Didn't You Hear Me? - Towards More Successful Web Vulnerability Notifications
暂无分享,去创建一个
[1] Dave Crocker,et al. Mailbox Names for Common Services, Roles and Functions , 1997, RFC.
[2] Sean Turner,et al. Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Message Specification , 2019, RFC.
[3] Vern Paxson,et al. The Matter of Heartbleed , 2014, Internet Measurement Conference.
[4] Christian Rossow,et al. Exit from Hell? Reducing the Impact of Amplification DDoS Attacks , 2014, USENIX Security Symposium.
[5] Michael Backes,et al. Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification , 2016, USENIX Security Symposium.
[6] Christopher Krügel,et al. Fear the EAR: discovering and mitigating execution after redirect vulnerabilities , 2011, CCS '11.
[7] J. Alex Halderman,et al. Analysis of the HTTPS certificate ecosystem , 2013, Internet Measurement Conference.
[8] Christof Paar,et al. DROWN: Breaking TLS Using SSLv2 , 2016, USENIX Security Symposium.
[9] Peter W. Resnick,et al. Internet Message Format , 2001, RFC.
[10] Tyler Moore,et al. Understanding the Role of Sender Reputation in Abuse Reporting and Cleanup , 2015, WEIS.
[11] David A. Wagner,et al. An Empirical Study of Vulnerability Rewards Programs , 2013, USENIX Security Symposium.
[12] Mark Allman,et al. Don't Forget to Lock the Back Door! A Characterization of IPv6 Network Security Policy , 2016, NDSS.
[13] Vern Paxson,et al. Remedying Web Hijacking: Notification Effectiveness and Webmaster Comprehension , 2016, WWW.
[14] S. Holm. A Simple Sequentially Rejective Multiple Test Procedure , 1979 .
[15] Stefan Savage,et al. You've Got Vulnerability: Exploring Effective Vulnerability Notifications , 2016, USENIX Security Symposium.
[16] Engin Kirda,et al. Automated Discovery of Parameter Pollution Vulnerabilities in Web Applications , 2011, NDSS.
[17] Ning Kong,et al. HTTP Usage in the Registration Data Access Protocol (RDAP) , 2015, RFC.
[18] M. V. Eeten,et al. Make notifications great again: learning how to notify in the age of large-scale vulnerability scanning , 2017 .
[19] Juan Caballero,et al. Driving in the Cloud: An Analysis of Drive-by Download Operations and Abuse Reporting , 2013, DIMVA.
[20] Sebastian Lekies,et al. CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy , 2016, CCS.
[21] Aurélien Francillon,et al. The role of web hosting providers in detecting compromised websites , 2013, WWW '13.
[22] Tyler Moore,et al. Do Malware Reports Expedite Cleanup? An Experimental Study , 2012, CSET.
[23] Ben Stock,et al. 25 million flows later: large-scale detection of DOM-based XSS , 2013, CCS.