[1]
|
S. Barnum and G. McGraw, “Knowledge for software security,” IEEE Security and Privacy Magazine, Vol. 3, No. 2, pp. 74–78, 2005.
|
[2]
|
E. Bertino, A. Kamra, and J. Early, “Pro?ling database applica-tion to detect SQL injection attacks,” in Proceedings of the IEEE International Performance, Computing, and Communications Conference, pp. 449–458. 2007.
|
[3]
|
X. Fug, X. Lu, B. Peltsverger, S. Chen, K. Qian, and L. Tao, “A static analysis framework for detecting SQL injection vulner-abilities,” in Proceedings of the 31st Annual International Computer Software and Applications Conference, pp. 87–96, 2007.
|
[4]
|
E. Merlo, D. Letarte, and G. Antoniol, “SQL-injection security evolution analysis in PHP,” in Proceedings of the 9th IEEE International Workshop on Web Site Evolution, pp. 45–49, 2007.
|
[5]
|
S. Thomas and L. Williams, “Using automated ?x generation to secure SQL statements,” in Proceedings of the 3rd International Workshop on Software Engineering for Secure Systems, pp. 9–19, 2007.
|
[6]
|
“XPath 1.0 speci?cation,” 1999, http://www.w3.org/TR/ xpath.
|
[7]
|
“XPath 2.0 speci?cation,” 2007, http://www.w3.org/TR/ xpath20/.
|
[8]
|
“RFC 1777: Lightweight Directory Access Protocol v2,” 1995, http://www.faqs.org/rfcs/rfc1777.html.
|
[9]
|
“RFC 2251: Lightweight Directory Access Protocol v3,” 1997, http://www.faqs.org/rfcs/rfc2251.html.
|
[10]
|
T. Holz, S. Marechal, and F. Raynal, “New threats and attacks on the world wide web,” IEEE Security and Privacy Magazine, Vol. 4, No. 2, 2006.
|
[11]
|
G. Hermosillo, R. Gomez, L. Seinturier, and L. Duchien, “AProSec: An aspect for programming secure web applica-tions,” in Proceedings of the Second International Conference on Availability, Reliability and Security, pp. 1026–1033, 2007.
|
[12]
|
N. Jovanovic, C. Kruegel, and E. Kirda, “Pixy: A static analysis tool for detecting web application vulnerabilities,” in Proceed-ings of the IEEE Symposium on Security and Privacy, pp. 6–15, 2006.
|
[13]
|
E. Jamhour, “Distributed security management using LDAP directories,” in Proceedings of the XXI Internatinal Conference of the Chilean Computer Science Society, pp. 144–153, 2001
|
[14]
|
R. Sari and S. Hidayat, “Integrating web server applications with LDAP authentication: Case study on human resources informa-tion system of ui,” in Proceedings of the International Sympo-sium on Communications and Information Technologies, pp. 307–312, 2006.
|
[15]
|
M. Wahl, T. Howes, and S. Kille, “Lightweight Directory Ac-cess Protocol (v3),” 1997,
http://www.ietf.org/rfc/rfc2251.
|
[16]
|
V. Koutsonikola and A. Vakali, “LDAP: Framework, practices, and trends,” IEEE Internet Computing, Vol. 8, No. 5, pp. 66–72, 2004.
|
[17]
|
M. Russinovich and D. Solomon, Microsoft Windows Internals, Microsoft Press, 2004.
|
[18]
|
“OpenLDAP main page,”
http://www.openldap.org.
|