Proceedings of the 7th International Conference on Inventive Computation Technologies (ICICT 2024)
Xplore Part Number : CFP24F70-ART ; ISBN : 979-8-3503-5929-9
Detection of SQL Injection Attacks
1st Mr.M.THILAKRAJ
Department of Information Technology
K. S. Rangasamy College of Technology
2024 International Conference on Inventive Computation Technologies (ICICT) | 979-8-3503-5929-9/24/$31.00 ©2024 IEEE | DOI: 10.1109/ICICT60155.2024.10544579
Tiruchengode, Tamilnadu
[email protected]
3rd Mr.M.M.CIBI
Department of Information Technology
K. S. Rangasamy College of Technology
Tiruchengode, Tamilnadu
[email protected]
Abstract—The increased utilization of online apps and services has
raised serious concerns about the possibility of cyberattacks. SQL
injection is a common attack type that takes advantage of holes in
online applications to access databases without authorization.
Maintaining the integrity and security of online systems depends
on identifying and thwarting SQL injection attacks. In this study,
we use the Sequential Minimal Optimization (SMO) algorithm to
present a unique method for identifying SQL injection attacks in
network traffic data. This study proposes a unique strategy that
leverages machine learning to solve the critical requirement for
efficient and effective detection procedures. This study specifically
focuses on using the (SMO) technique to identify and mitigate SQL
injection threats using network traffic data. The sequence of
contacts between hosts, or network flow data, provides a wealth of
information for identifying unusual patterns suggestive of attack
activity.
Keywords—Network; SQL injection Attack; Sequential minimal
optimization algorithm; Defense Mechanism; Data integrity; cyber
threats; Anomaly detection; Network flow data.
I. INTRODUCTION
The increased proliferation of online apps and services has
raised serious concerns about the possibility of cyberattacks.
SQL injection is a common attack type that takes advantage of
holes in online applications to access databases without
authorization. Maintaining the integrity and security of online
systems depends on identifying and thwarting SQL injection
attacks. In this study, we use the Sequential Minimal
Optimization (SMO) algorithm to present a unique method for
identifying SQL injection attacks in network traffic data. This
study proposes a unique strategy that leverages machine
learning to solve the critical requirement for efficient and
effective detection procedures. This study specifically focuses
on using the (SMO) technique to identify and mitigate SQL
injection threats using network traffic data. The sequence of
contacts between hosts, or network flow data, provides a wealth
of information for identifying unusual patterns suggestive of
attack activity. Consider a seemingly innocent login form
where a user enters their credentials. An attacker, however,
could input malicious SQL code into the username or password
field, exploiting vulnerabilities to gain unauthorized access to
the database. This breach could lead to severe consequences,
including data breaches or system compromise, underscoring
979-8-3503-5929-9/24/$31.00 ©2024 IEEE
Authorized licensed use limited to: Don Bosco Institute of Technology-Bengaluru. Downloaded on March 17,2025 at 07:07:49 UTC from IEEE Xplore. Restrictions apply.
2nd Ms.S.ANUPRIYA
Department of Information Technology
K. S. Rangasamy College of Technology
Tiruchengode, Tamilnadu
[email protected]
4th Ms.A.DIVYA
Department of Information Technology
K. S. Rangasamy College of Technology
Tiruchengode, Tamilnadu
[email protected]
the critical importance of robust coding practices and security
measures against SQL Injection Attacks.
A. Sql injection
A dangerous cybersecurity risk called SQL Injection takes
advantage of holes in a website or application's database layer.
In this kind of attack, hackers insert malicious SQL code to
change user inputs, including search bars or login forms. An
attacker may be able to access the underlying database without
authorization if the system does not sufficiently verify and
sanitize these inputs. Once entered, they could alter the system
as a whole, steal confidential data, or jeopardize data integrity.
SQL Injection emphasizes how important it is to have strict
security procedures and careful coding techniques in place to
prevent breaches and defend against this common type of
cyberattack.
B. Database
Database vulnerabilities are weak spots in the information
storage and information management digital fortresses. These
weaknesses are like open doors in the field of cybersecurity, just
ready to be kicked in by malevolent actors. These kinds of
vulnerabilities can be caused by a number of things, such as
obsolete software, weak access restrictions, or insufficient
encryption. In essence, a database vulnerability offers an
avenue of entry for unauthorized parties to get, change, or
remove confidential information. In order to protect digital
assets, guarantee data integrity, and strengthen the overall
security posture of systems and applications, it is critical to
identify and resolve these vulnerabilities. Retaining the
resilience of database settings and staying one step ahead of any
threats need a proactive strategy that includes frequent security
reviews and updates.
