CORP: A Browser Policy to Mitigate Web Infiltration Attacks
暂无分享,去创建一个
Venkatesh Choppella | Bezawada Bruhadeshwar | Krishna Chaitanya Telikicherla | Bruhadeshwar Bezawada | Venkatesh Choppella
[1] Paul C. van Oorschot,et al. SOMA: mutual approval for included content in web pages , 2008, CCS.
[2] Daniel Jackson,et al. Software Abstractions - Logic, Language, and Analysis , 2006 .
[3] Dan Boneh,et al. Exposing private information by timing web applications , 2007, WWW '07.
[4] Collin Jackson,et al. Cross-origin pixel stealing: timing attacks using CSS filters , 2013, CCS.
[5] Jeff Hodges,et al. HTTP Strict Transport Security (HSTS) , 2012, RFC.
[6] Helen J. Wang,et al. Clickjacking: Attacks and Defenses , 2012, USENIX Security Symposium.
[7] Helen J. Wang,et al. Lightweight server support for browser-based CSRF protection , 2013, WWW.
[8] Úlfar Erlingsson,et al. Engineering Secure Software and Systems , 2011, Lecture Notes in Computer Science.
[9] Ninghui Li,et al. Defeating Cross-Site Request Forgery Attacks with Browser-Enforced Authenticity Protection , 2009, Financial Cryptography.
[10] Vijay Atluri,et al. Computer Security – ESORICS 2011 , 2011, Lecture Notes in Computer Science.
[11] Christopher Krügel,et al. A solution for the automated detection of clickjacking attacks , 2010, ASIACCS '10.
[12] Sebastian Lekies,et al. On the Fragility and Limitations of Current Browser-Provided Clickjacking Protection Schemes , 2012, WOOT.
[13] Tim Berners-Lee,et al. Hypertext Markup Language - 2.0 , 1995, RFC.
[14] Wenliang Du,et al. ESCUDO: A Fine-Grained Protection Model for Web Browsers , 2010, 2010 IEEE 30th International Conference on Distributed Computing Systems.
[15] Sid Stamm,et al. Reining in the web with content security policy , 2010, WWW '10.
[16] Christopher Krügel,et al. Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis , 2007, NDSS.
[17] Wouter Joosen,et al. Automatic and Precise Client-Side Protection against CSRF Attacks , 2011, ESORICS.
[18] Michael Hicks,et al. Defeating script injection attacks with browser-enforced embedded policies , 2007, WWW '07.
[19] Joseph Bonneau,et al. What's in a Name? , 2020, Financial Cryptography.
[20] Martin Johns,et al. RequestRodeo: Client Side Protection against Session Riding , 2006 .
[21] Collin Jackson,et al. Robust defenses for cross-site request forgery , 2008, CCS.
[22] Dan Boneh,et al. Busting frame busting a study of clickjacking vulnerabilities on popular sites , 2010 .
[23] Wouter Joosen,et al. Browser protection against cross-site request forgery , 2009, SecuCode '09.
[24] Christopher Krügel,et al. Preventing Cross Site Request Forgery Attacks , 2006, 2006 Securecomm and Workshops.
[25] Wouter Joosen,et al. CsFire: Transparent Client-Side Mitigation of Malicious Cross-Domain Requests , 2010, ESSoS.
[26] Dawn Xiaodong Song,et al. Towards a Formal Foundation of Web Security , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.