Books
2011(1 publication)
[publication]José Fonseca , "Evaluating the [In]security of Web Applications: A new perspective towards a safer Internet",  vol. 1, 2011

Journal Articles
2019(1 publication)
[publication]Nunes, P. and Medeiros, I. and José Fonseca and Neves, N. and Correia, M. and Marco Vieira , "An empirical study on combining diverse static analysis tools for web security vulnerabilities based on development scenarios", Computing,  vol. 101,  pp. 161-185, 2019

2018(1 publication)
[publication]José Fonseca and Nunes, P. and Marco Vieira and Medeiros, I. and Neves, N. and Correia, M. , "Benchmarking Static Analysis Tools for Web Security", IEEE Transactions on Reliability,  vol. 67,  pp. 1159-1175, 2018

2014(2 publications)
[publication]José Fonseca and Seixas, N. and Marco Vieira and Madeira, H. , "Analysis of Field Data on Web Security Vulnerabilities", IEEE Transactions on Dependable and Secure Computing,  vol. 11, 2014

[publication]José Fonseca and Marco Vieira and Madeira, H. , "Evaluation of Web Security Mechanisms using Vulnerability & Attack Injection", IEEE Transactions on Dependable and Secure Computing,  vol. 11, 2014

Conference Articles
2018(1 publication)
[publication]José Fonseca and Marco Vieira and Nunes, P. and Algaith, A. and Gashi, I. , "Finding SQL Injection and Cross Site Scripting Vulnerabilities with Diverse Static Analysis Tools", in 2018 14th European Dependable Computing Conference (EDCC), 2018

2017(1 publication)
[publication]José Fonseca and Nunes, P. and Marco Vieira and Medeiros, I. and Neves, N. and Correia, M. , "On Combining Diverse Static Analysis Tools for Web Security: An Empirical Study", in 2017 13th European Dependable Computing Conference (EDCC), 2017

2015(1 publication)
[publication]Nunes, P. and José Fonseca and Marco Vieira , "phpSAFE: A Security Analysis Tool for OOP Web Application Plugins", in Dependable Systems and Networks (DSN), 2015 45th Annual IEEE/IFIP International Conference on, 2015

2014(1 publication)
[publication]José Fonseca and Marco Vieira , "A Practical Experience on the Impact of Plugins in Web Security", in The 33rd IEEE Symposium on Reliable Distributed Systems - SRDS 2014, 2014

2013(1 publication)
[publication]Materase, F. and Dell’Amura, D. and José Fonseca , "A Methodology to Harmonise Safety, Security and Cost-Effectiveness in ATC", in Italian Association of Aeronautics and Astronautics XXII Conference, 2013

2012(2 publications)
[publication]Materase, F. and José Fonseca and Montefusco, P. , "An innovative methodology for maritime security risk management to design cost­effective defence systems", in 17th International Conference on Ships and Shipping Research and Advancing with Composites 2012 Symposium, 2012

[publication]Alfaiate, J. and José Fonseca , "Bluetooth security analysis for mobile phones", in 7th Iberian Conference on Information Systems and Technologies (CISTI 2012), 2012

2011(1 publication)
[publication]Materase, F. and Montefusco, P. and José Fonseca , "Looking towards the Single European Sky: a Tailored Security Assessment for Future ATM Systems", in CEAS Air&Space; Conference (CEAS 2011) and AIDAA Congress, 2011

2010(2 publications)
[publication]José Fonseca and Marco Vieira and Madeira, H. , "The Web Attacker Perspective - A Field Study", in 21st annual International Symposium on Software Reliability Engineering, 2010
[citation][year=2013]D. A. Kindy, A.-S. K. Pathan, “A Detailed Survey on Various Aspects of SQL Injection: Vulnerabilities, Innovative Attacks, and Remedies”, International Journal of Communication Networks and Information Security (IJCNIS), Vol. 5, No. 2, August 2013.
[citation][year=2013]Thijs Houtenbos, Dennis Pellikaan, "Automated vulnerability scanning and exploitation", University of Amsterdam, Amsterdam, Netherlands, July 2013.
[citation][year=2011]1. Bruno Augusti Mozzaquatro, Renato Preigschadt de Azevedo, Raul Ceretta Nunes, Alice de Jesus Kozakevicius, Cristian Cappo, Christian Schaerer, "Anomaly-based Techniques for Web Attacks Detection", Journal of Applied Computing Research, ISSN: 2236-8434, Vol 1, No 2, 2011.
[citation][year=2011]2. Salvatore D'Antonio, Luigi Coppolino, Ivano Alessandro Elia, Valerio Formicola, “Security issues of a phasor data concentrator for smart grid infrastructure”, 13th European Workshop on Dependable Computin, EWDC '11, Pisa, Italy, May 11-12, 2011.

