Securing Web Application Code by Static Analysis and Runtime Protection

Securing Web Application Code by Static Analysis and Runtime Protection

What is the paper about?

a holistic approach for a static analysis algorithm to detect sqli in web applications using run-time inspection

Who is the intended audience?

researchers

Is title/abstract accurate

yes

Is the big ‘point’ of the work clear?

yes

Is there an original/significant contribution to knowledge

yes, they outline different analysis techniques, compare them and improve on them

Is this an extension to previous work?

yes, it takes previously known techniques and combines and improves them

Are aims and objectives clearly stated?

yes, its got a good section on their algorithm

Technical aspects of critique

Has proper attention been given to the current literature

Are ideas/arguments technically correct?

yes, it has an excellent background-information section

Is empirical evidence provided?

yes, it has a table comparing known techniques

Is there a balanced presentation of the literature?

yes

Is the research design/methodology clearly stated?

yes, it has an excellent explination of their process / theory

Has any sampling involved been carefully and thoughtfully selected?

Is it representative? Is it likely to bias the research?

Have any ethical issues been clearly identified and handled correctly?

yes, in the background info / intro section

Has the data collection method clearly stated?

yes, its explained very well

Was there a pilot study to check proposed approach?

nope

Is the data collection method valid and reliable?

yes, its a repeatable experiment

What is the method of analysis? Clearly described and reliable?

experiment

Are results clearly presented?

yes

Are all hypotheses and any assumptions clearly stated at the outset?

yes

Presentaton

IS the paper well structured? Can you follow the arguments? Is there a good flow through the paper i.e. Is there a ‘story’?

its a little long, but its stuffed with lots of background information and theory

Are technical terms/abbreviations explained?

yes

Are tables/graphs/diagrams easy to follow and clearly signposted?

yes

Do they aid understanding?

yes

Is the discussion well balanced? – Not front/top heavy

its a little heavy in the middle section, but there is a lot of theory to get through

Are conclusions well supported by arguments/results presented in the paper

Is the work well ‘joined-up’?

yes

Do the authors recognise potential areas of weakness in their work?

yes, they have a discussion section about the weaknesses

How up-to-date is the work – are references current and representative of the field?

upto about 2003

Leave a Reply