Synthesis of Allowlists for Runtime Protection against SQLi-Reference-Cited by-同舟云学术

Synthesis of Allowlists for Runtime Protection against SQLi

Published:2024-04-14 Issue: Volume: Page:16-20
ISSN:
Container-title:Proceedings of the 2024 ACM/IEEE 44th International Conference on Software Engineering: New Ideas and Emerging Results
language:
Short-container-title:

Author:

Vorobyov Kostyantyn¹^ORCID,Gauthier Francois¹^ORCID,Krishnan Padmanabhan¹^ORCID

Affiliation:

1. Oracle Labs, Brisbane, Australia

Publisher

ACM

Link

https://dl.acm.org/doi/pdf/10.1145/3639476.3639772

Reference21 articles.

1. Oracle Database 21c. 2023. Using Oracle Virtual Private Database to Control Data Access. https://docs.oracle.com/en/database/oracle/oracle-database/21/dbseg/using-oracle-vpd-to-control-data-access.html#GUID-06022729-9210-4895-BF04-6177713C65A7

2. Sruthi Bandhakavi, Prithvi Bisht, P. Madhusudan, and V. N. Venkatakrishnan. [n. d.]. CANDID: preventing sql injection attacks using dynamic candidate evaluations. In Proceedings of the 2007 ACM Conference on Computer and Communications Security, CCS 2007, Alexandria, Virginia, USA, October 28--31, 2007, Peng Ning, Sabrina De Capitani di Vimercati, and Paul F. Syverson (Eds.). ACM, 12--24.

3. E. Bertino A. Kamra and J. P. Early. 2007. Profiling Database Application to Detect SQL Injection Attacks. In IPCCC.

4. Gregory Buehrer, Bruce W. Weide, and Paolo A. G. Sivilotti. 2005. Using parse tree validation to prevent SQL injection attacks. In Proceedings of the 5th International Workshop on Software Engineering and Middleware, SEM 2005, Lisbon, Portugal, September 5--6, 2005, Elisabetta Di Nitto and Amy L. Murphy (Eds.). ACM, 106--113.

5. V. H. S. Campos R. E. Rodrigues I. R. de Assis Costa a nd D. do Couto Texeira and F. M. Q. Pereira. [n. d.]. A Tool for the Range Analysis of Whole Programs. http://range-analysis.googlecode.com/.