[publication]Ivano Alessandro Elia and José Fonseca and Marco Vieira , "Comparing SQL Injection Detection Tools Using Attack Injection: An Experimental Study", in 21st annual International Symposium on Software Reliability Engineering, 2010
[citation][year=2014]H Holm, Signature Based Intrusion Detection for Zero-Day Attacks:(Not) A Closed Chapter?, System Sciences (HICSS), 2014 47th Hawaii  …, 2014
[citation][year=2014]M ChoraÅ?, R Kozik, Real-Time Analysis of Non-stationary and Complex Network Related Data for Injection Attempts Detection, Soft Computing in Industrial Applications, 2014
[citation][year=2014]D Appelt, N Alshahwan, L Briand, Assessing the impact of firewalls and database proxies on sql injection testing, Future Internet Testing, 2014
[citation][year=2014]D Appelt, N Alshahwan, DC Nguyen, L Briand, Black-box SQL Injection Testing, Publication/NA, 2014
[citation][year=2014]P Talekar, R Misal, T Nevase, S Bajpai, WEB APPLICATION PROTECTION AGAINST SQL INJECTION ATTACK, Publication/NA, 2014
[citation][year=2014]H Holm, A Framework and Calculation Engine for Modeling and Predicting the Cyber Security of Enterprise Architectures, Publication/NA, 2014
[citation][year=2014]J Fonseca, M Vieira, H Madeira, Evaluation of Web Security Mechanisms using Vulnerability & Attack Injection, Dependable and Secure  …, 2014
[citation][year=2014]M Kaushik, G Ojha, Attack Penetration System for SQL Injection, International Journal of Advanced  …, 2014
[citation][year=2014]D Appelt, CD Nguyen, LC Briandâ?¦, Automated testing for SQL injection vulnerabilities: An input mutation approach, Proceedings of the 2014  …, 2014
[citation][year=2014]PD Buck, Q Shi, B Zhou, Monitoring and Testing Web Services, the 15th Annual Postgraduate Symposium on the Convergence of Telecommunications, Networking and Broadcasting, 2014
[citation][year=2013]Holm, Hannes, Mathias Ekstedt, and Teodor Sommestad. "Effort estimates on web application vulnerability discovery." System Sciences (HICSS), 2013 46th Hawaii International Conference on. IEEE, 2013.
[citation][year=2013]Choras, Michal and Rafal Kozik. "Evaluation of Various Techniques for SQL Injection Attack Detection." Proceedings of the 8th International Conference on Computer Recognition Systems CORES 2013. Springer International Publishing, 2013.
[citation][year=2013]J Fonseca, M Vieira, H Madeira, Evaluation of Web Security Mechanisms using Vulnerability and Attack Injection, Publication/NA, 2013
[citation][year=2013]D Appelt, N Alshahwan, L Briand, Assessing the impact of firewalls and database proxies on sql injection testing, Proceedings of the 1st  …, 2013
[citation][year=2013]H Holm, M Ekstedt, Estimates on the effectiveness of web application firewalls against targeted attacks, Information Management & Computer  …, 2013
[citation][year=2012]Choras, Michal, and Rafa l Kozik. "Real-Time Analysis of Non-stationary and Complex Network Related Data for Injection Attempts Detection.", 2012
[citation][year=2012]Natarajan, Kanchana, and Sarala Subramani. "Generation of Sql-injection Free Secure Algorithm to Detect and Prevent Sql-Injection Attacks." Procedia Technology 4 (2012): 790-796.
[citation][year=2012]Abusaimeh, Hesham, and Mohammad Shkoukani. "Survey of Web Application and Internet Security Threats." IJCSNS 12.12 (2012): 67.
[citation][year=2012]Gadhgadhi, Ridha, Kim-Khoa Nguyen, and Mohamed Cheriet. "Automated intrusion attack with permanent control: Analysis and countermeasures." Information Science, Signal Processing and their Applications (ISSPA), 2012 11th International Conference on. IEEE, 2012.
[citation][year=2012]Choras, Michal, et al. "Correlation Approach for SQL Injection Attacks Detection." International Joint Conference CISIS’12-ICEUTE´ 12-SOCO´ 12 Special Sessions. Springer Berlin Heidelberg, 2012.
[citation][year=2012]Manikanta, Yakkala V. Naga, and Anjali Sardana. "Protecting web applications from SQL injection attacks by using framework and database firewall." Proceedings of the International Conference on Advances in Computing, Communications and Informatics. ACM, 2012.
[citation][year=2012]A Bondavalli, H Madeira, P Lollini, Future of Resilience Assessment: The AMBER Research Roadmap, Resilience Assessment and  …, 2012
[citation][year=2012]G Lloyd, [CITATION][C] Database Intrusion Detection, Publication/NA, 2012
[citation][year=2012]N Antunes, M Vieira, Defending against web application vulnerabilities, Computer, 2012
[citation][year=2011]1. Jeff Stuckman, James Purtilo, "A Testbed for the Evaluation of Web Intrusion Prevention Systems", 2011 Third International Workshop on Security Measurements and Metrics, Metrisec, September 2011.

