1.
|
Retrofitting Existing Web Applications with Effective Dynamic Protection Against SQL Injection Attacks
/ San-Tsai Sun ; Konstantin Beznosov
[LERSSE-RefJnlPaper-2009-012]
This paper presents an approach for retrofitting existing web applications with run-time protection against known as well as unseen SQL injection attacks (SQLIAs) without the involvement of application developers. [...]
Published in Sun-Tsai Sun and Konstantin Beznosov. Retrofitting Existing Web Applications with Effective Dynamic Protection Against SQL Injection Attacks. In International Journal of Secure Software Engineering, pages 20-40, 1(1), January 2010.:
Transfer from CDS 0.99.7: PDF;
|
2.
|
SQLPrevent: Effective Dynamic Protection Against SQL Injection Attacks
/ San-Tsai Sun ; Konstantin Beznosov
[LERSSE-REPORT-2009-032]
This paper presents an approach for retrofitting existing web applications with run-time protection against known as well as unseen SQL injection attacks (SQLIAs). [...]
Published in San-Tsai Sun and Konstantin Beznosov, "SQLPrevent: Effective Dynamic Protection Against SQL Injection Attacks," Tech. Rep. LERSSE-TR-2009-32, Laboratory for Education and Research in Secure Systems Engineering, University of British Columbia, March 2009:
Transfer from CDS 0.99.7: PDF;
|
3.
|
Creation and Evaluation of SQL Injection Security Tools
/ Fabrizio Monticelli
[LERSSE-THESIS-2008-005]
This work summarizes our research on the topic of the creation and evaluation of security tools against SQL injection attacks (SQLIAs) [...]
Published in Fabrizio Monticelli, "Creation and Evaluation of SQL Injection Security Tools," Master thesis, Milano (MI), Italia, Department of Computer Engineering, Politecnico di Milano Technical University, Oct, 2008, pp.184. :
Transfer from CDS 0.99.7: PDF;
|
4.
|
Why (Managing) IT Security is Hard and Some Ideas for Making It Easier
/ Konstantin Beznosov
[LERSSE-PRESENTATION-2008-072]
The way security mechanisms for distributed applications are engineered today has a number of serious drawbacks. [...]
Published in Konstantin Beznosov, “Why (Managing) IT Security is Hard and Some Ideas for Making It Easier” talk given at the St. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences, 2 June 2008.:
Transfer from CDS 0.99.7: PDF;
|
5.
|
SQLPrevent: Effective Dynamic Detection and Prevention of SQL Injection Attacks Without Access to the Application Source Code
/ San-Tsai Sun ; Konstantin Beznosov
[LERSSE-REPORT-2008-025]
This paper presents an effective approach for detecting and preventing known as well as novel SQL injection attacks. [...]
Published in San-Tsai Sun and Konstantin Beznosov, "SQLPrevent: Effective dynamic detection and prevention of SQL injection attacks without access to the application source code," Tech. Rep. LERSSE-TR-2008-01, Laboratory for Education and Research in Secure Systems Engineering, University of British Columbia, February 2008.:
Transfer from CDS 0.99.7: PDF;
|