Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis
暂无分享,去创建一个
Christopher Krügel | Giovanni Vigna | Engin Kirda | Florian Nentwich | Nenad Jovanovic | Philipp Vogt | Christopher Krügel | N. Jovanovic | E. Kirda | Florian Nentwich | G. Vigna | P. Vogt | N. Jovanović
[1] Christopher Krügel,et al. Pixy: a static analysis tool for detecting Web application vulnerabilities , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).
[2] Ravishankar K. Iyer,et al. Defeating memory corruption attacks via pointer taintedness detection , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).
[3] Andrew C. Myers,et al. Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..
[4] Christopher Krügel,et al. Anomaly detection of web-based attacks , 2003, CCS '03.
[5] Wei Xu,et al. Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks , 2006, USENIX Security Symposium.
[6] Michael Franz,et al. Dynamic taint propagation for Java , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).
[7] Flemming Nielson,et al. Principles of Program Analysis , 1999, Springer Berlin Heidelberg.
[8] Dorothy E. Denning,et al. A lattice model of secure information flow , 1976, CACM.
[9] Anh Nguyen-Tuong,et al. Automatically Hardening Web Applications Using Precise Tainting , 2005, SEC.
[10] Giuseppe A. Di Lucca,et al. Identifying cross site scripting vulnerabilities in Web applications , 2004, Proceedings. Sixth IEEE International Workshop on Web Site Evolution.
[11] Christopher Krügel,et al. Noxes: a client-side solution for mitigating cross-site scripting attacks , 2006, SAC '06.
[12] Giovanni Vigna,et al. Detecting malicious JavaScript code in Mozilla , 2005, 10th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS'05).
[13] James Newsome,et al. Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software , 2005, NDSS.
[14] Tadeusz Pietraszek,et al. Defending Against Injection Attacks Through Context-Sensitive String Evaluation , 2005, RAID.
[15] J. Meseguer,et al. Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.
[16] Youki Kadobayashi,et al. A proposal and implementation of automatic detection/collection system for cross-site scripting vulnerability , 2004, 18th International Conference on Advanced Information Networking and Applications, 2004. AINA 2004..
[17] David Zhang,et al. Secure program execution via dynamic information flow tracking , 2004, ASPLOS XI.
[18] Alfred V. Aho,et al. Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.