2009(2 publications)
[publication]José Fonseca and Marco Vieira and Madeira, H. , "Vulnerability & Attack Injection for Web Applications", in 39th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2009), 2009
[citation][year=2013]Nana Yaw Asabere, Wisdom Kwawu Torgby, "Towards a Perspective of Web Application Vulnerabilities and Security Threats", International Journal of Computer Science and Telecommunications, Vol. 4, Issue 5, May 2013.
[citation][year=2012]L. Shar, H. Tan, H. "Defeating SQL Injection", IEEE Computer, 2012.
[citation][year=2012]Kaiping Liu, Hee Beng Kuan Tan, and L.K. Shar, “Semi-­Automated Verification of Defense against SQL Injection in Web Applications”, 19th Asia-Pacific Software Engineering Conference, APSEC 2012, ­Hong Kong, December 4-7, 2012.
[citation][year=2012]Rim Akrout, "Analyse de vulnérabilités et évaluation de systèmes de détection d'intrusions pour les applications Web", PhD Thesis, Institut National des Sciences Appliquées de Toulouse (INSA Toulouse), Toulouse, France, October 2012.
[citation][year=2012]M. Ghafari, H. Shoja, M. Y. Amirani, "Detection and Prevention of Data Manipulation from Client Side in Web Applications", IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2012, Liverpool, UK, June 25-27, 2012.
[citation][year=2011]Geoffrey Vaughan, "Understanding SQL Injection Attacks Inside and Out", Faculty of Business and IT, University of Ontario Institute of Technology, Canada, 2011.
[citation][year=2011]Roberto Natella, “Achieving Representative Faultloads in Software Fault Injection”, PhD Thesis, Universita' Degli Studi di Napoli Federico II, Italy, November 2011.
[citation][year=2011]Jeff Stuckman, James Purtilo, "A Testbed for the Evaluation of Web Intrusion Prevention Systems", 2011 Third International Workshop on Security Measurements and Metrics, Metrisec, September 2011.
[citation][year=2011]Eidah Al-Khashab, Fawaz S. Al-Anzi, Ayed A. Salman, "PSIAQOP: preventing SQL injection attacks based on query optimization process", Second Kuwait Conference on e-Services and e-Systems, KCESS'11, Kuwait, Kuwait, April 5, 2011.
[citation][year=2011]A. Bondavalli, P. Lollini, A. Bovenzi, M. Colajanni, L. Coppolino, C. Esposito, M. Fixxo, C. di Martino, L. Montecchi, R. Natella, A. Peccia, "D3.1: Modeling and Evaluation: State-of-the-art", deliverable of the project: Dependable Off-The-Shelf based Middleware Systems for Large-scale Complex Critical Infrastructures (DOTS-LCCI Project: PRIN 2008LWRBHF), Italy, March 2011.
[citation][year=2011]Francisco Vieira, “Realistic Vulnerability Injections in PHP Web Applications”, MSc Thesis, Faculty of Sciences, University of Lisbon, Lisbon, Portugal, 2011.
[citation][year=2010]1. Célio B. Taquary Segundo, Luis Fernando Rust C. Carmo, Luci Pirmez, “Uso de Árvores de Ataque e Técnicas de Mutação de Código na Segurança de Aplicações Web”, X Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, SBSeg’10, Fortaleza, Brazil, October 2010.
[citation][year=2010]2. Rim Akrout, Anthony Dessiatnikoff, “An Attack-goal Driven Approach for Web Applications Security Assessment”, Eigth European Dependable Computing Conference, EDCC 2010, Valencia, Spain, April 2010.
[citation][year=2009]1. Karthik Pattabiraman, Benjamin Zorn, “DoDOM: Leveraging DOM Invariants for Web 2.0 Application Reliability”, Technical Report, Microsoft Research - Redmond, USA, 2009.

[publication]Seixas, N. and José Fonseca and Marco Vieira and Madeira, H. , "Looking at Web Security Vulnerabilities from the Programming Language Perspective: A Field Study", in 20th annual International Symposium on Software Reliability Engineering, 2009
[citation][year=2012]M. Murali, R. Srinivasan, "Inter-domain Authentication Scheme in a Distributed Mobile Netwrok, Journal of Informattion Technology, ISSN: 1815-7432, 2012.
[citation][year=2012]Theodoor Scholte, Davide Balzarotti, William Robertson, Engin Kirda, "An Empirical Analysis of Input Validation Mechanisms in Web Applications and Languages", 27th ACM Symposium On Applied Computing (SAC 2012), Trento, Italy, March 2012.
[citation][year=2012]Diallo Abdoulaye Kindy, Al-Sakib Khan Pathan, "A Detailed Survey on Various Aspects of SQL Injection in Web Applications: Vulnerabilities, Innovative Attacks, and Remedies", CustomWare & International Islamic University Malaysia, Kuala Lumpur, Malaysia, 2012.
[citation][year=2011]5. Diallo Abdoulaye Kindy, Al-Sakib Khan Pathan, “A Survey on SQL injection: vulnerabilities, attacks, and prevention techniques”, The 15th IEEE Symposium on Consumer Electronics, IEEE ISCE2011, Singapore, June, 2011.
[citation][year=2011]1. Jeff Stuckman, James Purtilo, "A Testbed for the Evaluation of Web Intrusion Prevention Systems", 2011 Third International Workshop on Security Measurements and Metrics, Metrisec, September 2011.
[citation][year=2011]2. Lai-Cheng Cao, “Secure Negotiation Approach for Share-Secret-Key of Kerberos Service”, Artificial Intelligence and Computational Intelligence”, pp 101-107, Springer Berlin / Heidelberg, ISBN 978-3-642-23886-4, September, 2011.
[citation][year=2011]3. Dimitris Mitropoulos, Vassilios Karakoidas, Panagiotis Louridas, Diomidis Spinellis, “Countering code injection attacks: A unified approach”, Information Management and Computer Security, 19(3), ISSN: 0968-5227, Emerald Journals, 2011.
[citation][year=2011]4. Lai-Cheng Cao, “Secure Secret-Key Management of Kerberos Service”, Emerging Research in Artificial Intelligence and Computational Intelligence, pp 76-83, September, 2011.
[citation][year=2010]1. Deepak D. J., “Protection Against Input Manipulation Vulnerabilities in Service Oriented Architecture”, MSc Thesis – Master of Technology in Computer Science & Engineering – Information Security, Department of Computer Engineering - National Institute of Technology Karnataka, Mangalore, India, July 2010.
[citation][year=2010]2. C. Lai-Cheng, “Enhancing Distributed Web Security Based on Kerberos Authentication Service”, Web Information Systems and Mining, F. Wang, Z. Gong, X. Luo, and J. Lei, eds., Springer Berlin / Heidelberg, pp. 171-178, 2010.

