Publications in 2009:
Precise Interface Identification to Improve Testing and Analysis of Web Applications
International Symposium on Testing and Analysis (ISSTA 2009) - Distinguished Paper.
Penetration Testing with Improved Input Vector Identification
International Conference on Software Testing (ICST 2009).
Publications in 2008:
Web Application Modeling for Testing and Analysis
Foundations of Software Engineering (FSE 2008) - Doctorial Symposium.
Automated Identification of Parameter Mismatches in Web Applications
Foundations of Software Engineering (FSE 2008).
WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation
IEEE Transactions on Software Engineering.
Publications in 2007:
Improving Test Case Generation for Web Applications Using Automated Interface Discovery
Foundations of Software Engineering (ESEC/FSE 2007).
Detection and Prevention of SQL Injection Attacks
Malware Detection, Series: Advances in Information Security, Springer, Vol. 27
Publications in 2006:
Using Positive Tainting and Syntax-Aware Evaluation to Counter SQL Injection Attacks
Foundations of Software Engineering (FSE 2006)
Command-Form Coverage for Testing Database Applications
Automated Software Engineering (ASE 2006)
Preventing SQL Injection Attacks Using AMNESIA
International Conference on Software Engineering (ICSE 2006) - Formal Demo
A Classification of SQL Injection Attacks and Prevention Techniques
International Symposium on Secure Software Engineering (ISSSE 2006)