1.
|
Systematically breaking and fixing OpenID security: Formal analysis, semi-automated empirical evaluation, and practical countermeasures
/ San-Tsai Sun ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-RefJnlPaper-2012-001]
OpenID 2.0 is a user-centric Web single sign-on protocol with over one billion OpenID-enabled user accounts, and tens of thousands of supporting websites. [...]
Published in San-Tsai Sun, Kirstie Hawkey, and Konstantin Beznosov. Systematically breaking and fixing OpenID security: Formal analysis, semi-automated empirical evaluation, and practical countermeasures. Computers & Security, Accepted 7 February 2012.:
Transfer from CDS 0.99.7: PDF;
|
2.
|
Retrofitting Existing Web Applications with Effective Dynamic Protection Against SQL Injection Attacks
/ San-Tsai Sun ; Konstantin Beznosov
[LERSSE-RefJnlPaper-2009-012]
This paper presents an approach for retrofitting existing web applications with run-time protection against known as well as unseen SQL injection attacks (SQLIAs) without the involvement of application developers. [...]
Published in Sun-Tsai Sun and Konstantin Beznosov. Retrofitting Existing Web Applications with Effective Dynamic Protection Against SQL Injection Attacks. In International Journal of Secure Software Engineering, pages 20-40, 1(1), January 2010.:
Transfer from CDS 0.99.7: PDF;
|
3.
|
SQLPrevent: Effective Dynamic Protection Against SQL Injection Attacks
/ San-Tsai Sun ; Konstantin Beznosov
[LERSSE-REPORT-2009-032]
This paper presents an approach for retrofitting existing web applications with run-time protection against known as well as unseen SQL injection attacks (SQLIAs). [...]
Published in San-Tsai Sun and Konstantin Beznosov, "SQLPrevent: Effective Dynamic Protection Against SQL Injection Attacks," Tech. Rep. LERSSE-TR-2009-32, Laboratory for Education and Research in Secure Systems Engineering, University of British Columbia, March 2009:
Transfer from CDS 0.99.7: PDF;
|
4.
|
Creation and Evaluation of SQL Injection Security Tools
/ Fabrizio Monticelli
[LERSSE-THESIS-2008-005]
This work summarizes our research on the topic of the creation and evaluation of security tools against SQL injection attacks (SQLIAs) [...]
Published in Fabrizio Monticelli, "Creation and Evaluation of SQL Injection Security Tools," Master thesis, Milano (MI), Italia, Department of Computer Engineering, Politecnico di Milano Technical University, Oct, 2008, pp.184. :
Transfer from CDS 0.99.7: PDF;
|