2008(3 publications)
[publication]José Fonseca and Marco Vieira and Madeira, H. , "Online Detection of Malicious Data Access Using DBMS Auditing", in 23rd Annual ACM Symposium on Applied Computing (ACM SAC 2008), 2008
[citation][year=2013]Abhijeet Sartape, Vasgi B. P., "Data-Base Security Using Different Techniques: A Survey", International Journal of Computer Trends and Technology (IJCTT), Vol. 4 Issue 4, April 2013.
[citation][year=2013]Rita M. Barrios, "A Multi-Leveled Approach to Intrusion Detection and the Insider Threat", Journal of Information Security, 4, January 2013.
[citation][year=2012]Asaf Shabtai, Yuval Elovici, Lior Rokach, "A Survey of Data Leackage Detection and Prevention Solutions", Springer Briefs in Computer Science, 2012.
[citation][year=2012]Amira Rezk, H. A.  Ali, S. I. Barakat, "Database Security Protection based on a New Mechanism", International Journal of Computer Applications (0975 – 8887), Volume 49 - No.19, July 2012.
[citation][year=2012]1. Amira Rezk, H. A.  Ali, S. I. Barakat, "Database Security Protection based on a New Mechanism", International Journal of Computer Applications (0975 – 8887), Volume 49 - No.19, July 2012.
[citation][year=2011]A. Rezk, H. Ali, M. El-Mikkawy, S. Barakat, "Minimize the False Positive Rate in a Database Intrusion Detection System", International Journal of Computer Science & Information Technology (IJCSIT), Vol. 3 No 5, October 2011.
[citation][year=2011]1. J. Harold Pardue, Priya Patidar, “Threats to Healthcare Data: A Threat Tree for Risk Assessment”, Issues in Information Systems, Volume XII, No. 1, pp. 106-113, 2011.
[citation][year=2010]Dai Hual, Qin Xiaolin, Li Ziyuel, Sun Libin, Wu Don, "A DBSUIM-Based Suspicious User Isolation Mechanism for Database", Journal of Computer Research and Development, 47(Suppl), 2010.
[citation][year=2010]1. Sunu Mathew, Michalis Petropoulos, Hung Q. Ngo, Shambhu Upadhyaya, “A data-centric approach to insider attack detection in database systems”, 13th international conference on Recent advances in intrusion detection, RAID'10, Ottawa, Ontario, Canada, September 15-17, 2010.
[citation][year=2010]2. Ma'ayan Gafny, Asaf Shabtai, Lior Rokach, and Yuval Elovici, “Detecting data misuse by applying context-based data linkage”, 2010 ACM CCS Workshop on Insider threats (Insider Threats '10), Chicago, IL, USA, October 2010.
[citation][year=2010]3. Amir Harel, Asaf Shabtai, Lior Rokach, Yuval Elovici, “M-score: estimating the potential damage of data leakage incident by assigning misuseability weight”, 2010 ACM CCS Workshop on Insider threats (Insider Threats '10), Chicago, IL, USA, October 2010.
[citation][year=2009]Jonathan White, Brajendra Panda, Quassai Yassen, Khanh Nguyen, Weihan Li, "Detecting Malicious Insider Threats using a Null Affinity Temporal Three Dimensional Matrix Relation", Proceedings of the 7th International Workshop on Security in Information Systems, WOSIS 2009 (in conjunction with ICEIS 2009), Milan, Italy, May 2009.
[citation][year=2009]1. Hennayake M. Bandara, “Security Features in Oracle Database Management System”, MSc Thesis, California State University, Sacramento, USA, 2009.
[citation][year=2009]2. Sunu Mathew, “Techniques for Cyber-Attack Comprehension through Analysis of Application Level Data”, PhD Thesis, State University of New York at Buffalo, USA, July 2009.
[citation][year=2009]3. Platt, A., Mengle, S. S., Goharian, N., “Improving classification based off-topic search detection via category relationships”, 2009 ACM Symposium on Applied Computing, SAC '09, Honolulu, Hawaii, USA, March 9-12, 2009.
[citation][year=2008]1. Jagdish Halde, "SQL Injection analysis, Detection and Prevention", MSc Thesis, Department of Computer Science, San Jose State University, San Jose, CA, USA, 2008.

