What is the paper about?
a holistic approach for a static analysis algorithm to detect sqli in web applications using run-time inspection
Who is the intended audience?
Is title/abstract accurate
Is the big ‘point’ of the work clear?
Is there an original/significant contribution to knowledge
yes, they outline different analysis techniques, compare them and improve on them
Is this an extension to previous work?
yes, it takes previously known techniques and combines and improves them
Are aims and objectives clearly stated?
yes, its got a good section on their algorithm
Technical aspects of critique
Has proper attention been given to the current literature
Are ideas/arguments technically correct?
yes, it has an excellent background-information section
Is empirical evidence provided?
yes, it has a table comparing known techniques
Is there a balanced presentation of the literature?
Is the research design/methodology clearly stated?
yes, it has an excellent explination of their process / theory
Has any sampling involved been carefully and thoughtfully selected?
Is it representative? Is it likely to bias the research?
Have any ethical issues been clearly identified and handled correctly?
yes, in the background info / intro section
Has the data collection method clearly stated?
yes, its explained very well
Was there a pilot study to check proposed approach?
Is the data collection method valid and reliable?
yes, its a repeatable experiment
What is the method of analysis? Clearly described and reliable?
Are results clearly presented?
Are all hypotheses and any assumptions clearly stated at the outset?
IS the paper well structured? Can you follow the arguments? Is there a good flow through the paper i.e. Is there a ‘story’?
its a little long, but its stuffed with lots of background information and theory
Are technical terms/abbreviations explained?
Are tables/graphs/diagrams easy to follow and clearly signposted?
Do they aid understanding?
Is the discussion well balanced? – Not front/top heavy
its a little heavy in the middle section, but there is a lot of theory to get through
Are conclusions well supported by arguments/results presented in the paper
Is the work well ‘joined-up’?
Do the authors recognise potential areas of weakness in their work?
yes, they have a discussion section about the weaknesses
How up-to-date is the work – are references current and representative of the field?
upto about 2003