bau, J., F. Wang, E. Bursztein, P. Mutchler and J.C. Mitchell, 2012. Vulnerability factors in new web applications: Audit tools, developer selection and languages. J. Web Des., 1: 1-15.
Direct Link  |  

Calbraith, B., 2012. CWE/SANS top 25 most dangerous software errors: What errors are included in the top 25 software errors?. SANS Institute, USA.

Dahse, J. and T. Holz, 2014. Static detection of second-order vulnerabilities in web applications. Proceedings of the 2014 International Symposium on USENIX Security, August 20-22, 2014, USENIX, San Diego, California, USA., ISBN:978-1-931971-15-7, pp: 989-1003.

Deepa, G. and P.S. Thilagam, 2016. Securing web applications from injection and logic vulnerabilities: Approaches and challenges. Inform. Software Technol., 74: 160-180.
CrossRef  |  Direct Link  |  

Halfond, W.G. and A. Orso, 2005. AMNESIA: Analysis and monitoring for NEutralizing SQL-injection attacks. Proceedings of the 20th IEEE-ACM International Conference on Automated Software Engineering, November 07-11, 2005, ACM, Long Beach, California, ISBN:1-58113-993-4, pp: 174-183.

Halfond, W.G.J., J. Viegas and A. Orso, 2006. A classification of SQL injection attacks and countermeasures. Proceedings of the 2006 IEEE International Symposium on Secure Software Engineering Vol. 1, March 13, 2006, IEEE, New York, USA., pp: 13-15.

Huang, Y.W., F. Yu, C. Hang, C.H. Tsai and D.T. Lee et al., 2004. Securing web application code by static analysis and runtime protection. Proceedings of the 13th International Conference on World Wide Web, ACM, New York, USA., May 17-20, 2004, ISBN:1-58113-844-X, pp: 40 52-10.1145/988672.988679.

Jovanovic, N., C. Kruegel and E. Kirda, 2006. Pixy: A static analysis tool for detecting web application vulnerabilities. Proceedings of the Symposium on Security and Privacy, May 21-24, 2006, Berkeley/Oakland, CA., USA., pp: 263-269.

Lam, M.S., M. Martin, B. Livshits and J. Whaley, 2008. Securing web applications with static and dynamic information flow tracking. Proceedings of the 2008 ACM SIGPLAN International Symposium on Partial Evaluation and Semantics-Based Program Manipulation, January 7-8, 2008, ACM, San Francisco, California, USA., ISBN:978-1-59593-977-7, pp: 3-12.

Landi, W., 1992. Undecidability of static analysis. ACM. Lett. Program. Lang. Syst., 1: 323-337.
CrossRef  |  Direct Link  |  

Medeiros, I.V.D.S., 2016. Detection of vulnerabilities and automatic protection for web applications. Ph.D Thesis, University of Lisbon, Lisbon, Portugal.

OWASP, 2017. OWASP top 10-2017: The ten most critical web application security risks. OWASP, Maryland, USA. https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf

Sharma, C. and S.C. Jain, 2014. Analysis and classification of SQL injection vulnerabilities and attacks on web applications. Proceedings of the 2014 International Conference on Advances in Engineering and Technology Research (ICAETR’14), August 1-2, 2014, IEEE, Unnao, India, ISBN:978-1-4799-6393-5, pp: 1-6.

Su, Z. and G. Wassermann, 2006. The essence of command injection attacks in web applications. ACM. SIGPLAN Not., 41: 372-382.
CrossRef  |  Direct Link  |  

Trustwave, 2016. Trustwave global security report. Trustwave Holdings, Chicago, Illinois, USA. https://www.trustwave.com/Resources/Global-Security-Report-Archive/

Xie, Y. and A. Aiken, 2006. Static detection of security vulnerabilities in scripting languages. Proceedings of the 15th International Symposium on USENIX Security, July 31-August 4, 2006, USENIX, San Diego, California, USA., pp: 179-192.