[publication]José Fonseca and Marco Vieira , "Mapping Software Faults with Web Security Vulnerabilities", in IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2008), 2008
[citation][year=2013]Gary Nilson, Kent Wills, Jeffrey Stuckman, James Purtilo, "BugBox: A Vulnerability Corpus for PHP Web Applications", 6th Workshop on Cyber Security Experimentation and Test, CSET'13, Washington D. C., USA, August 12, 2013.
[citation][year=2013]Umme Hunny, Mohammad Zulkernine, and Komminist Weldemariam, "OSDC: adapting ODC for developing more secure software", 28th Annual ACM Symposium on Applied Computing, SAC '13, Coimbra, Portugal, March 18 - 22, 2013.
[citation][year=2012]1. Theodoor Scholte, Davide Balzarotti, William Robertson, Engin Kirda, "An Empirical Analysis of Input Validation Mechanisms in Web Applications and Languages", 27th ACM Symposium On Applied Computing (SAC 2012), Trento, Italy, March 2012.
[citation][year=2012]Rim Akrout, "Analyse de vulnérabilités et évaluation de systèmes de détection d'intrusions pour les applications Web", PhD Thesis, Institut National des Sciences Appliquées de Toulouse (INSA Toulouse), Toulouse, France, October 2012.
[citation][year=2012]Jeffrey Stuckman, James Purtilo "Comparing and applying attack surface metrics", 8th international workshop on Security measurements and metrics, MetriSec'12, Lund, Sweden, September 21, 2012.
[citation][year=2011]Roberto Natella, “Achieving Representative Faultloads in Software Fault Injection”, PhD Thesis, Universita' Degli Studi di Napoli Federico II, Italy, November 2011.
[citation][year=2011]Jeff Stuckman, James Purtilo, "A Testbed for the Evaluation of Web Intrusion Prevention Systems", 2011 Third International Workshop on Security Measurements and Metrics, Metrisec, September 2011.
[citation][year=2011]Mohamed Al-Ibrahim, "Are our Educational Technology Systems Secured?", International Journal for e-Learning Security (IJeLS), Volume 1, Issues 3/4, September/December 2011.
[citation][year=2011]Rich Pietravalle and Dan Lanz, “Resiliency Research Snapshot”, Technical Report. 11-3023, MITRE Corporation, June 2011.
[citation][year=2011]Jingshu Chen, Sandeep Kulkarni, “Effectiveness of Transition Systems to Model Faults”, 2nd   International   Workshop   on Logical Aspects of Fault-Tolerance, LAFT, in conjunction with Twenty-Sixth Annual IEEE Symposium on Logic in Computer Science (LICS 2011), Toronto,   Canada, June, 2011.
[citation][year=2011]Francisco Vieira, “Realistic Vulnerability Injections in PHP Web Applications”, MSc Thesis, Faculty of Sciences, University of Lisbon, Lisbon, Portugal, 2011.
[citation][year=2010]Plínio C. S. Fernandes, Tania Basso, Regina L. O. Moraes, Mario Jino, "Attack Trees Modeling for Security Tests in Web Applications", IV Brazilian Workshop on Systematic and Automated Software Testing, SAST 2010, Natal, Brazil, November 8-10, 2010.
[citation][year=2010]1. Célio B. Taquary Segundo, Luis Fernando Rust C. Carmo, Luci Pirmez, “Uso de Árvores de Ataque e Técnicas de Mutação de Código na Segurança de Aplicações Web”, X Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, SBSeg’10, Fortaleza, Brazil, October 2010.
[citation][year=2010]2. Tânia Basso, Plínio César Simões Fernandes, Mario Jino, Regina Moraes, “Analysis of the Effect of Java Software Faults on Security Vulnerabilities and Their Detection by Commercial Web Vulnerability Scanner Tool”, 4th Workshop on Recent Advances on Intrusion-Tolerant Systems, WRAITS 2010, in conjunction with The 40th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2010), Chicago, IL, USA, 2010.
[citation][year=2010]3. Tania Basso, Regina L. O. Moraes, Mario Jino, "A Methodology for Effectiveness Analysis of Vulnerability Scanning Tools", III EADCA - Terceiro Encontro dos Alunos e Docentes do Departamento de Engenharia de Computação e Automação Industrial, University of Campinas (UNICAMP), Brazil, March 2010.
[citation][year=2009]1. Regina Moraes, Bruno T. de Abreu, Eliane Martins, "Mapping Web-Based Applications Failures to Faults", Fourth Latin-American Symposium on Dependable Computing, LADC 2009, João Pessoa, PB, Brazil, September, 2009.
[citation][year=2009]2. T. Basso, R. Moraes, B. P. Sanches, M. Jino, “An Investigation of Java Faults Operators Derived from a Field Data Study on Java Software Faults”, Workshop de Tolerancia a Falhas (WTF 2009), jointly organized with the Fourth Latin-American Symposium on Dependable Computing (LADC 2009), João Pessoa, PB, Brazil, September 2009.
[citation][year=2008]1. Cesar Simões Fernandes, "Desenvolvimento de Ferramenta para Injeção de Falhas de Software - J-SWFIT", Pauta da 23ª Reunião Ordinária, Centro Superior de Educação Tecnológica, University of Campinas, Brazil, 2008.

[publication]José Fonseca and Marco Vieira and Madeira, H. , "Training Security Assurance Teams using Vulnerability Injection", in 14th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC\'08), 2008
[citation][year=2012]Rim Akrout, "Analyse de vulnérabilités et évaluation de systèmes de détection d'intrusions pour les applications Web", PhD Thesis, Institut National des Sciences Appliquées de Toulouse (INSA Toulouse), Toulouse, France, October 2012.
[citation][year=2011]1. Paulo Véras, “Benchmarking Software Requirements Documentation for Space Application”, PhD Thesis, Instituto Tecnológico de Aeronáutica, São José dos Campos, SP, Brasil, 2011.
[citation][year=2011]2. Francisco Vieira, “Realistic Vulnerability Injections in PHP Web Applications”, MSc Thesis, Faculty of Sciences, University of Lisbon, Lisbon, Portugal, 2011.
[citation][year=2011]Roberto Natella, “Achieving Representative Faultloads in Software Fault Injection”, PhD Thesis, Universita' Degli Studi di Napoli Federico II, Italy, November 2011.

2007(4 publications)
[publication]José Fonseca and Marco Vieira and Madeira, H. , "Correlating security vulnerabilities with software faults (Fast Abstract)", in 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2007), 2007

[publication]José Fonseca and Marco Vieira and Madeira, H. , "Detecting malicious SQL", in 4th International Conference on Trust, Privacy & Security in Digital Business (in conjunction with the 18th International Conference on Database and Expert Systems Applications (DEXA 2007)), TrusBus\'07, 2007
[citation][year=2013]Manju Khari, Anjali Karar, "Preventing SQL-Based Attacks Using Intrusion Detection System", International Journal of Science and Engineering Applications, Vol. 2 Issue 6, 2013.
[citation][year=2013]Sudam Kokane, Aishwarya Jadhav, Nikita Mandhare, Mayur Darekar, "Intrusion Detection in RBAC Model", International Journal of Innovative Reserach & Studies (IJIRS), Vol. 2 Issue 5, May 2013.
[citation][year=2013]Gang Lu,  Kevin Lü, "Logical Trees: an Essential Method of Parsing SQL Statement withSemantic Analysis", International Journal of Advancements in Computing Technology (IJACT), Vol. 5 No 1, January 2013.
[citation][year=2012]Rim Akrout, "Analyse de vulnérabilités et évaluation de systèmes de détection d'intrusions pour les applications Web", PhD Thesis, Institut National des Sciences Appliquées de Toulouse (INSA Toulouse), Toulouse, France, October 2012.
[citation][year=2012]1. Yakkala V. Naga Manikanta, Anjali Sardana, "Protecting web applications from SQL injection attacks by using framework and database firewall", International Conference on Advances in Computing, Communications and Informatics (ICACCI '12), New York, NY, USA, August 2012.
[citation][year=2011]1. Udai Pratap Rao, Dhiren R Patel, "Design and Implementation of Database Intrusion Detection System for Security in Database", International Journal of Computer Applications, 35(9):32-40, December 2011.

