Context-sensitive auto-sanitization in web templating languages using type qualifiers
暂无分享,去创建一个
[1] Christopher Krügel,et al. Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).
[2] Hristo Bojinov,et al. Toward Secure Embedded Web Interfaces , 2011, USENIX Security Symposium.
[3] Dan Boneh,et al. XCS: cross channel scripting and its impact on web applications , 2009, CCS.
[4] Marianne Winslett,et al. VEX: Vetting Browser Extensions for Security Vulnerabilities , 2010, USENIX Security Symposium.
[5] Anh Nguyen-Tuong,et al. Automatically Hardening Web Applications Using Precise Tainting , 2005, SEC.
[6] Collin Jackson,et al. Regular expressions considered harmful in client-side XSS filters , 2010, WWW '10.
[7] Shriram Krishnamurthi,et al. Using static analysis for Ajax intrusion detection , 2009, WWW '09.
[8] Benjamin Livshits,et al. SecuriFly: Runtime Protection and Recovery from Web Application Vulnerabilities , 2006 .
[9] Benjamin Livshits,et al. ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser , 2010, 2010 IEEE Symposium on Security and Privacy.
[10] Michael Hicks,et al. Defeating script injection attacks with browser-enforced embedded policies , 2007, WWW '07.
[11] V. N. Venkatakrishnan,et al. XSS-GUARD: Precise Dynamic Prevention of Cross-Site Scripting Attacks , 2008, DIMVA.
[12] Steve Hanna,et al. A Symbolic Execution Framework for JavaScript , 2010, 2010 IEEE Symposium on Security and Privacy.
[13] Martin Paul Eve,et al. XSS Cheat Sheet , 2007 .
[14] Steve Hanna,et al. FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications , 2010, NDSS.
[15] Benjamin Livshits,et al. SCRIPTGARD: automatic context-sensitive sanitization for large-scale legacy web applications , 2011, CCS '11.
[16] Dawn Xiaodong Song,et al. A Systematic Analysis of XSS Sanitization in Web Application Frameworks , 2011, ESORICS.
[17] Benjamin Livshits,et al. Fast and Precise Sanitizer Analysis with BEK , 2011, USENIX Security Symposium.
[18] Dawn Xiaodong Song,et al. Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense , 2009, NDSS.
[19] Monica S. Lam,et al. Automatic Generation of XSS and SQL Injection Attacks with Goal-Directed Model Checking , 2008, USENIX Security Symposium.
[20] Alexander Aiken,et al. Static Detection of Security Vulnerabilities in Scripting Languages , 2006, USENIX Security Symposium.
[21] Wei Xu,et al. Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks , 2006, USENIX Security Symposium.
[22] Hao Chen,et al. Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site Scripting Attacks , 2009, NDSS.
[23] Alexander Aiken,et al. Flow-sensitive type qualifiers , 2002, PLDI '02.
[24] Zhendong Su,et al. The essence of command injection attacks in web applications , 2006, POPL '06.
[25] Benjamin Livshits,et al. Finding Security Vulnerabilities in Java Applications with Static Analysis , 2005, USENIX Security Symposium.
[26] V. N. Venkatakrishnan,et al. Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers , 2009, 2009 30th IEEE Symposium on Security and Privacy.
[27] Christopher Krügel,et al. Pixy: a static analysis tool for detecting Web application vulnerabilities , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).
[28] D. T. Lee,et al. Securing web application code by static analysis and runtime protection , 2004, WWW '04.
[29] Giovanni Vigna,et al. Static Enforcement of Web Application Integrity Through Strong Typing , 2009, USENIX Security Symposium.
[30] Michael D. Ernst,et al. HAMPI: a solver for string constraints , 2009, ISSTA.