C. Sql commands
SQL instructions are the fundamental language used in
relational database operations, providing users with the ability
to obtain, manipulate, and manage data. A strong and
standardized set of instructions known as Structured Query
Language, or SQL, allows for easy interaction with database
systems. These commands cover a wide variety of tasks, from
basic information retrieval queries to more intricate procedures
like data change and schema development. The flexibility of
1515
 Proceedings of the 7th International Conference on Inventive Computation Technologies (ICICT 2024)
Xplore Part Number : CFP24F70-ART ; ISBN : 979-8-3503-5929-9
SQL allows analysts, administrators, and developers to work
with databases more effectively.
II. LITERATURE REVIEW
A. Overview of sql injection
In this work, Timothy J. has suggested. The swift
development of online applications across several areas is
mirrored in the rise of SQL injection as a cybersecurity issue.
The risks linked to insufficient input validation have become
more noticeable as systems become more interconnected. There
percussions of SQL injection attacks go beyond the
compromising of individual user accounts as our dependence
on web services grows. The core pillars of data confidentiality
and integrity in organizational databases might be compromised
by these assaults. The fundamental aspect of SQL injection is
the misuse of user input trust. Malevolent attackers use online
applications' failure to thoroughly verify or sanitize user
submitted data to modify the underlying SQL queries.
B. The evolution of sql injection techniques through history
In this work, Oliver Y has proposed Of course! SQL
injection techniques developed to get around new security
protections as they became more advanced. Attackers now have
more ways to insert malicious code into database operations
thanks to stored procedures. The study emphasizes a thorough
evaluation methodology, discussing performance metrics like
precision, recall, and F1-score. It scrutinizes experimental
design elements, such as dataset diversity and cross-validation
techniques, to establish credibility and generalizability.
Through this detailed discussion, the study aims to validate the
proposed SQL injection detection approach with a rigorous and
well-structured assessment.
C. Sql injection's effect on data security
In this research, Parul Sharma et al. have proposed. The
consequences of successful SQL injection attacks on businesses
go much beyond the original security breach. Financially, a
SQL injection-related data breach can be extremely expensive,
involving costs for forensic examinations, court cases, and the
installation of additional security measures. Furthermore, the
loss of confidential information may result in identity theft,
financial fraud, and a reduction in client confidence, all of
which may have long term negative financial effects.
D. Best practices and preventive measures
In this research, Dr. Pooja Raundale has suggested In
addition to examining the effects of SQL injection, the literature
focuses a great deal of attention on proactive steps that
strengthen digital defenses. A key weapon in this fight is input
validation, which serves as the first line of defense by carefully
examining user inputs to check for harmful information.
Organizations may greatly decrease the attack surface and resist
efforts to introduce malicious SQL code by putting strong input
validation rules in place. In the continuous battle against SQL
injection, the usage of prepared statements and parameterized
queries are essential strategies.
979-8-3503-5929-9/24/$31.00 ©2024 IEEE
Authorized licensed use limited to: Don Bosco Institute of Technology-Bengaluru. Downloaded on March 17,2025 at 07:07:49 UTC from IEEE Xplore. Restrictions apply.
E. Difficulties in reducing sql injection
As the research has shown, there are a number of intrinsic
problems and obstacles that make mitigating SQL injection a
persistent task, which is what Muntasir Mamun has
recommended in this work. Mitigating SQL injection presents
persistent challenges due to intrinsic issues and practical
barriers. Legacy code prevalent in many companies lacks robust
security measures, rendering older systems and apps more
vulnerable. Addressing these legacy systems demands
significant resources and expertise, hindering businesses'
efforts to enhance security. Moreover, a lack of understanding
among developers and IT specialists poses another obstacle.
Despite available preventive measures, critical security
practices may be neglected due to insufficient awareness of
evolving attack methods. To counter these risks, various
preventive measures can be adopted. Employing input
validation techniques like parameterized queries and stored
procedures significantly reduces vulnerabilities. Additionally,
regular updating and patching of database systems and utilizing
web application firewalls are crucial. Educating developers on
secure coding practices and implementing strict access controls
further strengthens defenses against SQL injection attacks.