[publication]José Fonseca and Marco Vieira and Madeira, H. , "Integrated Intrusion Detection in Databases", in Third Latin-American Symposium on Dependable Computing (LADC 2007), 2007
[citation][year=2013]Elisa Costante, Sokratis Vavilis, Sandro Etall, Milan Petkovic, Nicola Zannone, "Database Anomalous Activities: Detection and Quantification", 10th International Conference on Security and Cryptography, SECRYPT 2013, Reykjavík, Iceland, July 29-31, 2013.
[citation][year=2013]Sudam Kokane, Aishwarya Jadhav, Nikita Mandhare, Mayur Darekar, "Intrusion Detection in RBAC Model", International Journal of Innovative Reserach & Studies (IJIRS), Vol. 2 Issue 5, May 2013.
[citation][year=2012]1. Amira Rezk, H. A.  Ali, S. I. Barakat, "Database Security Protection based on a New Mechanism", International Journal of Computer Applications (0975 – 8887), Volume 49 - No.19, July 2012.
[citation][year=2011]A. Rezk, H. Ali, M. El-Mikkawy, S. Barakat, "Minimize the False Positive Rate in a Database Intrusion Detection System", International Journal of Computer Science & Information Technology (IJCSIT), Vol. 3 No 5, October 2011.
[citation][year=2011]1. Udai Pratap Rao, Dhiren R Patel, "Design and Implementation of Database Intrusion Detection System for Security in Database", International Journal of Computer Applications, 35(9):32-40, December 2011.
[citation][year=2011]2. Hua Dai, Xiaolin Qin, Guineng Zheng, Ziyue Li, “SQRM: An Effective Solution to Suspicious Users in Database”, The Third International Conference on Advances in Databases, Knowledge, and Data Applications (DBKDA 2011), St. Maarten, The Netherlands Antilles, January, 2011.
[citation][year=2010]Dai Hual, Qin Xiaolin, Li Ziyuel, Sun Libin, Wu Don, "A DBSUIM-Based Suspicious User Isolation Mechanism for Database", Journal of Computer Research and Development, 47(Suppl), 2010.
[citation][year=2010]Dai Hua,Qin Xiaolin?Bai Chuanjie, "A Malicious Transaction Detection Method Based on Transaction Template", Journal of computer research and development, 47(5), 2010.
[citation][year=2009]Yawei Zhang, Xiaojun Ye, Feng Xie, Yong Peng, "A Practical Database Intrusion Detection System Framework", Ninth IEEE International Conference on Computer and Information Technology, CIT '09, Xiamen, China, October 11-14, 2009.
[citation][year=2009]1. Wu, G. Z., Osborn, S. L., Jin, X., “Database Intrusion Detection Using Role Profiling with Role Hierarchy”, 6th VLDB Workshop on Secure Data Management, Lyon, France, August 2009.
[citation][year=2009]2. Mohammad Hossein Haratian, “An Architectural Design For a Hybrid Intrusion Detection System for Database”, MSc Thesis, Centre for Advanced Software Engineering (CASE), Faculty of Computer Science and Information Systems, Universiti Teknologi Malaysia, Malaysia, April 2009. 

