Zhang Bingqi Sun Wei. A PHP Source-code SQL Injection Attack Detection Algorithm Based on Taint Tracking[J]. Journal of Information Security Research, 2015, 1(2): 140-148.
[1]Jovanovic N, Kruegel C, Kirda E. Static analysis for detecting taintstyle vulnerabilities in web applications[J]. Journal of Computer Security, 2010, 18(5): 861907
[2]Livshits V B, Lam M S. Finding security errors in Java programs with static analysis[C] Proc of the 14th USENIX Security Symp. Berkeley: USENIX Association, 2005: 1818
[3]William G, Halfond J. Alessandro Orso. AMNESIA: Analysis and monitoring for neutralizing SQLinjection attacks[C] Proc of the 20th IEEEACM Int Conf on Automated Software Engineering. New York: ACM, 2005: 174183
[4]Huang Y, Yu F, Hang C, et al. Securing Web application code by static analysis and runtime protection[C] Proc of the 13th Int Conf on World Wide Web (WWW04). New York: ACM, 2004: 4052
[5]Valeur F, Mutz D, Vigna G. A learningbased approach to the detection of SQL attacks[C] Proc of the Conf on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA). Berlin: Springer, 2005: 123140
[6]Steensgaard B. Pointsto analysis in almost linear time[C] Proc of the 23rd ACM SIGPLANSIGACT Symp on Principles of Programming Languages (POPL96). New York: ACM, 1996: 3241
[7]Wilson R P, Lam M S. Efficient contextsensitive pointer analysis for C programs[D]. Stanford: Stanford University, 1998
[8]谢亿鑫, 孙乐昌, 刘京菊. 基于数据流分析的SQL注入漏洞发现技术研究[J]. 微计算机信息, 2010, 26(53): 163165