[1] Zapponi C. Programming languages and GitHub[J/OL]. [2017-11-10]. http://githut.info/
[2] Nguyen-Tuong A, Guarnieri S, Greene D, et al. Automatically Hardening Web Applications Using Precise Tainting[J]. Ifip Advances in Information & Communication Technology, 2005, 181:372--382.
[3] 霍志鹏. 基于静态分析的PHP代码缺陷检测[D]. 北京:北京邮电大学, 2015
[4] 王蕾, 李丰, 李炼,等. 污点分析技术的原理和实践应用[J]. 软件学报, 2017, 28(4):860-882
[5] 王耀辉, 王丹, 付利华. 面向PHP程序的SQL漏洞检测系统[J]. 计算机工程, 2016, 42(4):112-118
[6] Yan L, Li X, Feng R, et al. Detection method of the second-order SQL injection in web applications [C] //International Workshop on Structured Object-Oriented Formal Language and Method. Springer, Cham, 2013: 154-165.
[7] 田玉杰,赵泽茂,张海川,李学双.二阶SQL注入攻击防御模型[J].信息网络安全,2014(11):70-73
[8] Backes M, Rieck K, Skoruppa M, et al. Efficient and flexible discovery of PHP application vulnerabilities [C] //Proc of IEEE European Symp on Security and Privacy.Piscataway,NJ: IEEE, 2017:334-349
[9] Papagiannis I, Migliavacca M, Pietzuch P. PHP aspis: Using partial taint tracking to protect against injection attacks [C] //Proc of USENIX Conf on Web Application Development. Berkeley:USENIX Association, 2011:2-2
[10] Cao D, Bai D. Design and implementation for SQL parser based on ANTLR [C] //Proc of Int Conf on Computer Engineering and Technology. Piscataway,NJ: IEEE, 2010:V4-276-V4-279
[11] 夏玉辉, 张威, 万琳,等. 一种基于控制流图的静态测试方法[C]// 全国软件测试会议与移动计算、栅格、智能化高级论坛会议录.武汉: 中国计算机学会容错计算专业委员会, 2009
[12 聂世超. PHP程序静态分析系统的设计与实现[D]. 长春:吉林大学, 2011
[13 The PHP Group.References explained[EB/OL]. [2017-11-10]. http://php.net/manual/zh/language.references.php
[14 Xie Y, Aiken A. Static detection of security vulnerabilities in scripting languages [C] //Proc of USENIX Security Symp. Berkeley:USENIX Association, 2006:179-192
[15] Ouni A, Kessentini M, Inoue K, et al. Search-based Web Service Antipatterns Detection[J]. IEEE Transactions on Services Computing, 2015, PP(99):1-1
|