List of Publications

Publications in 2009:

Precise Interface Identification to Improve Testing and Analysis of Web Applications
W. Halfond, S. Anand, and A. Orso
International Symposium on Testing and Analysis (ISSTA 2009) - Distinguished Paper.
Penetration Testing with Improved Input Vector Identification
W. Halfond, S. Roy Choudhary, and A. Orso
International Conference on Software Testing (ICST 2009).

Publications in 2008:

Web Application Modeling for Testing and Analysis
W. Halfond
Foundations of Software Engineering (FSE 2008) - Doctorial Symposium.
Automated Identification of Parameter Mismatches in Web Applications
W. Halfond and A. Orso
Foundations of Software Engineering (FSE 2008).
WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation
W. Halfond, A. Orso and P. Manolios
IEEE Transactions on Software Engineering.

Publications in 2007:

Improving Test Case Generation for Web Applications Using Automated Interface Discovery
W. Halfond and A. Orso
Foundations of Software Engineering (ESEC/FSE 2007).
Detection and Prevention of SQL Injection Attacks
W. Halfond and A. Orso
Malware Detection, Series: Advances in Information Security, Springer, Vol. 27

Publications in 2006:

Using Positive Tainting and Syntax-Aware Evaluation to Counter SQL Injection Attacks
W. Halfond, A. Orso and P. Manolios
Foundations of Software Engineering (FSE 2006)
Command-Form Coverage for Testing Database Applications
W. Halfond and A. Orso
Automated Software Engineering (ASE 2006)
Preventing SQL Injection Attacks Using AMNESIA
W. Halfond and A. Orso
International Conference on Software Engineering (ICSE 2006) - Formal Demo
A Classification of SQL Injection Attacks and Prevention Techniques
W. Halfond, J. Viegas and A. Orso
International Symposium on Secure Software Engineering (ISSSE 2006)

Publications in 2005:

AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks
W. Halfond and A. Orso
Automated Software Engineering (ASE 2005)
Combining Static Analysis and Runtime Monitoring to Counter SQL-Injection Attacks
W. Halfond and A. Orso
Workshop on Dynamic Analysis (WODA 2005)