deDacota: toward preventing server-side XSS via automatic code and data separation
暂无分享,去创建一个
Christopher Krügel | Giovanni Vigna | Adam Doupé | Marcus Peinado | Mariusz H. Jakubowski | Weidong Cui | Christopher Krügel | Giovanni Vigna | Weidong Cui | Marcus Peinado | M. Jakubowski | Adam Doupé
[1] Giovanni Vigna,et al. Detecting malicious JavaScript code in Mozilla , 2005, 10th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS'05).
[2] Benjamin Livshits,et al. Finding Security Vulnerabilities in Java Applications with Static Analysis , 2005, USENIX Security Symposium.
[3] Anh Nguyen-Tuong,et al. Automatically Hardening Web Applications Using Precise Tainting , 2005, SEC.
[4] Tadeusz Pietraszek,et al. Defending Against Injection Attacks Through Context-Sensitive String Evaluation , 2005, RAID.
[5] Zhendong Su,et al. The essence of command injection attacks in web applications , 2006, POPL '06.
[6] Christopher Krügel,et al. Precise alias analysis for static detection of web application vulnerabilities , 2006, PLAS '06.
[7] Christopher Krügel,et al. Noxes: a client-side solution for mitigating cross-site scripting attacks , 2006, SAC '06.
[8] Alexander Aiken,et al. Static Detection of Security Vulnerabilities in Scripting Languages , 2006, USENIX Security Symposium.
[9] Christopher Krügel,et al. Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis , 2007, NDSS.
[10] Zhendong Su,et al. Sound and precise analysis of web applications for injection vulnerabilities , 2007, PLDI '07.
[11] Martin Johns,et al. SMask: preventing injection attacks in web applications by approximating automatic data/code separation , 2007, SAC '07.
[12] Michael Hicks,et al. Defeating script injection attacks with browser-enforced embedded policies , 2007, WWW '07.
[13] Úlfar Erlingsson,et al. Using web application construction frameworks to protect against code injection attacks , 2007, PLAS '07.
[14] V. N. Venkatakrishnan,et al. XSS-GUARD: Precise Dynamic Prevention of Cross-Site Scripting Attacks , 2008, DIMVA.
[15] Christopher Krügel,et al. Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).
[16] Monica S. Lam,et al. Automatic Generation of XSS and SQL Injection Attacks with Goal-Directed Model Checking , 2008, USENIX Security Symposium.
[17] E. Markatos,et al. Code-Injection Attacks in Browsers Supporting Policies , 2009 .
[18] Hao Chen,et al. Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site Scripting Attacks , 2009, NDSS.
[19] V. N. Venkatakrishnan,et al. Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers , 2009, 2009 30th IEEE Symposium on Security and Privacy.
[20] Manu Sridharan,et al. TAJ: effective taint analysis of web applications , 2009, PLDI '09.
[21] Giovanni Vigna,et al. Static Enforcement of Web Application Integrity Through Strong Typing , 2009, USENIX Security Symposium.
[22] Dawn Xiaodong Song,et al. Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense , 2009, NDSS.
[23] Steve Hanna,et al. A Symbolic Execution Framework for JavaScript , 2010, 2010 IEEE Symposium on Security and Privacy.
[24] Fang Yu,et al. Stranger: An Automata-Based String Analysis Tool for PHP , 2010, TACAS.
[25] Benjamin Livshits,et al. ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser , 2010, 2010 IEEE Symposium on Security and Privacy.
[26] Sid Stamm,et al. Reining in the web with content security policy , 2010, WWW '10.
[27] Dawn Xiaodong Song,et al. Context-sensitive auto-sanitization in web templating languages using type qualifiers , 2011, CCS '11.
[28] Benjamin Livshits,et al. Fast and Precise Sanitizer Analysis with BEK , 2011, USENIX Security Symposium.
[29] Dawn Xiaodong Song,et al. A Systematic Analysis of XSS Sanitization in Web Application Frameworks , 2011, ESORICS.
[30] Benjamin Livshits,et al. SCRIPTGARD: automatic context-sensitive sanitization for large-scale legacy web applications , 2011, CCS '11.
[31] Dawn Xiaodong Song,et al. Towards Client-side HTML Security Policies , 2011, HotSec.
[32] Dawn Xiaodong Song,et al. Privilege Separation in HTML5 Applications , 2012, USENIX Security Symposium.
[33] Jörg Schwenk,et al. Scriptless attacks: stealing the pie without touching the sill , 2012, CCS.
[34] Zhilei Xu,et al. Tracking Rootkit Footprints with a Practical Memory Analysis System , 2012, USENIX Security Symposium.
[35] Benjamin Livshits,et al. Towards fully automatic placement of security sanitizers and declassifiers , 2013, POPL 2013.
[36] Rudolf Eigenmann,et al. Compiler Infrastructure , 2013, International Journal of Parallel Programming.
[37] M. E. Kabay,et al. Writing Secure Code , 2015 .