Automated Protection of PHP Applications Against SQL-injection Attacks

  title={Automated Protection of PHP Applications Against SQL-injection Attacks},
  author={Ettore Merlo and Dominic Letarte and Giuliano Antoniol},
  journal={11th European Conference on Software Maintenance and Reengineering (CSMR'07)},
Web sites may be static sites, programs, or databases, and very often a combination of the three integrating relational databases as a back-end. Web sites require care in configuration and programming to assure security, confidentiality, and trustworthiness of the published information. SQL-injection attacks exploit weak validation of textual input used to build database queries. Maliciously crafted input may threaten the confidentiality and the security policies of Web sites relying on a… CONTINUE READING
Highly Cited
This paper has 18 citations. REVIEW CITATIONS