UChecker: Automatically Detecting PHP-Based Unrestricted File Upload Vulnerabilities
暂无分享,去创建一个
Junjie Zhang | Rui Dai | Jin Huang | Yu Li | Junjie Zhang | Rui Dai | Yu Li | Jin Huang
[1] Dmitry Kozlov,et al. Detecting Security Vulnerabilities in Web Applications Using Dynamic Analysis with Penetration Testing , 2008 .
[2] L. D. Moura,et al. The YICES SMT Solver , 2006 .
[3] Dawn Xiaodong Song,et al. Secure Content Sniffing for Web Browsers, or How to Stop Papers from Reviewing Themselves , 2009, 2009 30th IEEE Symposium on Security and Privacy.
[4] Vitaly Shmatikov,et al. SAFERPHP: finding semantic vulnerabilities in PHP applications , 2011, PLAS '11.
[5] O. Andreeva,et al. INDUSTRIAL CONTROL SYSTEMS VULNERABILITIES STATISTICS , 2016 .
[6] Nikolaj Bjørner,et al. Z3: An Efficient SMT Solver , 2008, TACAS.
[7] Miguel Correia,et al. Detecting and Removing Web Application Vulnerabilities with Static Analysis and Data Mining , 2016, IEEE Transactions on Reliability.
[8] Thorsten Holz,et al. Static Detection of Second-Order Vulnerabilities in Web Applications , 2014, USENIX Security Symposium.
[9] Thorsten Holz,et al. No Honor Among Thieves: A Large-Scale Analysis of Malicious Web Shells , 2016, WWW.
[10] Davide Balzarotti,et al. Behind the Scenes of Online Attacks: an Analysis of Exploitation Behaviors on the Web , 2013, NDSS.
[11] Nasir Uddin,et al. File Upload Security and Validation in Context of Software as a Service Cloud Model , 2016, 2016 6th International Conference on IT Convergence and Security (ICITCS).
[12] Thorsten Holz,et al. Simulation of Built-in PHP Features for Precise Static Code Analysis , 2014, NDSS.
[13] Miguel Correia,et al. Benchmarking Static Analysis Tools for Web Security , 2018, IEEE Transactions on Reliability.
[14] Steve Hanna,et al. FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications , 2010, NDSS.
[15] Hiroshi Inamura,et al. Dynamic test input generation for web applications , 2008, ISSTA '08.
[16] David Notkin,et al. An empirical study of static call graph extractors , 1998, TSEM.
[17] Steve Hanna,et al. A Symbolic Execution Framework for JavaScript , 2010, 2010 IEEE Symposium on Security and Privacy.
[18] Xiangyu Zhang,et al. Z3-str: a z3-based string solver for web application analysis , 2013, ESEC/FSE 2013.
[19] Johannes Dahse,et al. RIPS: A static source code analyser for vulnerabilities in PHP scripts , 2010 .
[20] Koushik Sen,et al. Symbolic execution for software testing: three decades later , 2013, CACM.
[21] Cesare Tinelli,et al. Satisfiability Modulo Theories , 2021, Handbook of Satisfiability.
[22] Alexander Aiken,et al. Static Detection of Security Vulnerabilities in Scripting Languages , 2006, USENIX Security Symposium.
[23] Frank Tip,et al. Automated repair of HTML generation errors in PHP applications using string constraint solving , 2012, 2012 34th International Conference on Software Engineering (ICSE).
[24] Frank Tip,et al. Finding bugs in dynamic web applications , 2008, ISSTA '08.
[25] Imam Riadi,et al. An Analysis of Vulnerability Web Against Attack Unrestricted Image File Upload , 2016 .
[26] Zhendong Su,et al. Static detection of cross-site scripting vulnerabilities , 2008, 2008 ACM/IEEE 30th International Conference on Software Engineering.
[27] Xiangyu Zhang,et al. Path sensitive static analysis of web applications for remote code execution vulnerability detection , 2013, 2013 35th International Conference on Software Engineering (ICSE).
[28] Zhendong Su,et al. Sound and precise analysis of web applications for injection vulnerabilities , 2007, PLDI '07.
[29] Benjamin Livshits,et al. SYNODE: Understanding and Automatically Preventing Injection Attacks on NODE.JS , 2018, NDSS.