[1]2015 data breach investigations report[ROL]. New York: Verizon, 2015 [20151019]. https:msisac.cisecurity.orgresourcesreportsdocumentsrp_databreachinvestigationreport2015_en_xg.pdf
[2]Creative Commons Attributution Sharealike. The top10 most critical Web application security risks 2010[ROL]. United States: OWASP, 2010 [20151019]. http:owasptop10.googlecode.comfilesOWASP%20Top%2010%20%202010.pdf
[3]Creative Commons Attributution Sharealike. The top10 most critical Web application security risks 2013[ROL]. United States: OWASP, 2013 [20151019]. http:owasptop10.googlecode.comfilesOWASP%20Top%2010%20%202013.pdf
[4]安华金和. 2015H1安华金和数据库漏洞威胁报告[ROL]. 北京: 安华金和数据库攻防实验室, 2015 [20151019]. http:www.dbsec.cnservicepdf2015H1DATABASEVULNERABILITIESREPORT.pdf
[5]NTT Innovation Institute. Global threat intelligence report[ROL]. Palo Alto, California: NTT Group, 2015 [20151019]. https:nttgroupsecurity.comarticlescontentarticlesdownloadthe2014report
[6]维基百科编者. SQL injection[GOL]. 维基百科, (20151019) [20151019]. https:en.wikipedia.orgwikiSQL_injection
[7]马小婷, 胡国平, 李舟军. SQL注入漏洞检测与防御技术研究[J]. 计算机安全, 2010 (11): 1824
[8]Doupé A, Cova M, Vigna G. Why johnny cant pentest: An analysis of blackbox Web vulnerability scanners[M] Detection of Intrusions and Malware, and Vulnerability Assessment. Berlin: Springer, 2010: 111131
[9]Huang Y W, Huang S K, Lin T P, et al. Web application security assessment by fault injection and behavior monitoring[C] Proc of the 12th Int Conf on World Wide Web. New York: ACM, 2003: 148159
[10]Liu Lei,Xu Jing, Li Minglei, et al. A dynamic SQL injection vulnerability test case generation model based on the multiple phases detection approach[C] Proc of the 37th IEEE Annual Computer Software and Applications Conf. Piscataway, NJ: IEEE, 2013: 256261
[11]Gould C, Su Z, Devanbu P. JDBC checker: A static analysis tool for SQLJDBC applications[C] Proc of the 26th Int Conf on Software Engineering. Los Alamitos, CA: IEEE Computer Society, 2004: 697698
[12]Livshits B V, Lam M S. Finding security errors in Java programs with static analysis[C] Proc of the 14th USENIX Security Symp. Berkeley: USENIX Association, 2005: 271286
[13]Whaley J, Lam M S. Cloningbased contextsensitive pointer alias analysis using binary decision diagrams[J]. ACM SIGPLAN Notices, 2004, 39(6): 131144
[14]Martin M, Livshits B, Lam M S. Finding application errors using PQL: A program query language[R]. Palo Alto, California: Stanford University, 2004
[15]Martin M, Livshits B, Lam M S. Finding application errors and security flaws using PQL: A program query language[J]. ACM SIGPLAN Notices, 2005, 40(10): 365383
[16]丁翔, 仇寅, 郑滔. 一种利用PHP防御SQL注入攻击的方法[J]. 计算机工程, 2011, 37(11): 152153
[17]李小花, 孙建华, 陈浩. 程序分析技术在SQL注入防御中的应用研究[J]. 小型微型计算机系统, 2011, 32(6): 10891093
[18]谢亿鑫, 孙乐昌, 刘京菊. 基于数据流分析的SQL注入漏洞发现技术研究[J]. 微计算机信息, 2010 (15): 163165
[19]Mono. Cecil[CPOL]. 2015 [20150910]. http:www.monoproject.comdocstools+librarieslibrariesMono.Cecil[20]维基百科编者. Abstract syntax tree[GOL]. 维基百科, (20150908) [20151019]. https:en.wikipedia.orgwikiAbstract_syntax_tree |