Securing Web Application Code by Static Analysis and Runtime Protection

What is the paper about?

a holistic approach for a static analysis algorithm to detect sqli in web applications using run-time inspection

Who is the intended audience?


Is title/abstract accurate


Is the big ‘point’ of the work clear?


Is there an original/significant contribution to knowledge

yes, they outline different analysis techniques, compare them and improve on them

Is this an extension to previous work?

yes, it takes previously known techniques and combines and improves them

Are aims and objectives clearly stated?

yes, its got a good section on their algorithm

Technical aspects of critique

Has proper attention been given to the current literature

Are ideas/arguments technically correct?

yes, it has an excellent background-information section

Is empirical evidence provided?

yes, it has a table comparing known techniques

Is there a balanced presentation of the literature?


Is the research design/methodology clearly stated?

yes, it has an excellent explination of their process / theory

Has any sampling involved been carefully and thoughtfully selected?

Is it representative? Is it likely to bias the research?

Have any ethical issues been clearly identified and handled correctly?

yes, in the background info / intro section

Has the data collection method clearly stated?

yes, its explained very well

Was there a pilot study to check proposed approach?


Is the data collection method valid and reliable?

yes, its a repeatable experiment

What is the method of analysis? Clearly described and reliable?


Are results clearly presented?


Are all hypotheses and any assumptions clearly stated at the outset?



IS the paper well structured? Can you follow the arguments? Is there a good flow through the paper i.e. Is there a ‘story’?

its a little long, but its stuffed with lots of background information and theory

Are technical terms/abbreviations explained?


Are tables/graphs/diagrams easy to follow and clearly signposted?


Do they aid understanding?


Is the discussion well balanced? – Not front/top heavy

its a little heavy in the middle section, but there is a lot of theory to get through

Are conclusions well supported by arguments/results presented in the paper

Is the work well ‘joined-up’?


Do the authors recognise potential areas of weakness in their work?

yes, they have a discussion section about the weaknesses

How up-to-date is the work – are references current and representative of the field?

upto about 2003

Leave a Reply