[publication]José Fonseca and Marco Vieira and Madeira, H. , "Testing and comparing web vulnerability scanning tools for SQL injection and XSS attacks", in 13th IEEE Pacific Rim Dependable Computing Conference (PRDC 2007), 2007
[citation][year=2013]N. Awang and A. Manaf, “Detecting Vulnerabilities in Web Applications Using Automated Black Box and Manual Penetration Testing,” in Advances in Security of Information and Communication Networks, vol. 381, A. Awad, A. Hassanien, and K. Baba, Eds. Springer Berlin Heidelberg, 2013.
[citation][year=2013]P. Santhosh Reddy, G.Sireesha, "Automated Security Test by using Formal Threat Models on Leakage Detection", International Journal of Advanced and Innovative Research (IJAIR), Vol. 2 Issue 2, 2013.
[citation][year=2013]Prashant Belhekar, Alka Londhe, Bhavana Lucy, Santosh Kumar, "Finding Bugs In Web Applications Using Dynamic Test Generation", International Journal of Engineering Research & Technology (IJERT), Vol. 2 Issue 5, May 2013.
[citation][year=2013]Michelle Elaine Ruse, "Model checking techniques for vulnerability analysis of Web applications", PhD Thesis, Iowa State University, Ames, Iowa, 2013.
[citation][year=2013]Eric Alata, Mohamed Kaaniche, Vincent Nicomette, Rim Akrout, "An Automated Approach to Generate Web Applications Attack Scenarios", Sixth Latin-American Symposium on Dependable Computing, LADC 2013, Rio de Janeiro, RJ, Brazil, April 1-5 2013.
[citation][year=2013]Pallavali Radha, G. Sireesha, "Security Test by Using FTM and Data Allocation Strategies on Leakage Detection", International Journal Of Coputers & Technology, Vol. 4 No 2, March 2013.
[citation][year=2013]Hannes Holm, Mathias Ekstedt, Teodor Sommestad, "Effort Estimates on Web Application Vulnerability Discovery", 46th Hawaii International Conference on System Sciences, HICSS 2013, January 7-10 2013.
[citation][year=2013]A. Marback, H. Do, K. He, s. Kondamarri, D. Xu, "A threat model-based approach to security testing", Software: Practice and Experience, Vol. 43 Issue 2, February 2013.
[citation][year=2012]Sanon Chimmanee, Thanyada Veeraprasit, Kritsada Sriphaew, Aniwat Hemanidhi, "A Performance Comparison of Vulnerability Detection between Netclarity Auditor and Open Source Nessus", Recent Advances in Communications, Circuits and Technological Innovation, Paris, France, December 2-4, 2012.
[citation][year=2012]D. N. Swetha, B. S. Kumar, “Protocol Based Approach on Vulnerability Detection Tools of SQLIA along with Monitoring Tools”, International Journal of Computer Science Engineering and Technology (IJCSET), vol. 2, no. 11, November 2012.
[citation][year=2012]Rim Akrout, "Analyse de vulnérabilités et évaluation de systèmes de détection d'intrusions pour les applications Web", PhD Thesis, Institut National des Sciences Appliquées de Toulouse (INSA Toulouse), Toulouse, France, October 2012.
[citation][year=2012]T. Koskinen, P. Ihantola, V. Karavirta, "Quality of WordPress Plug-Ins: An Overview of Security and User Ratings", International Conference on Privacy, Security, Risk and Trust and International Conference on Social Computing, PASSAT 2012 and SocialCom 2012, Amsterdam, Netherlands, September 3-5, 2012.
[citation][year=2012]D. Hauzar, J. Kofron, "On Security Analysis of PHP Web Applications", IEEE 36th Annual Computer Software and Applications Conference Workshops, COMPSACW 2012, Izmir, Turkey, July 16-20, 2012.
[citation][year=2012]Douglas Rocha, Diego Kreutz, Rogerio Turchetti, "A free and extensible tool to detect vulnerabilities in Web systems", 2012 7th Iberian Conference on Information Systems and Technologies, CISTI 2012, Madrid, Spain, June 2012.
[citation][year=2012]Mike Samuel, Úlfar Erlingsson, "Let's parse to prevent pwnage", 5th USENIX conference on Large-Scale Exploits and Emergent Threats, LEET'12, San Jose, CA, USA, April 2012.
[citation][year=2012]D. Xu, M. Tu, M. Sanford, L. Thomas, D. Woodraska, W. Xu, "Automated Security Test Generation with Formal Threat Models", IEEE Transactions on Dependable and Secure Computing, TSC, ISSN: 1545-5971, Issue:99, February 2012.
[citation][year=2011]A. Dessiatnikoff, R. Akrout, E. Alata, M. Kaaniche, V. Nicomette, “A Clustering Approach for Web Vulnerabilities Detection", 2011 IEEE 17th Pacific Rim International Symposium on Dependable Computing (PRDC 2011), Pasadena, CA, USA, December 2011.
[citation][year=2011]Nidal Khoury, Pavol Zavarsky, Dale Lindskog Ron Ruhl, "Testing and assessing web vulnerability scanners for persistent SQL injection attacks", First International Workshop on Security and Privacy Preserving in e-Societies (SeceS '11), New York, NY, USA, 2011.
[citation][year=2011]D. Hauzar, J. Kofron, “Hunting Bugs Inside Web Applications”, Formal Verification of Object-Oriented Software, Technical report, Department of Informatics, KIT, October 2011.
[citation][year=2011]Zhushou Tang, Haojin Zhu, Zhenfu Cao, Shuai Zhao, "L-WMxD: Lexical based Webmail XSS Discoverer", 2011 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2011, Hyannis, MA, USA, October 10-12, 2011.
[citation][year=2011]N. Khoury, P. Zavarsky, D. Lindskog, R. Ruhl, "An Analysis of Black-Box Web Application Security Scanners against Stored SQL Injection", 2011 IEEE Third International Conference on Privacy, Security, Risk and Trust (PASSAT 2011) and 2011 IEEE Third International Conference on Social Computing (SOCIALCOM 2011), Boston, USA, October 2011.
[citation][year=2011]Jeff Stuckman, James Purtilo, "A Testbed for the Evaluation of Web Intrusion Prevention Systems", 2011 Third International Workshop on Security Measurements and Metrics, Metrisec, September 2011.
[citation][year=2011]Birhanu Eshete, Komminist Weldemariam, Adolfo Villafiorita, “Early Detection of Security Misconfiguration Vulnerabilities in Web Applications”, Sixth International Conference on Availability, Reliability and Security, ARES 2011, Vienna, Austria, August 22-26, 2011.
[citation][year=2011]Sangita Roy, Avinash Kumar Singh, Ashok Singh Sairam, "Detecting and Defeating SQL Injection Attacks", International Journal of Information and Electronics Engineering, Vol. 1 , No. 1, July 2011.
[citation][year=2011]Thomas, L., Weifeng Xu, Dianxiang Xu, "Mutation Analysis of Magento for Evaluating Threat Model-Based Security Testing", IEEE 35th Annual Computer Software and Applications Conference Workshops (COMPSACW), pp. 184 - 189, Minuch, Germany, July, 2011.
[citation][year=2011]Daniel Woodraska, Michael Sanford, Dianxiang Xu, “Security mutation testing of the FileZilla FTP server”, 2011 ACM Symposium on Applied Computing, ACM SAC '11, Taichung, Taiwan, March 21-24, 2011.
[citation][year=2011]Geert Smelt, “Programming web applications securely”, BSc Thesis, Faculty of Science, Radboud University of Nijmegen, Nijmegen, Netherlands, January 2011.
[citation][year=2010]Dmitri Nikulin, "Assertions For Self-Testing Web Applications", Faculty of Information Technology - Monash University, Clayton, Victoria, Australia, 2010.
[citation][year=2010]Huning Dai, Michael Glass, E. Gail Kaiser, "Baseline: Metrics for setting a baseline for web vulnerability scanners", Technical Report, CUCS-023-10, Columbia University, New York, NY, 2010.
[citation][year=2010]P. Roberts-Morpeth, J. Ellman, "Some security issues for web based frameworks", 2010 7th International Symposium on Communication Systems Networks and Digital Signal Processing, CSNDSP 2010, New Castle, UK, July 2010
[citation][year=2010]Shahriar, M. Zulkernine, “Mitigating Program Security Vulnerabilities: Approaches and Challenges”, ACM Computing Surveys, ACM, 2010.
[citation][year=2010]D.A. Shelly, “Using a Web Server Test Bed to Analyze the Limitations of Web Application Vulnerability Scanners”, MSc Thesis, Virginia Polytechnic Institute and State University, July 2010.
[citation][year=2010]Tânia Basso, Plínio César Simões Fernandes, Mario Jino, Regina Moraes, “Analysis of the Effect of Java Software Faults on Security Vulnerabilities and Their Detection by Commercial Web Vulnerability Scanner Tool”, 4th Workshop on Recent Advances on Intrusion-Tolerant Systems, WRAITS 2010, in conjunction with The 40th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2010), Chicago, IL, USA, 2010.
[citation][year=2010]Muhammad Sajid Farooq, Muhammad Khalid Khan, Muhammad Qasim Pasta, “Model Based Web Application Backend Testing Using Requirement Specification Table”, Journal of Engineering and Sciences 4, no. 1. Technology Forces,  January – June, 2010.
[citation][year=2010]Hossain Shahriar, “Mitigating and Monitoring Program Security Vulnerabilities”, PhD Thesis, School of Computing - Queen’s University, Kingston, Ontario, Canada, June 2010.
[citation][year=2010]J. Bau, E. Bursztein, D. Gupta, J.C. Mitchell, “State of the Art: Automated Black-Box Web Application Vulnerability Testing”, Proceedings IEEE Symposium on Security and Privacy, May 2010.
[citation][year=2010]Tania Basso, Regina L. O. Moraes, Mario Jino, "A Methodology for Effectiveness Analysis of Vulnerability Scanning Tools", III EADCA - Terceiro Encontro dos Alunos e Docentes do Departamento de Engenharia de Computação e Automação Industrial, University of Campinas (UNICAMP), Brazil, March 2010.
[citation][year=2009]1. Shahriar, H., Zulkernine, M. “MUTEC: Mutation-based testing of Cross Site Scripting”, 2009 ICSE Workshop on Software Engineering For Secure Systems, International Conference on Software Engineering, Vancouver, Canada, May 19, 2009.
[citation][year=2009]2. H. Shahriar, M. Zulkernine, “Automatic Testing of Program Security Vulnerabilities", 1st IEEE International Workshop on Test Automation, 2009 33rd Annual IEEE International Computer Software and Applications Conference, IEEE CS Press, Seattle, USA, July 2009.
[citation][year=2008]1. Jagdish Halde, "SQL Injection analysis, Detection and Prevention", MSc Thesis, Department of Computer Science, San Jose State University, San Jose, CA, USA, 2008.