F. Role of machine learning in sql injection detection
In this study, Aleksei Shcherbak has put out Researchers are
exploring the possibility of machine learning (ML) methods for
early detection of SQL injection attempts in response to the
increasing complexity of cyber-attacks. In this instance,
machine learning is being applied by analyzing query behavior
and user input patterns to distinguish between fraudulent and
legitimate activity. Machine learning (ML) has the potential to
be a proactive defense against the ever evolving techniques of
SQL injection, since it can leverage enormous datasets and train
algorithms to identify odd patterns.
G. Regulatory frameworks and compliance
In this research, Rachneet Kaur et al. have proposed
Regulatory organizations are taking proactive steps to create
frameworks and compliance requirements in response to the
serious consequences of data breaches caused by SQL injection
and other cyber threats. The Health Insurance Portability and
Accountability Act (HIPAA) and the General Data Protection
Regulation (GDPR) are two well-known examples that are
essential in motivating corporations to prioritize and have
strong defenses in place. The effects of GDPR, a
comprehensive law intended to safeguard the personal
information of people of the European Union (EU), have been
widely studied in the literature.
H. Social engineering aspects of sql injection
In this work, S. Saravanan et al. have proposed. The
literature looks at how social engineering plays a part in these
exploits to highlight how complex SQL injection assaults are.
Psychological manipulation is a common tool used by attackers
to trick administrators or users, taking advantage of human
psychology as a weak spot. Comprehending these techniques is
essential for formulating allen compassing security plans that
1516
 Proceedings of the 7th International Conference on Inventive Computation Technologies (ICICT 2024)
Xplore Part Number : CFP24F70-ART ; ISBN : 979-8-3503-5929-9
tackle cyber security's human element in addition to its
technological weaknesses.
I. Global patterns and trends in sql injection attacks
In this research, Lerina Aversano et al. have suggested The
literature provides a macroscopic perspective that reveals the
changing landscape of cyber risks by painstakingly analyzing
worldwide patterns and trends in SQL injection attacks. One
important factor that sticks out is geographic dispersion, which
shows how often SQL injection attacks vary by location. When
examining the differences in attack rates, researchers frequently
attribute them to infrastructure weaknesses, inequalities in
cyber security knowledge, and the general digital maturity of
various nations.
J. Educational initiatives and awareness programs
In this research, SURA MAHMOOD ABDULLAH et al.
have proposed Certain literature highlights educational
activities and awareness campaigns as effective strategies in
minimizing SQL injection attacks, acknowledging the crucial
role that education plays in strengthening digital defenses.
Developers are frequently the intended audience for these
programs since they are at the forefront of developing and
maintaining software.
III. EXISTING SYSTEM
Attackers can have free access to the databases that support
applications and the potentially sensitive information the
databases hold; SQL injection attacks result in a severe security
risk to Web applications. While several techniques to solving
the SQL injection problem have been offered by researchers
and practitioners, the existing options either do not fully solve
the problem or have drawbacks that hinder their acceptance and
usage.
IV. PROPOSED SYSTEM
The proposed method as shown in figure 1 offers a state-of-
the-art defense against the increasingly dangerous threat of
SQL injection attacks in the dynamic world of web
applications. Our approach, which makes use of the Sequential
Minimal Optimization (SMO) technique, is centered on
identifying and reducing SQL injection risks in network traffic
data. Understanding how important it is to have reliable and
efficient detection methods, our approach makes use of
machine learning's built-in strengths. The proposed method
leverages a wealth of data to spot unusual patterns suggestive
of SQL injection attacks by focusing on network flow data,
which captures the series of exchanges between hosts. One key
characteristic of the SMO algorithm is its ability to handle large,
complicated datasets with ease. This allows for increased
detection speed and accuracy while reducing false positives.
The Sequential Minimal Optimization (SMO) algorithm is
pivotal in identifying SQL injection attacks within network
traffic data. As a machine learning technique, SMO discerns
patterns indicative of potential attacks, enhancing detection
accuracy. Its ability to handle large datasets with ease ensures
efficient analysis of network flow data. By clarifying SMO's
979-8-3503-5929-9/24/$31.00 ©2024 IEEE
Authorized licensed use limited to: Don Bosco Institute of Technology-Bengaluru. Downloaded on March 17,2025 at 07:07:49 UTC from IEEE Xplore. Restrictions apply.
role, the study aims to improve SQL injection detection
methodologies. SMO's nuanced approach contributes
significantly to the overall robustness of cyber security
measures against evolving threats.
