Security and vulnerability analysis of web applications

[1]  Jochen Topf,et al.  The HTML Form Protocol Attack , 2001 .

[2]  Laura Painton Swiler,et al.  A graph-based network-vulnerability analysis system , 1997, S&P 1998.

[3]  Thai Duong,et al.  Flickr's API Signature Forgery Vulnerability , 2009 .

[4]  A. Benjamin Premkumar,et al.  Quantitative Evaluation of Related Web-Based Vulnerabilities , 2010, 2010 Fourth International Conference on Secure Software Integration and Reliability Improvement Companion.

[5]  Erhard Rahm,et al.  Similarity Flooding: A Versatile Graph Matching Algorithm (Extended Technical Report) , 2001 .

[6]  D. T. Lee,et al.  Securing web application code by static analysis and runtime protection , 2004, WWW '04.

[7]  Peter Kok Keong Loh,et al.  Realizing Web Application Vulnerability Analysis via AVDL , 2008, ICEIS.

[8]  Steven Palmer Web Application Vulnerabilities: Detect, Exploit, Prevent , 2007 .

[9]  Sushil Jajodia,et al.  Toward measuring network security using attack graphs , 2007, QoP '07.

[10]  R. P. Abbott,et al.  Security Analysis and Enhancements of Computer Operating Systems , 1976 .

[11]  Alessandro Orso,et al.  Using positive tainting and syntax-aware evaluation to counter SQL injection attacks , 2006, SIGSOFT '06/FSE-14.

[12]  Peter Kok Keong Loh,et al.  Fuzzy Heuristic Design for Diagnosis of Web-Based Vulnerabilities , 2009, 2009 Fourth International Conference on Internet Monitoring and Protection.

[13]  M. Bishop Vulnerabilities Analysis , 1967 .

[14]  Mark Stamp,et al.  Information security - principles and practice , 2005 .

[15]  Frank Piessens,et al.  A Vulnerability Taxonomy Methodology applied to the Web Services , 2005 .

[16]  Billy Hoffman,et al.  Ajax Security , 2007 .

[17]  Anil Bazaz,et al.  Towards a Taxonomy of Vulnerabilities , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[18]  Jeffrey R. Jones,et al.  Estimating Software Vulnerabilities , 2007, IEEE Security & Privacy.

[19]  Matt Bishop,et al.  A Taxonomy of UNIX System and Network Vulnerabilities , 1997 .

[20]  Carl E. Landwehr,et al.  A Taxonomy of Computer Program Security Flaws, with Examples , 1993 .

[21]  Alessandro Orso,et al.  A Classification of SQL Injection Attacks and Countermeasures , 2006, ISSSE.

[22]  Markus Schumacher,et al.  Collaborative attack modeling , 2002, SAC '02.

[23]  Ibn Saud,et al.  The Impact of AJAX Vulnerability in Web 2.0 Applications , 2008 .

[24]  Rasool Jalili,et al.  Vulnerability Analysis through a Graph-based Protection System , 2006 .

[25]  Marco Domenico Aime,et al.  The risks with security metrics , 2008, QoP '08.

[26]  Christopher Krügel,et al.  Precise alias analysis for static detection of web application vulnerabilities , 2006, PLAS '06.

[27]  Karen Scarfone,et al.  Common Vulnerability Scoring System , 2006, IEEE Security & Privacy.

[28]  A. Benjamin Premkumar,et al.  An empirical vulnerability remediation model , 2010, 2010 IEEE International Conference on Wireless Communications, Networking and Information Security.

[29]  Peter Kok Keong Loh,et al.  Evaluating AVDL descriptions for web application vulnerability analysis , 2008, 2008 IEEE International Conference on Intelligence and Security Informatics.

[30]  Christopher Krügel,et al.  Pixy: a static analysis tool for detecting Web application vulnerabilities , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[31]  Omar H. Alhazmi,et al.  Quantitative vulnerability assessment of systems software , 2005, Annual Reliability and Maintainability Symposium, 2005. Proceedings..

[32]  Peter Kok Keong Loh,et al.  Scoring Web-Based Vulnerability Impact Using Property-Based Vulnerability Model , 2010, 2010 IEEE 24th International Conference on Advanced Information Networking and Applications Workshops.

[33]  Andreas Zeller,et al.  Predicting vulnerable software components , 2007, CCS '07.

[34]  Peter K. K. Loh,et al.  Unified Approach to Vulnerability Analysis of Web Applications , 2008 .

[35]  James D. Arthur,et al.  Modeling Security Vulnerabilities: A Constraints and Assumptions Perspective , 2006, 2006 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing.

[36]  Peter Kok Keong Loh,et al.  An empirical property-based model for vulnerability analysis and evaluation , 2009, 2009 IEEE Asia-Pacific Services Computing Conference (APSCC).

[37]  Anh Nguyen-Tuong,et al.  Automatically Hardening Web Applications Using Precise Tainting , 2005, SEC.

[38]  Yashwant K. Malaiya,et al.  AN ANALYSIS OF THE VULNERABILITY DISCOVERY PROCESS IN WEB BROWSERS , 2006 .

[39]  Giovanni Vigna,et al.  Vulnerability Analysis of Web-based Applications , 2007, Test and Analysis of Web Services.

[40]  Ake J Holmgren,et al.  Using Graph Models to Analyze the Vulnerability of Electric Power Networks , 2006, Risk analysis : an official publication of the Society for Risk Analysis.

[41]  James R. Larus,et al.  Broad New OS Research: Challenges and Opportunities , 2005, HotOS.

[42]  Gary McGraw,et al.  An automated approach for identifying potential vulnerabilities in software , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[43]  Christopher Krügel,et al.  SecuBat: a web vulnerability scanner , 2006, WWW '06.