Author pages are created from data sourced from our academic publisher partnerships and public sources.
Share This Author
AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks
A new technique using a model-based approach to detect illegal queries before they are executed on the database and was able to stop all of the attempted attacks without generating any false positives.
A Classification of SQL-Injection Attacks and Countermeasures
An extensive review of the different types of SQL injection attacks known to date is presented, including descriptions and examples of how attacks of that type could be performed and existing detection and prevention techniques against SQL injections.
Automated Test Input Generation for Android: Are We There Yet? (E)
- S. R. Choudhary, Alessandra Gorla, A. Orso
- Computer Science30th IEEE/ACM International Conference on…
- 24 March 2015
A thorough comparison of the main existing test input generation tools for Android is performed, evaluating the effectiveness of these tools, and their corresponding techniques, according to four metrics: ease of use, ability to work on multiple platforms, code coverage, and ability to detect faults.
Dytan: a generic dynamic taint analysis framework
A general framework for dynamic tainting is defined and developed that is highly flexible and customizable, allows for performing both data-flow and control-flow based taints conservatively, and does not rely on any customized run-time system.
Are automated debugging techniques actually helping programmers?
The overall goal of this research is to investigate how developers use and benefit from automated debugging tools through a set of human studies by providing initial evidence that several assumptions made by automated debugging techniques do not hold in practice.
Regression test selection for Java software
A safe regression-test-selection technique that, based on the use of a suitable representation, handles the features of the Java language and also handles incomplete programs.
Architectures for an Event Notification Service Scalable to Wide-area Networks
abstract user-deﬁned types : in this case, the event service would pro-vide the features of a typed programming language that allows thedeﬁnition of abstract data types (e.g., an object-oriented…
WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation
- William G. J. Halfond, A. Orso, P. Manolios
- Computer ScienceIEEE Transactions on Software Engineering
A new highly automated approach for protecting Web applications against SQL injection that has both conceptual and practical advantages over most existing techniques is presented and implemented in the Web application SQL-injection preventer tool.
Leveraging field data for impact analysis and regression testing
This paper investigates the use of the Gamma approach to support and improve two fundamental tasks performed by software engineers during maintenance: impact analysis and regression testing and presents a new approach that leverages field data to perform these two tasks.
Efficient and precise dynamic impact analysis using execute-after sequences
- Taweesup Apiwattanapong, A. Orso, M. J. Harrold
- Computer ScienceProceedings. 27th International Conference on…
- 15 May 2005
A new technique for dynamic impact analysis is presented that is almost as efficient as the most efficient existing technique and is as precise as themost precise existing technique.