V. MODULES
A. Data collection
The query tree log collector, the regular query generator,
and the malicious query generator module make up the data
collecting phase. The query trees produced by the PostgreSQL
database system are gathered by the query tree log collector
module. A collection of standard SQL queries is created using
the usual query generator module and used to train the SVM
classification algorithm. In order to assess how well the
suggested framework detects SQLIAs, a collection of malicious
SQL queries is generated using the malicious query generator
module. Following their collection, the proposed method
applies the unique technique outlined in the study to transform
the query trees into an n-dimensional feature vector. Both
syntactic and semantic characteristics are retrieved, and many
statistical models are used to convert the features into numerical
values. Efficient data collection is vital for the proposed
methodology's success. The study emphasizes a systematic
approach to gathering network traffic data, focusing on real-
world scenarios. It discusses selecting appropriate datasets and
considering diverse network environments to ensure data
representativeness. By addressing challenges and
considerations in data collection, the study enhances the
robustness and applicability of the SQL injection detection
approach.
Figure 1 Proposed System Architecture
An attacker can impede an application's database
requests by using the SQL injection vulnerability depicted
in figure 1 above, which is a net security vulnerability. In
most cases, it gives an attacker access to data that they
wouldn't usually be able to obtain.
B. Data preprocessing
The three parts of the proposed framework's data
preprocessing module are the vector generator, feature
extractor, and feature transformer. Syntactic and semantic
characteristics are extracted from the query tree log that the
query tree log collector module has gathered by the feature
1517
 Proceedings of the 7th International Conference on Inventive Computation Technologies (ICICT 2024)
Xplore Part Number : CFP24F70-ART ; ISBN : 979-8-3503-5929-9
extractor component. Data types, table connections, and query
structure are among the aspects that have been retrieved. The
feature extractor component makes sure that the pertinent data
is collected and utilized in the next stages in order to identify
SQL queries as malicious or legitimate. The extracted
characteristics are converted into numerical values that the
SVM classification algorithm may utilize by using the feature
transformer component. The feature transformer converts the
extracted features into numerical values that may be used for
classification since Support Vector Machines (SVMs) require
numerical inputs. This study delves into the rationale behind
choosing SVM for SQL injection detection and elucidates how
its unique characteristics align with the objectives of the
research. By offering a clear justification for the selection of
SVM over alternative machine learning algorithms, the study
aims to enhance the understanding of the decision-making
process, ensuring transparency and confidence in the chosen
approach.
MALICIOUS QUERY
GENERATOR
DATA COLLECTION
QUERY TREE
FEATURE EXTRACTOR
DATA
PREPROCESSING
FEATURE VECTOR
MODEL GENERATOR
TRAINING
DATA
MODEL EVALUATION
DETECT SQL INJECTION
ATTACK
ATTACK
DETECTION
SQL INJECTION
ATTACK DETECT
Figure 2. block diagram
The block diagram used to identify SQL injection attacks
is shown in figure 2. When the query generator generates a
query, the data is gathered and educated using machine learning
methods. If a malicious question is discovered, the trained
model recognizes the attack.
C. Training data
The feature vectors produced in the data preprocessing
module are used by the model generator component to train
the SVM classification algorithm. To be more precise, the
979-8-3503-5929-9/24/$31.00 ©2024 IEEE
Authorized licensed use limited to: Don Bosco Institute of Technology-Bengaluru. Downloaded on March 17,2025 at 07:07:49 UTC from IEEE Xplore. Restrictions apply.
model generator trains the SVM algorithm to recognize
normal queries using the feature vectors from the normal
query generator module. Next, the trained SVM model is
applied to categorize incoming SQL queries as malicious or
legitimate. The trained SVM model's performance is assessed
using the model evaluator component. To be more precise, the
model evaluator assesses how well the SVM model detects
SQLIAs using feature vectors produced by the malicious
query generator module.Because they might not have as strong
of security safeguards as modern frameworks, older systems
and apps are more vulnerable to SQL injection attacks.
Ensuring the reliability of the proposed methodology involves
careful consideration of multiple factors. Rigorous testing and
validation procedures, including cross-validation techniques,
are employed to assess the model's performance under various
conditions. Additionally, the study explores the impact of
different parameters on the reliability of results, offering
insights into potential challenges and strategies for addressing
them. By emphasizing transparency and reproducibility in the
experimental design, the study aims to establish the reliability
of its proposed approach to SQL injection detection.
