LEADER 01270nam0 22002771i 450 001 UON00328025 005 20231205104208.734 100 $a20090728d1955 |0itac50 ba 101 $ager 102 $aAT 105 $a|||| ||||| 200 1 $aReichspatriotismus und reichspolitik zur zeit des prager friedens von 1635$eeine studie zur geschichte des deutschen nationalbewubtseins$fAdam Wandruszka 210 $aGraz$aKöln$cHermann Böhlaus Nachf.$d1955 215 $a116 p.$d21 cm. 410 1$1001UON00328023$12001 $aVeröffentlichungen des Instituts für Österreichische Geschichtsforschung$fherausgegeben von Leo Santifaller$v17 606 $aGERMANIA$xSTORIA$xSEC. 17.$3UONC072484$2FI 620 $aAT$dGraz$3UONL000287 620 $aDE$dKöln$3UONL005641 700 1$aWANDRUSZKA$bAdam$3UONV112666$0155114 712 $aBöhlaus$3UONV260054$4650 801 $aIT$bSOL$c20240220$gRICA 899 $aSIBA - SISTEMA BIBLIOTECARIO DI ATENEO$2UONSI 912 $aUON00328025 950 $aSIBA - SISTEMA BIBLIOTECARIO DI ATENEO$dSI III STORIAEUR C C 0204 $eSI MR 46569 5 0204 996 $aReichspatriotismus und reichspolitik zur zeit des prager friedens von 1635$91368844 997 $aUNIOR LEADER 01036nam0 22002891i 450 001 UON00489285 005 20231205105325.14 010 $a20-7070-903-5 100 $a20180618d1982 |0itac50 ba 101 $afre 102 $aFR 105 $a|||| ||||| 200 1 $aˆLa ‰fable mystique$e16.-17. siecle$fMichel de Certeau 210 $aParis$cGallimard$d1982 215 $a414 p$d23 cm. 410 1$1001UON00065651$12001 $aTel$v115 606 $aMISTICISMO$3UONC045234$2FI 620 $aFR$dParis$3UONL002984 676 $a248.22$cEsperienza, pratica, vita cristiana. Misticismo$v21 700 1$aCerteau$bMichel : de$3UONV098412$00 712 $aGallimard$3UONV246610$4650 801 $aIT$bSOL$c20250314$gRICA 899 $aSIBA - SISTEMA BIBLIOTECARIO DI ATENEO$2UONSI 912 $aUON00489285 950 $aSIBA - SISTEMA BIBLIOTECARIO DI ATENEO$dSI FS 07418 $eSI FP 11103 5 996 $aFable mystique$920781 997 $aUNIOR LEADER 04603nam 22008295 450 001 9910483281003321 005 20251226195133.0 010 $a3-642-17714-X 024 7 $a10.1007/978-3-642-17714-9 035 $a(CKB)2670000000064729 035 $a(SSID)ssj0000476292 035 $a(PQKBManifestationID)11305741 035 $a(PQKBTitleCode)TC0000476292 035 $a(PQKBWorkID)10479357 035 $a(PQKB)11485488 035 $a(DE-He213)978-3-642-17714-9 035 $a(MiAaPQ)EBC3066216 035 $a(PPN)149902700 035 $a(BIP)32617487 035 $a(EXLCZ)992670000000064729 100 $a20101207d2010 u| 0 101 0 $aeng 135 $aurnn|008mamaa 181 $ctxt 182 $cc 183 $acr 200 10$aInformation Systems Security $e6th International Conference, ICISS 2010, Gandhinagar, India, December 17-19, 2010 /$fedited by Somesh Jha, Anish Mathuria 205 $a1st ed. 2010. 210 1$aBerlin, Heidelberg :$cSpringer Berlin Heidelberg :$cImprint: Springer,$d2010. 215 $a1 online resource (XIV, 261 p. 60 illus.) 225 1 $aSecurity and Cryptology,$x2946-1863 ;$v6503 300 $aBibliographic Level Mode of Issuance: Monograph 311 08$a3-642-17713-1 320 $aIncludes bibliographical references and index. 330 $a2.1 Web Application Vulnerabilities Many web application vulnerabilities havebeenwell documented andthemi- gation methods havealso beenintroduced [1]. The most common cause ofthose vulnerabilities isthe insu'cient input validation. Any data originated from o- side of the program code, forexample input data provided by user through a web form, shouldalwaysbeconsidered malicious andmustbesanitized before use.SQLInjection, Remote code execution orCross-site Scriptingarethe very common vulnerabilities ofthattype [3]. Below isabrief introduction toSQL- jection vulnerability though the security testingmethodpresented in thispaper is not limited toit. SQLinjectionvulnerabilityallowsanattackertoillegallymanipulatedatabase byinjectingmalicious SQL codes into the values of input parameters of http requests sentto the victim web site. 1: Fig.1. An example of a program written in PHP which contains SQL Injection v- nerability Figure 1 showsaprogram that uses the database query function mysql query togetuserinformationcorrespondingtothe userspeci'edby the GETinput- rameterusername andthen printtheresultto the clientbrowser.Anormalhttp request with the input parameter username looks like "http://example.com/ index.php'username=bob". The dynamically created database query at line2 is "SELECT * FROM users WHERE username='bob' AND usertype='user'". Thisprogram is vulnerabletoSQLInjection attacks because mysql query uses the input value of username without sanitizingmalicious codes. A malicious code can be a stringthatcontains SQL symbols ork- words.Ifan attacker sendarequest with SQL code ('alice'-') - jected "http://example.com/index.php'username=alice'-", the query becomes "SELECT* FROM users WHERE username='alice'--' AND usertype='user'". 410 0$aSecurity and Cryptology,$x2946-1863 ;$v6503 606 $aComputer networks 606 $aUser interfaces (Computer systems) 606 $aHuman-computer interaction 606 $aData protection 606 $aInformation storage and retrieval systems 606 $aElectronic data processing$xManagement 606 $aBiometric identification 606 $aComputer Communication Networks 606 $aUser Interfaces and Human Computer Interaction 606 $aData and Information Security 606 $aInformation Storage and Retrieval 606 $aIT Operations 606 $aBiometrics 615 0$aComputer networks. 615 0$aUser interfaces (Computer systems). 615 0$aHuman-computer interaction. 615 0$aData protection. 615 0$aInformation storage and retrieval systems. 615 0$aElectronic data processing$xManagement. 615 0$aBiometric identification. 615 14$aComputer Communication Networks. 615 24$aUser Interfaces and Human Computer Interaction. 615 24$aData and Information Security. 615 24$aInformation Storage and Retrieval. 615 24$aIT Operations. 615 24$aBiometrics. 676 $a004.6 701 $aJha$b Somesh$0117620 701 $aMathuria$b Anish$f1967-$01757081 801 0$bMiAaPQ 801 1$bMiAaPQ 801 2$bMiAaPQ 906 $aBOOK 912 $a9910483281003321 996 $aInformation Systems Security$94194722 997 $aUNINA