Code-motion for API migration: fixing SQL injection vulnerabilities in Java

@inproceedings{Abadi2011CodemotionFA,
  title={Code-motion for API migration: fixing SQL injection vulnerabilities in Java},
  author={Aharon Abadi and Yishai A. Feldman and Mati Shomrat},
  booktitle={WRT@ICSE},
  year={2011}
}
Refactoring often requires the reordering of code fragments; such is the case when migrating from one API to another. Performing such reordering manually is complex and error-prone. A specific example in the security domain involves database query execution, in which some of the parameters come from untrusted sources. In Java, the Statement API provides opportunities for SQL injection attacks. The recommended remedy is to replace it with the secure Prepared-Statement API; however, that… CONTINUE READING

Citations

Publications citing this paper.
SHOWING 1-2 OF 2 CITATIONS

Reconciling manual and automatic refactoring

  • 2012 34th International Conference on Software Engineering (ICSE)
  • 2012
VIEW 1 EXCERPT
CITES BACKGROUND

References

Publications referenced by this paper.

Fine slicing for advanced method extraction

A. Abadi, R. Ettinger, Y. A. Feldman
  • In Proc. Third Workshop on Refactoring Tools,
  • 2009
VIEW 6 EXCERPTS
HIGHLY INFLUENTIAL

Similar Papers