• Publications
  • Influence
AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks
TLDR
A new technique using a model-based approach to detect illegal queries before they are executed on the database and was able to stop all of the attempted attacks without generating any false positives.
A Classification of SQL-Injection Attacks and Countermeasures
TLDR
An extensive review of the different types of SQL injection attacks known to date is presented, including descriptions and examples of how attacks of that type could be performed and existing detection and prevention techniques against SQL injections.
Automated Test Input Generation for Android: Are We There Yet? (E)
TLDR
A thorough comparison of the main existing test input generation tools for Android is performed, evaluating the effectiveness of these tools, and their corresponding techniques, according to four metrics: ease of use, ability to work on multiple platforms, code coverage, and ability to detect faults.
Dytan: a generic dynamic taint analysis framework
TLDR
A general framework for dynamic tainting is defined and developed that is highly flexible and customizable, allows for performing both data-flow and control-flow based taints conservatively, and does not rely on any customized run-time system.
Are automated debugging techniques actually helping programmers?
TLDR
The overall goal of this research is to investigate how developers use and benefit from automated debugging tools through a set of human studies by providing initial evidence that several assumptions made by automated debugging techniques do not hold in practice.
Regression test selection for Java software
TLDR
A safe regression-test-selection technique that, based on the use of a suitable representation, handles the features of the Java language and also handles incomplete programs.
Architectures for an Event Notification Service Scalable to Wide-area Networks
abstract user-defined types : in this case, the event service would pro-vide the features of a typed programming language that allows thedefinition of abstract data types (e.g., an object-oriented
WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation
TLDR
A new highly automated approach for protecting Web applications against SQL injection that has both conceptual and practical advantages over most existing techniques is presented and implemented in the Web application SQL-injection preventer tool.
Leveraging field data for impact analysis and regression testing
TLDR
This paper investigates the use of the Gamma approach to support and improve two fundamental tasks performed by software engineers during maintenance: impact analysis and regression testing and presents a new approach that leverages field data to perform these two tasks.
Efficient and precise dynamic impact analysis using execute-after sequences
TLDR
A new technique for dynamic impact analysis is presented that is almost as efficient as the most efficient existing technique and is as precise as themost precise existing technique.
...
...