D. Attack detecting
The part in charge of categorizing incoming SQL queries
as malicious or legitimate is the SQLIA classifier. The feature
vectors produced by the vector generator component in the
created during the training phase are used by the classifier. To
create a feature vector, the feature extractor, feature
transformer, and vector generator components first convert is
then fed this feature vector to determine if the query is
malicious or not. The suggested framework's detection phase
seems simple enough, with the SQLIA classifier serving as the
primary element in charge of categorizing incoming SQL
queries. The classifier is made to be as effective as possible at
identifying SQLIAs and reducing false positives by utilizing
the trained SVM model in conjunction with the feature vectors
created during the data pre-processing stage.
VI. RESULTS AND DISCUSSION
Promising outcomes were obtained from the experimental
assessment of the suggested SQL injection attack detection
framework using real world network traffic data and the
Sequential Minimal Optimization (SMO) method. The
efficacy of the system in precisely detecting and averting
SQL injection attacks was highlighted by its high recall rate
and precision. The SMO algorithm's capacity to manage
intricate and multidimensional information resulted in
improved detection accuracy and a reduction in false
positives.
The study shows a significant increase in accuracy when
comparing the two systems: the proposed method performs
better with an accuracy level of 81%, while the old system only
achieves a rate of 75% as shown in Table I and figure 3. This
distinction highlights how well the suggested algorithm
addresses the issues or difficulties found in the system. The
increase in accuracy shows that the suggested system may be
able to offer a more dependable and efficient solution than the
current system, probably by utilizing innovations like new
features, algorithms, or techniques. This encouraging result
represents significant progress in the field under investigation
1518
 Proceedings of the 7th International Conference on Inventive Computation Technologies (ICICT 2024)
Xplore Part Number : CFP24F70-ART ; ISBN : 979-8-3503-5929-9
and illustrates the possibility of improving system robustness
and performance by implementing the suggested algorithmic
improvements.
TABLE I. PERFORMANCE COMPARISON
algorithm accuracy
Existing system 75
Proposed system 81
82
80
Existing
78 system
76
Proposed
74 system
72 accuracy
Figure 3. Performance Comparison graph
VII. CONCLUSION
To conclude, the proposed system for detecting SQL
injection attacks (SQLIAs) is a major advancement in
protecting database-driven websites from hostile invasions.
SVM classification, multi-dimensional sequences, and a
sophisticated feature extraction method are all smoothly
integrated by the system, which shows remarkable accuracy
in detecting SQL injection assaults at the database level.
Extensive testing on PostgreSQL's internal query trees
validates the methodology's resilience and results in a
detection rate of at least 99.6% with few false positives. The
suggested methodology provides a workable and efficient fix
for real-world implementation in addition to addressing
the drawbacks of current application-level detection
techniques. Because of its effectiveness in strengthening
database systems' security posture, it is positioned to be a
useful weapon in the continuous fight against changing cyber
threats that target critical data repositories. Performance
improvement in SQL injection detection is addressed through
strategic choices in algorithm selection and parameter tuning.
The study investigates the optimization of the SMO algorithm
to enhance its efficiency in identifying attack patterns within
network traffic data. Moreover, the impact of data pre-
processing techniques on performance is explored. By
providing a detailed analysis of the steps taken to boost the
overall performance of the proposed methodology, the study
aims to contribute valuable insights for optimizing
cybersecurity practices.
979-8-3503-5929-9/24/$31.00 ©2024 IEEE
Authorized licensed use limited to: Don Bosco Institute of Technology-Bengaluru. Downloaded on March 17,2025 at 07:07:49 UTC from IEEE Xplore. Restrictions apply.
VIII. FUTURE WORK
Future research may investigate how to make the SQL
injection attack (SQLIA) detection framework more versatile
to accommodate a wider variety of database management
systems and platforms. Feature extraction enhances the
detection model's discriminative capabilities. The process for
identifying SQL injection threats in network traffic data,
emphasizing the significance of various features and their
relevance to attack patterns. Discussions cover feature
selection criteria, dimensionality reduction techniques, and
the rationale behind chosen features, bolstering the proposed
approach's efficacy. Improving the feature extraction
procedure to take into account changing syntactic and
semantic properties of SQL queries will strengthen the
system's defences against new attack methods.
REFERENCES
[1] "Introduction to SQL Injection," by R. Spreitzer, v. Moonsamy, t. Korak,
and s. Mangard, IEEE Computer Society Survey Tutorials, vol. 20, no. 1,
pp. 465–488, 1stn quarter, 2017.
[2] Historical Development of SQL Injection Techniques by M. Guerar, M.
Migliardi, F. Palmieri, L. Verderame, and A. Merlo, concurrent
computing, pract. Exper., vol. 32, no. 18, p. E5549, Sep. 2020.
