[1] |
OWASP. The ten most critical Web application security risks[S]. OWASP Top 10, 2017.
|
[2] |
ANTUNES N , VIEIRA M . Designing vulnerability testing tools for Web services:approach,components,and tools[J]. International Journal of Information Security, 2017,16(4): 435-457.
|
[3] |
ANTUNES N , VIEIRA M . Penetration testing for Web services[J]. IEEE Computer, 2014,47(2): 30-36.
|
[4] |
DEEPA G , THILAGAM P S . Securing Web applications from injection and logic vulnerabilities:approaches and challenges[J]. Information and Software Technology, 2016,74(6): 160-180.
|
[5] |
DALAI A K , JENA S K . Neutralizing SQL injection attack using server side code modification in Web applications[J]. Security &Communication Networks, 2017,2017(2): 1-12.
|
[6] |
乐德广, 李鑫, 龚声蓉 ,等. 新型二阶 SQL 注入技术研究[J]. 通信学报, 2015,36(Z1): 85-93.
|
|
LE D G , LI X , GONG S R ,et al. Research on second-order SQL injection techniques[J]. Journal on Communications, 2015,36(Z1): 85-93.
|
[7] |
HALFOND W G J , CHOUDHARY S R , ORSO A . Improving penetration testing through static and dynamic analysis[J]. Software Testing Verification & Reliability, 2011,21(3): 195-214.
|
[8] |
SALAS M I P , MARTINS E . A black-box approach to detect vulnerabilities in Web services using penetration testing[J]. IEEE Latin America Transactions, 2015,13(3): 707-712.
|
[9] |
CHEN J M , WU C L . An automated vulnerability scanner for injection attack based on injection point[C]// IEEE International Computer Symposium (ICS). 2010: 113-118.
|
[10] |
ALENEZI M , JAVED Y . Open source Web application security:a static analysis approach[C]// IEEE International Conference on Engineering & MIS (ICEMIS). 2016: 1-5.
|
[11] |
KIM M Y , LEE D H . Data-mining based SQL injection attack detection using internal query trees[J]. Expert Systems with Applications, 2014,41(11): 5416-5430.
|
[12] |
JANG Y S , CHOI J Y . Detecting SQL injection attacks using query result size[J]. Computers & Security, 2014,44(2): 104-118.
|
[13] |
KAR D , PANIGRAHI S , SUNDARARAJAN S . SQLiGoT:detecting SQL injection attacks using graph of tokens and SVM[J]. Computers& Security, 2016,60(3): 206-225.
|
[14] |
KIEZUN A , GUO P J , JAYARAMAN K ,et al. Automatic creation of SQL Injection and cross-site scripting attacks[C]// 31st IEEE International Conference on Software Engineering. 2009: 199-209.
|
[15] |
HUANG H C , ZHANG Z K , CHENG H W ,et al. Web application security:threats,counter measures,and pitfalls[J]. IEEE Computer, 2017,50(6): 81-85.
|
[16] |
DAHSE J , HOLZ T . Static detection of second-order vulnerabilities in Web applications[C]// 23rd USENIX conference on Security Symposium (USENIX). 2014: 989-1003.
|
[17] |
YAN L , LI X H , FENG R T ,et al. Detection method of the second-order SQL injection in Web applications[J]. Lecture Notes in Computer Science, 2014,8332(1): 154-165.
|
[18] |
MARBACK A , DO H , HE K ,et al. A threat model-based approach to security testing[J]. Software-Practice & Experience, 2013,43(2): 241-258.
|
[19] |
XIONG P L . A model-driven penetration test framework for Web applications[D]. University of Ottawa, 2012.
|
[20] |
KAUR N , KAUR P . Modeling a SQL injection attack[C]// 3rd IEEE International Conference on Computing for Sustainable Global Development (INDIACom). 2016: 77-82.
|
[21] |
BYERS D , SHAHMEHRI N . Unified modeling of attacks,vulnerabilities[C]// ICSE Workshop on Software Engineering for Secure Systems (SESS). 2010: 36-42.
|
[22] |
田伟, 许静, 杨巨峰 ,等. 模型驱动的Web应用SQL注入渗透测试[J]. 高技术通讯, 2012,22(11): 1161-1168.
|
|
TIAN W , XU J , YANG J F ,et al. Model-driven penetration test of the SQL injection in Web applications[J]. Chinese High Technology Letters, 2012,22(11): 1161-1168.
|
[23] |
VIBHANDIK R , BOSE A K . Vulnerability assessment of Web applications - a testing approach[C]// 4th IEEE International Conference on e-Technologies and Networks for Development (ICeND). 2015: 1-6.
|
[24] |
LIBAN A , HILLES S M . Enhancing MySQL injector vulnerability checker tool (mysql injector) using inference binary search algorithm for blind timing-based attack[C]// IEEE 5th Control and System Graduate Research Colloquium. 2014: 47-52.
|
[25] |
DABAS A , SHARMA A K . Understanding advanced blind SQLI attack[J]. International Journal of Engineering Research and General Science, 2015,3(3): 1548-1552.
|
[26] |
HALFOND W , VIEGAS J , ORSO A . A Classification of SQLinjection attacks and countermeasures[C]// International Symposium on Secure Software Engineering (ISSSE). 2006: 12-23.
|
[27] |
ANTUNES N , VIEIRA M . Defending against Web application vulnerabilities[J]. IEEE Computer, 2012,45(2): 66-72.
|