2006(2 publications)
[publication]José Fonseca and Marco Vieira and Madeira, H. , "Monitoring Database Application Behavior for Intrusion Detection (Short Paper)", in The IEEE 12th International Symposium Pacific Rim Dependable Computing (PRDC 2006), 2006
[citation][year=2011]1. Udai Pratap Rao, Dhiren R Patel, "Design and Implementation of Database Intrusion Detection System for Security in Database", International Journal of Computer Applications, 35(9):32-40, December 2011.
[citation][year=2010]1. Yi Hu, Brajendra Panda, "Mining Inter-transaction Data Dependencies for Database Intrusion Detection", Innovations and Advances in Computer Sciences and Engineering, Springer Netherlands, ISBN978-90-481-3657-5, March 2010.
[citation][year=2009]1. Mohammad Hossein Haratian, “An Architectural Design For a Hybrid Intrusion Detection System for Database”, MSc Thesis, Centre for Advanced Software Engineering (CASE), Faculty of Computer Science and Information Systems, Universiti Teknologi Malaysia, Malaysia, April 2009.
[citation][year=2007]Clay Brockman, "Why Monitoring Database Application Behavior is the Best Database Intrusion Detection Method", Position Paper - ITK 478: Fall 2007, Illinois State University, 2007.

[publication]José Fonseca , "Intrusion Detection in Databases", in Students Forum of the International Conference on Dependable Systems and Networks (DSN 2006), 2006

Book Chapters
2013(2 publications)
[publication]José Fonseca and Materase, F. , "Using Vulnerability Injection to Improve Web Security", in Innovative Technologies for Dependable OTS-Based Critical Systems - Challenges and Achievements of the CRITICAL STEP Project,  vol. 1,  pp. 145-157, 2013

[publication]José Fonseca and Marco Vieira , "A Survey on Secure Software Development Lifecycles", in Software Development Techniques for Constructive Information Systems Design,  vol. 1,  pp. 57-73, 2013

2012(1 publication)
[publication]Joao Duraes and José Fonseca and Madeira, H. and Marco Vieira , "Field Studies on Resilience: Measurements and Repositories", in Resilience Assessment and Evaluation,  vol. na,  pp. 213-237, 2012

PhD Theses
2011(1 publication)
[publication]José Fonseca , "Evaluating the [In]security of Web Applications", 2011
[citation][year=2012]Rim Akrout, “Analyse de vulne?rabilite?s et e?valuation de syste?mes de de?tection d'intrusions pour les applications Web”, PhD Thesis, Syste?mes Informatiques, Institut National des Sciences Applique?es de Toulouse (INSA Toulouse), Universite de Toulouse, October, 2012.