[3] "Impact of SQL Injection on Data Security," by Maiti, o. Armbruster, m.
Jadliwala, and j. He, in proceedings of the 11th Asian Conference on
Computer-Mediated Communication Security, 2016, pp. 795/806.
[4] "Preventive Measures and Best Practices," R. Zhao, C. Yue, and Q. Han,
IEEE Trans. Inf. Forensics Security, vol. 14, no. 1, pp. 75–89, Jan. 2019.
[5] Challenges in Mitigating SQL Injectionsensors, vol. 22, no. 13, p. 4857,
June 2022, M. Nerini, E. Favarelli, and M. Chiani. 6. "Role of Machine
Learning in SQL Injection Detection:," T. Van Nguyen, N. Sae-bae, and
N. Memon, Compute Security, vol. 66, pp. 115– 128, May 2017.
[6] Regulatory Frameworks and Compliance," J. Kim and P. Kang, Appl.
Sci., vol. 12, no. 15, p. 7590, July 2022.
[7] "Social Engineering Aspects of SQL Injection," by E. Ivannikova, G.
David, and T. Hamalainen, in Proceedings of the IEEE Symposium on
Computer-Media Communication (iscc), July 2017, pp. 885–889.
[8] "Role of Machine Learning in SQL Injection Detection:," T. Van Nguyen,
N. Sae-bae, and N. Memon, Compute Security, vol. 66, pp. 115– 128,
May 2017.
[9] "Global Patterns and Trends in SQL Injection Attacks," B. Ayotte, M.
Banavar, D. Hou, and S. Schuckers, IEEE Transactions on Biometrics,
Behavior, and Identity Science, vol. 2, no. 4, pp. 377–387, June 2020.
[10] "Educational Initiatives and Awareness Programs," sensors, vol. 20, no.
11, p. 3015, may 2020; S. Panda, y. Liu, g. P. Hancke, and u. M. Qureshi.
[11] C. Gould, Z. Su, and P. Devanbu. JDBC Checker: A Static Analysis Tool
for SQL/JDBC Applications. In Proceedings of the 26 th International
Conference on Software Engineering (ICSE 04) –Formal Demos, pages
697–698, 2021
[12] C. Gould, Z. Su, and P. Devanbu. Static Checking of Dynamically
Generated Queries in Database Applications. In Proceedings of the 26th
International Conference on Software Engineering (ICSE 04), pages 645–
654, 2021.
[13] N. W. Group. RFC 2616 – Hypertext Transfer Protocol – HTTP/1.1.
Request for comments, The Internet Society, 2021.
[14] V. Haldar, D. Chandra, and M. Franz. Dynamic Taint Propagation for
Java. In Proceedings 21st Annual Computer Security Applications
Conference, Dec. 2021
[15] W. G. Halfond and A. Orso. AMNESIA: Analysis and Monitoring for
NEutralizing SQL-Injection Attacks. In Proceedings of the IEEE and
ACM International Conference on Automated Software Engineering
(ASE 2005), Long Beach, CA, USA, Nov 2021. To appear.
[16] W. G. Halfond and A. Orso. Combining Static Analysis and Runtime
Monitoring to Counter SQL-Injection Attacks. In Proceedings of the
1519
 Proceedings of the 7th International Conference on Inventive Computation Technologies (ICICT 2024)
Xplore Part Number : CFP24F70-ART ; ISBN : 979-8-3503-5929-9

Third International ICSE Workshop on Dynamic Analysis (WODA
2021), pages 22–28, St. Louis, MO, USA, May 2005.
[17] M. Howard and D. LeBlanc. Writing Secure Code. Microsoft Press,
Redmond, Washington, second edition, 2021.
[18] Y. Huang, S. Huang, T. Lin, and C. Tsai. Web Application Security
Assessment by Fault Injection and Behavior Monitoring. In Proceedings
of the 11th International World Wide Web Conference (WWW 03), May
2021.
[19] Y. Huang, F. Yu, C. Hang, C. H. Tsai, D. T. Lee, and S. Y. Kuo. Securing
Web Application Code by Static Analysis and Runtime Protection. In
Proceedings of the 12th International World Wide Web Conference
(WWW 04), May 2020

979-8-3503-5929-9/24/$31.00 ©2024 IEEE 1520

Authorized licensed use limited to: Don Bosco Institute of Technology-Bengaluru. Downloaded on March 17,2025 at 07:07:49 UTC from IEEE Xplore. Restrictions apply.