People
José Carlos Coelho Martins da Fonseca
Member
Software and Systems EngineeringResearch interests
Intrusion detection in DatabasesWeb Application Security
Vulnerability Injection
Attack Injection
Past Projects
CRITICAL Software Technology for an Evolutionary Partnership (CRITICAL STEP)
Critical-Step - Designing Large-Scale Safety-Critical Systems by using Off-The-Shelf software components
Books
2011
(1 publication)Journal Articles
2019
(1 publication)- Nunes, P. and Medeiros, I. and José Fonseca and Neves, N. and Correia, M. and Marco Vieira , "An empirical study on combining diverse static analysis tools for web security vulnerabilities based on development scenarios", Computing, vol. 101, pp. 161-185, 2019 [ DOI ]
2018
(1 publication)- José Fonseca and Nunes, P. and Marco Vieira and Medeiros, I. and Neves, N. and Correia, M. , "Benchmarking Static Analysis Tools for Web Security", IEEE Transactions on Reliability, vol. 67, pp. 1159-1175, 2018 [ DOI ]
2014
(2 publications)- José Fonseca and Seixas, N. and Marco Vieira and Madeira, H. , "Analysis of Field Data on Web Security Vulnerabilities", IEEE Transactions on Dependable and Secure Computing, vol. 11, 2014
- José Fonseca and Marco Vieira and Madeira, H. , "Evaluation of Web Security Mechanisms using Vulnerability & Attack Injection", IEEE Transactions on Dependable and Secure Computing, vol. 11, 2014
Conference Articles
2018
(1 publication)- José Fonseca and Marco Vieira and Nunes, P. and Algaith, A. and Gashi, I. , "Finding SQL Injection and Cross Site Scripting Vulnerabilities with Diverse Static Analysis Tools", in 2018 14th European Dependable Computing Conference (EDCC), 2018 [ DOI ]
2017
(1 publication)- José Fonseca and Nunes, P. and Marco Vieira and Medeiros, I. and Neves, N. and Correia, M. , "On Combining Diverse Static Analysis Tools for Web Security: An Empirical Study", in 2017 13th European Dependable Computing Conference (EDCC), 2017 [ DOI ]
2015
(1 publication)- Nunes, P. and José Fonseca and Marco Vieira , "phpSAFE: A Security Analysis Tool for OOP Web Application Plugins", in Dependable Systems and Networks (DSN), 2015 45th Annual IEEE/IFIP International Conference on, 2015 [ DOI ]
2014
(1 publication)2013
(1 publication)2012
(2 publications)- Materase, F. and José Fonseca and Montefusco, P. , "An innovative methodology for maritime security risk management to design costeffective defence systems", in 17th International Conference on Ships and Shipping Research and Advancing with Composites 2012 Symposium, 2012
- Alfaiate, J. and José Fonseca , "Bluetooth security analysis for mobile phones", in 7th Iberian Conference on Information Systems and Technologies (CISTI 2012), 2012
2011
(1 publication)2010
(2 publications)- José Fonseca and Marco Vieira and Madeira, H. , "The Web Attacker Perspective - A Field Study", in 21st annual International Symposium on Software Reliability Engineering, 2010
- Ivano Alessandro Elia and José Fonseca and Marco Vieira , "Comparing SQL Injection Detection Tools Using Attack Injection: An Experimental Study", in 21st annual International Symposium on Software Reliability Engineering, 2010
2009
(2 publications)- José Fonseca and Marco Vieira and Madeira, H. , "Vulnerability & Attack Injection for Web Applications", in 39th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2009), 2009
- Seixas, N. and José Fonseca and Marco Vieira and Madeira, H. , "Looking at Web Security Vulnerabilities from the Programming Language Perspective: A Field Study", in 20th annual International Symposium on Software Reliability Engineering, 2009
2008
(3 publications)- José Fonseca and Marco Vieira and Madeira, H. , "Online Detection of Malicious Data Access Using DBMS Auditing", in 23rd Annual ACM Symposium on Applied Computing (ACM SAC 2008), 2008
- José Fonseca and Marco Vieira , "Mapping Software Faults with Web Security Vulnerabilities", in IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2008), 2008
- José Fonseca and Marco Vieira and Madeira, H. , "Training Security Assurance Teams using Vulnerability Injection", in 14th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC\'08), 2008
2007
(4 publications)- José Fonseca and Marco Vieira and Madeira, H. , "Correlating security vulnerabilities with software faults (Fast Abstract)", in 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2007), 2007
- José Fonseca and Marco Vieira and Madeira, H. , "Detecting malicious SQL", in 4th International Conference on Trust, Privacy & Security in Digital Business (in conjunction with the 18th International Conference on Database and Expert Systems Applications (DEXA 2007)), TrusBus\'07, 2007
- José Fonseca and Marco Vieira and Madeira, H. , "Integrated Intrusion Detection in Databases", in Third Latin-American Symposium on Dependable Computing (LADC 2007), 2007
- José Fonseca and Marco Vieira and Madeira, H. , "Testing and comparing web vulnerability scanning tools for SQL injection and XSS attacks", in 13th IEEE Pacific Rim Dependable Computing Conference (PRDC 2007), 2007
2006
(2 publications)- José Fonseca and Marco Vieira and Madeira, H. , "Monitoring Database Application Behavior for Intrusion Detection (Short Paper)", in The IEEE 12th International Symposium Pacific Rim Dependable Computing (PRDC 2006), 2006
- José Fonseca , "Intrusion Detection in Databases", in Students Forum of the International Conference on Dependable Systems and Networks (DSN 2006), 2006
Book Chapters
2013
(2 publications)- José Fonseca and Materase, F. , "Using Vulnerability Injection to Improve Web Security", in Innovative Technologies for Dependable OTS-Based Critical Systems - Challenges and Achievements of the CRITICAL STEP Project, vol. 1, pp. 145-157, 2013
- José Fonseca and Marco Vieira , "A Survey on Secure Software Development Lifecycles", in Software Development Techniques for Constructive Information Systems Design, vol. 1, pp. 57-73, 2013