Automated Identification of Parameter Mismatches in Web Applications
@inproceedings{halfond08fse,
author = {W. Halfond and A. Orso},
title = {{Automated Identification of Parameter Mismatches in Web Applications}},
booktitle = {Proceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE 2008)},
pages = {181--191}
address = {Atlanta, Georgia, USA},
month = {November},
year = {2008},
}
author = {W. Halfond and A. Orso},
title = {{Automated Identification of Parameter Mismatches in Web Applications}},
booktitle = {Proceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE 2008)},
pages = {181--191}
address = {Atlanta, Georgia, USA},
month = {November},
year = {2008},
}
WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation
@article{halfond08tse,
author = {W. Halfond and A. Orso and P. Manolios},
title = {{WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation}},
journal = {IEEE Transactions on Software Engineering (TSE)},
volume = {34},
number = {1},
year = {2008},
pages = {65--81}
}
author = {W. Halfond and A. Orso and P. Manolios},
title = {{WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation}},
journal = {IEEE Transactions on Software Engineering (TSE)},
volume = {34},
number = {1},
year = {2008},
pages = {65--81}
}
Improving Test Case Generation for Web Applications Using Automated Interface Discovery
@inproceedings{halfond07fse,
author = {W. Halfond and A. Orso},
title = {{Improving Test Case Generation for Web Applications Using Automated Interface Discovery}},
booktitle = {Proceedings of the European Software Engineering Conference and ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE 2007)},
OPTpages = {},
address = {Dubrovnik, Croatia},
month = {September},
year = {2007},
}
author = {W. Halfond and A. Orso},
title = {{Improving Test Case Generation for Web Applications Using Automated Interface Discovery}},
booktitle = {Proceedings of the European Software Engineering Conference and ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE 2007)},
OPTpages = {},
address = {Dubrovnik, Croatia},
month = {September},
year = {2007},
}
Using Positive Tainting and Syntax-Aware Evaluation to Counter SQL Injection Attacks
@inproceedings{halfond06fse,
author = {W. Halfond and A. Orso and P. Manolios},
title = {{Using Positive Tainting and Syntax-Aware Evaluation to Counter SQL Injection Attacks}},
booktitle = {Proceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE 2006)},
pages = {175--185},
address = {Portland, Oregon, USA},
month = {November},
year = {2006},
}
author = {W. Halfond and A. Orso and P. Manolios},
title = {{Using Positive Tainting and Syntax-Aware Evaluation to Counter SQL Injection Attacks}},
booktitle = {Proceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE 2006)},
pages = {175--185},
address = {Portland, Oregon, USA},
month = {November},
year = {2006},
}
Command-Form Coverage for Testing Database Applications
@inproceedings{halfond06ase,
author = {W. Halfond and A. Orso},
title = {{Command-Form Coverage for Testing Database Applications}},
booktitle = {Proceedings of the IEEE and ACM International Conference on Automated Software Engineering (ASE 2006)},
pages = {69--78},
address = {Tokyo, Japan},
month = {September},
year = {2006},
}
title = {{Command-Form Coverage for Testing Database Applications}},
booktitle = {Proceedings of the IEEE and ACM International Conference on Automated Software Engineering (ASE 2006)},
pages = {69--78},
address = {Tokyo, Japan},
month = {September},
year = {2006},
}
Preventing SQL Injection Attacks Using AMNESIA
@INPROCEEDINGS{halfond06icse,
author = {William G.J. Halfond and Alessandro Orso},
title = {{Preventing SQL Injection Attacks Using AMNESIA}},
booktitle = {28th IEEE and ACM SIGSOFT International Conference on Software Engineering
(ICSE 2006) -- Formal Demos track},
year = {2006},
month = {May},
}
author = {William G.J. Halfond and Alessandro Orso},
title = {{Preventing SQL Injection Attacks Using AMNESIA}},
booktitle = {28th IEEE and ACM SIGSOFT International Conference on Software Engineering
(ICSE 2006) -- Formal Demos track},
year = {2006},
month = {May},
}
A Classification of SQL Injection Attacks and Prevention Techniques
@INPROCEEDINGS{halfond06issse,
author = {William G.J. Halfond and Jeremy Viegas and Alessandro Orso},
title = {{A Classification of SQL-Injection Attacks and Countermeasures}},
booktitle = {Proc. of the International Symposium on Secure Software Engineering},
year = {2006},
month = {Mar.},
}
author = {William G.J. Halfond and Jeremy Viegas and Alessandro Orso},
title = {{A Classification of SQL-Injection Attacks and Countermeasures}},
booktitle = {Proc. of the International Symposium on Secure Software Engineering},
year = {2006},
month = {Mar.},
}
AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks
@inProceedings{ halfond05ase,
author = {William G.J. Halfond and Alessandro Orso},
title = {{AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks}},
booktitle = {Proceedings of the IEEE and ACM International Conference on Automated Software Engineering (ASE 2005)},
pages = {},
address = {Long Beach, CA, USA},
month = {Nov},
year = {2005},
}
author = {William G.J. Halfond and Alessandro Orso},
title = {{AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks}},
booktitle = {Proceedings of the IEEE and ACM International Conference on Automated Software Engineering (ASE 2005)},
pages = {},
address = {Long Beach, CA, USA},
month = {Nov},
year = {2005},
}
Combining Static Analysis and Runtime Monitoring to Counter SQL-Injection Attacks
@InProceedings{halfond05woda,
author = {William G.J. Halfond and Alessandro Orso},
title = {{Combining Static Analysis and Runtime Monitoring to Counter SQL-Injection Attacks}},
booktitle = {Proceedings of the Third International ICSE Workshop on Dynamic Analysis (WODA 2005)},
pages = {22--28},
address = {St. Louis, MO, USA},
month = {may},
year = {2005},
OPTnote = {\url{http://www.csd.uwo.ca/woda2005/proceedings.html}},
}
author = {William G.J. Halfond and Alessandro Orso},
title = {{Combining Static Analysis and Runtime Monitoring to Counter SQL-Injection Attacks}},
booktitle = {Proceedings of the Third International ICSE Workshop on Dynamic Analysis (WODA 2005)},
pages = {22--28},
address = {St. Louis, MO, USA},
month = {may},
year = {2005},
OPTnote = {\url{http://www.csd.uwo.ca/woda2005/proceedings.html}},
}