LE, H. T., SHAR, L. K., BIANCULLI, D., BRIAND, L., & NGUYEN, D. C. (February 2022). Automated Reverse Engineering of Role-based Access Control Policies of Web Applications. Journal of Systems and Software, 184, 111109. doi:10.1016/j.jss.2021.111109 Peer Reviewed verified by ORBi |
THOME, J., SHAR, L. K., BIANCULLI, D., & BRIAND, L. (February 2020). An Integrated Approach for Effective Injection Vulnerability Analysis of Web Applications through Security Slicing and Hybrid Constraint Solving. IEEE Transactions on Software Engineering, 46 (2), 163--195. doi:10.1109/TSE.2018.2844343 Peer reviewed |
THOME, J., SHAR, L. K., BIANCULLI, D., & BRIAND, L. (2018). Security Slicing for Auditing Common Injection Vulnerabilities. Journal of Systems and Software, 137 (March, 2018), 766-783. doi:10.1016/j.jss.2017.02.040 Peer Reviewed verified by ORBi |
THOME, J., SHAR, L. K., BIANCULLI, D., & BRIAND, L. (2017). JoanAudit: A Tool for Auditing Common Injection Vulnerabilities. In 11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering. ACM. doi:10.1145/3106237.3122822 Peer reviewed |
MAI, X. P., Göknil, A., SHAR, L. K., & BRIAND, L. (2017). Modeling Security and Privacy Requirements for Mobile Applications: a Use Case-driven Approach. (TR-SNT-2017-3). SnT, University of Luxembourg. https://orbilu.uni.lu/handle/10993/31653 |
THOME, J., SHAR, L. K., BIANCULLI, D., & BRIAND, L. (2017). Search-driven String Constraint Solving for Vulnerability Detection. In Proceedings of the 39th International Conference on Software Engineering (ICSE 2017). ACM. doi:10.1109/ICSE.2017.26 Peer reviewed |
DING, S., TAN, H. B. K., & SHAR, L. K. (2015). Mining Patterns of Unsatisfiable Constraints to Detect Infeasible Paths. Automation of Software Test (AST 2015). doi:10.1109/AST.2015.21 Peer reviewed |
SHAR, L. K., BRIAND, L., & Tan, H. B. K. (2015). Web Application Vulnerability Prediction using Hybrid Program Analysis and Machine Learning. IEEE Transactions on Dependable and Secure Computing, 12 (6), 688-707. doi:10.1109/TDSC.2014.2373377 Peer reviewed |
THOME, J., SHAR, L. K., & BRIAND, L. (2015). Security Slicing for Auditing XML, XPath, and SQL Injection Vulnerabilities. In 26th IEEE International Symposium on Software Reliability Engineering. IEEE. doi:10.1109/ISSRE.2015.7381847 Peer reviewed |
Arnatovich, Y. L., Tan, H. B. K., & SHAR, L. K. (2014). Empirical Comparison of Intermediate Representations for Android Applications. In 26th International Conference on Software Engineering and Knowledge Engineering. Peer reviewed |
SHAR, L. K., & Tan, H. B. K. (2013). Defeating SQL Injection. IEEE Computer, 46 (3), 69-77. doi:10.1109/MC.2012.283 Peer reviewed |
SHAR, L. K., & Tan, H. B. K. (2013). Predicting SQL injection and cross site scripting vulnerabilities through mining input sanitization patterns. Information and Software Technology, 1767-1780. doi:10.1016/j.infsof.2013.04.002 Peer reviewed |
Liu, K., Tan, H. B. K., & SHAR, L. K. (2012). Semi-Automated Verification of Defense against SQL Injection in Web Applications. In APSEC. doi:10.1109/APSEC.2012.18 Peer reviewed |
SHAR, L. K., & Tan, H. B. K. (2012). Defending against Cross-Site Scripting Attacks. IEEE Computer, 45 (3), 55-62. doi:10.1109/MC.2011.261 Peer reviewed |
SHAR, L. K., & Tan, H. B. K. (2012). Auditing the XSS defence features implemented in web application programs. IET Software, 6 (4), 377-390. doi:10.1049/iet-sen.2011.0084 Peer reviewed |
SHAR, L. K., & Tan, H. B. K. (2012). Automated removal of cross site scripting vulnerabilities in web applications. Information and Software Technology, 54 (5), 467-478. doi:10.1016/j.infsof.2011.12.006 Peer reviewed |