Automatic creation of SQL Injection and cross-site scripting attacks
暂无分享,去创建一个
Michael D. Ernst | Philip J. Guo | Adam Kiezun | Karthick Jayaraman | Adam Kiezun | K. Jayaraman | Karthick Jayaraman
[1] Alessandro Orso,et al. WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation , 2008, IEEE Transactions on Software Engineering.
[2] Pedram Amini,et al. Fuzzing: Brute Force Vulnerability Discovery , 2007 .
[3] Koushik Sen. DART: Directed Automated Random Testing , 2009, Haifa Verification Conference.
[4] Monica S. Lam,et al. Automatic Generation of XSS and SQL Injection Attacks with Goal-Directed Model Checking , 2008, USENIX Security Symposium.
[5] Andrew C. Myers,et al. Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..
[6] Yasuhiko Minamide,et al. Static approximation of dynamically generated Web pages , 2005, WWW '05.
[7] Tim Leek,et al. Coverage Maximization Using Dynamic Taint Tracing , 2007 .
[8] Alexander Aiken,et al. Static Detection of Security Vulnerabilities in Scripting Languages , 2006, USENIX Security Symposium.
[9] V. N. Venkatakrishnan,et al. CANDID: preventing sql injection attacks using dynamic candidate evaluations , 2007, CCS '07.
[10] Thomas Zimmermann,et al. What Makes a Good Bug Report? , 2008, IEEE Transactions on Software Engineering.
[11] Michael D. Ernst,et al. HAMPI: a solver for string constraints , 2009, ISSTA.
[12] Jacob West,et al. Watch What You Write : Preventing Cross-Site Scripting by Observing Program Output , 2008 .
[13] Zhendong Su,et al. Sound and precise analysis of web applications for injection vulnerabilities , 2007, PLDI '07.
[14] Xiang Fu,et al. A Static Analysis Framework For Detecting SQL Injection Vulnerabilities , 2007, 31st Annual International Computer Software and Applications Conference (COMPSAC 2007).
[15] Dawson R. Engler,et al. Static Analysis versus Software Model Checking for Bug Finding , 2004, VMCAI.
[16] Tadeusz Pietraszek,et al. Defending Against Injection Attacks Through Context-Sensitive String Evaluation , 2005, RAID.
[17] Zhendong Su,et al. The essence of command injection attacks in web applications , 2006, POPL '06.
[18] Alessandro Orso,et al. AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks , 2005, ASE.
[19] Siddhartha Rai,et al. Safe query objects: statically typed objects as remotely executable queries , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..
[20] Giovanni Vigna,et al. Swaddler: An Approach for the Anomaly-Based Detection of State Violations in Web Applications , 2007, RAID.
[21] Christopher Krügel,et al. Leveraging User Interactions for In-Depth Testing of Web Applications , 2008, RAID.
[22] Hiroshi Inamura,et al. Dynamic test input generation for web applications , 2008, ISSTA '08.
[23] Zhendong Su,et al. Static detection of cross-site scripting vulnerabilities , 2008, 2008 ACM/IEEE 30th International Conference on Software Engineering.
[24] Koushik Sen,et al. CUTE: a concolic unit testing engine for C , 2005, ESEC/FSE-13.
[25] James Newsom,et al. Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software, Network and Distributed System Security Symposium Conference Proceedings : 2005 , 2005 .
[26] D. T. Lee,et al. Securing web application code by static analysis and runtime protection , 2004, WWW '04.
[27] Premkumar T. Devanbu,et al. Static checking of dynamically generated queries in database applications , 2004, Proceedings. 26th International Conference on Software Engineering.
[28] Anh Nguyen-Tuong,et al. Automatically Hardening Web Applications Using Precise Tainting , 2005, SEC.
[29] Frank Tip,et al. Finding bugs in dynamic web applications , 2008, ISSTA '08.
[30] Eddie Kohler,et al. Information flow control for standard OS abstractions , 2007, SOSP.
[31] R.A. McClure,et al. SQL DOM: compile time checking of dynamic SQL statements , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..
[32] Christopher Krügel,et al. Pixy: a static analysis tool for detecting Web application vulnerabilities , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).
[33] Silas Boyd-Wickizer,et al. Securing Distributed Systems with Information Flow Control , 2008, NSDI.
[34] Benjamin Livshits,et al. Securing web applications with static and dynamic information flow tracking , 2008, PEPM '08.
[35] Michael Hicks,et al. Defeating script injection attacks with browser-enforced embedded policies , 2007, WWW '07.
[36] Christopher Krügel,et al. Noxes: a client-side solution for mitigating cross-site scripting attacks , 2006, SAC '06.
[37] Christopher Krügel,et al. Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).
[38] Benjamin Livshits,et al. Finding Security Vulnerabilities in Java Applications with Static Analysis , 2005, USENIX Security Symposium.
[39] Rupak Majumdar,et al. Dynamic test input generation for database applications , 2007, ISSTA '07.