• Publications
  • Influence
AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks
TLDR
The use of web applications has become increasingly popular in our routine activities, such as reading the news, paying bills, and shopping on-line. Expand
  • 600
  • 61
  • PDF
A Classification of SQL-Injection Attacks and Countermeasures
TLDR
SQL injection attacks pose a serious security threat to Web applications: they allow attackers to obtain unrestricted access to the databases underlying the applications and to the potentially sensitive information these databases contain. Expand
  • 598
  • 60
  • PDF
Automated Test Input Generation for Android: Are We There Yet? (E)
TLDR
We evaluate the state of the art in input generation for Android apps and identify future research directions that, if suitably investigated, could lead to more effective and efficient testing tools for Android. Expand
  • 330
  • 52
  • PDF
Dytan: a generic dynamic taint analysis framework
Dynamic taint analysis is gaining momentum. Techniques based on dynamic tainting have been successfully used in the context of application security, and now their use is also being explored inExpand
  • 465
  • 48
  • PDF
Are automated debugging techniques actually helping programmers?
TLDR
We perform a preliminary study on developers by providing them with an automated debugging tool and two tasks to be performed with and without the tool. Expand
  • 401
  • 47
  • PDF
Regression test selection for Java software
TLDR
Safe regression-test-selection technique that, based on the use of a suitable representation, handles the features of the Java language. Expand
  • 333
  • 37
  • PDF
WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation
TLDR
This paper presents a new highly automated approach for protecting Web applications against SQL injection that has both conceptual and practical advantages over most existing techniques. Expand
  • 202
  • 31
  • PDF
Architectures for an Event Notification Service Scalable to Wide-area Networks
TLDR
From the viewpoint of the designer of the event service, the first solutionis definitely the easiest one to implement. Expand
  • 211
  • 29
  • PDF
Scaling regression testing to large software systems
TLDR
This paper presents a new regression-test-selection technique for Java programs that is safe, precise, and yet scales to large systems. Expand
  • 236
  • 21
  • PDF
Leveraging field data for impact analysis and regression testing
TLDR
We investigate the use of the Gamma approach to support and improve two fundamental tasks performed by software engineers during maintenance: impact analysis and regression testing. Expand
  • 253
  • 20
  • PDF
...
1
2
3
4
5
...